orca.security Open in urlscan Pro
162.159.135.42 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://links.readitquik.us/els/v2/DzpEFW8aLEfx/MFdVcVNzdE9oSEZJL01pZTE2TEkxekdjOGJoWnpaVnVKS091V09zdWFzZURUOFNITDFwMkkrcU84...
Effective URL:
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Submission: On August 05 via api (August 5th 2021, 2:05:13 pm UTC) from US

Summary HTTP 210 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 44 IPs in 5 countries across 36 domains to perform 210 HTTP transactions. The main IP is 162.159.135.42, located in and belongs to CLOUDFLARENET, US. The main domain is orca.security.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 22nd 2021. Valid for: a year.

This is the only time orca.security was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	18.142.0.45 18.142.0.45	16509 (AMAZON-02) (AMAZON-02)
85	162.159.135.42 162.159.135.42	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:b649	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:d4cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6810:a852	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:650c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	35.174.151.106 35.174.151.106	14618 (AMAZON-AES) (AMAZON-AES)
12	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5805	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:206... 2600:9000:206f:c800:8:8d2f:9e00:21	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:295::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6812:1abe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.224.96.116 13.224.96.116	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::ac43:4470	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	100.25.249.86 100.25.249.86	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6811:47b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	89.187.169.47 89.187.169.47	60068 (CDN77 ^_^) (CDN77 ^_^)
2	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
2 2	2620:119:50e3... 2620:119:50e3:101::6cae:b45	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
2	13.32.22.105 13.32.22.105	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	13.224.96.67 13.224.96.67	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	13.224.96.118 13.224.96.118	16509 (AMAZON-02) (AMAZON-02)
1	13.224.96.68 13.224.96.68	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
6	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c06::9a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:219... 2600:9000:2190:4000:10:7994:d200:21	16509 (AMAZON-02) (AMAZON-02)
2	44.233.138.195 44.233.138.195	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	2a04:4e42:3::622 2a04:4e42:3::622	54113 (FASTLY) (FASTLY)
210	44

1 18.142.0.45 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-142-0-45.ap-southeast-1.compute.amazonaws.com

links.readitquik.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

85 162.159.135.42 (None, )

ASN13335 (CLOUDFLARENET, US)

orca.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:b649 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d4cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 35.174.151.106 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-4-ue1.aws.pardot.com

go.orca.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5805 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:c800:8:8d2f:9e00:21 (United States)

ASN16509 (AMAZON-02, US)

ddzuuyx7zj81k.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:295::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1abe (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-116.zrh50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4470 (United States)

ASN13335 (CLOUDFLARENET, US)

www.clickcease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 100.25.249.86 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:47b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 89.187.169.47 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-47.cdn77.com

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e3:101::6cae:b45 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.22.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-22-105.fra56.r.cloudfront.net

services.infinigrow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-67.zrh50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-118.zrh50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-68.zrh50.r.cloudfront.net

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:4000:10:7994:d200:21 (United States)

ASN16509 (AMAZON-02, US)

dss6ntp5q2r0o.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.233.138.195 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-233-138-195.us-west-2.compute.amazonaws.com

sp.infinigrow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::622 (United States)

ASN54113 (FASTLY, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
98	orca.security orca.security go.orca.security	2 MB
12	gstatic.com fonts.gstatic.com	212 KB
10	googleapis.com fonts.googleapis.com ajax.googleapis.com	71 KB
9	google-analytics.com www.google-analytics.com	117 KB
8	pardot.com pi.pardot.com	20 KB
7	zoominfo.com ws.zoominfo.com ws-assets.zoominfo.com	122 KB
6	omappapi.com a.omappapi.com api.omappapi.com	124 KB
4	google.de www.google.de	388 B
4	google.com www.google.com	558 B
4	doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net	2 KB
4	infinigrow.com services.infinigrow.com sp.infinigrow.com	1 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
4	googletagmanager.com www.googletagmanager.com	181 KB
3	qualified.com js.qualified.com app.qualified.com	67 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	62 KB
2	hubspot.com track.hubspot.com	1 KB
2	facebook.com www.facebook.com	165 B
2	facebook.net connect.facebook.net	98 KB
2	googleadservices.com www.googleadservices.com	27 KB
2	cloudfront.net ddzuuyx7zj81k.cloudfront.net dss6ntp5q2r0o.cloudfront.net	28 KB
1	twitter.com analytics.twitter.com	658 B
1	wistia.com fast.wistia.com Failed	104 KB
1	t.co t.co	454 B
1	hs-banner.com js.hs-banner.com	16 KB
1	hs-analytics.net js.hs-analytics.net	20 KB
1	clickcease.com www.clickcease.com	25 KB
1	g2crowd.com tracking.g2crowd.com	1 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	licdn.com snap.licdn.com	2 KB
1	hsforms.com forms.hsforms.com	2 KB
1	cloudflare.com cdnjs.cloudflare.com	30 KB
1	hs-scripts.com js.hs-scripts.com	877 B
1	hsforms.net js.hsforms.net	145 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	22 KB
1	readitquik.us 1 redirects links.readitquik.us	262 B
0	insiderdata360online.com Failed insiderdata360online.com Failed
210	36

	Domain	Requested by
85	orca.security	orca.security
13	go.orca.security	orca.security go.orca.security pi.pardot.com
12	fonts.gstatic.com	fonts.googleapis.com
9	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com go.orca.security orca.security
8	pi.pardot.com	go.orca.security pi.pardot.com orca.security
8	fonts.googleapis.com	orca.security go.orca.security a.omappapi.com
5	a.omappapi.com	www.googletagmanager.com a.omappapi.com orca.security
4	www.google.de	orca.security
4	www.google.com	orca.security
4	ws.zoominfo.com	orca.security ws-assets.zoominfo.com
4	www.googletagmanager.com	orca.security go.orca.security
3	ws-assets.zoominfo.com	orca.security go.orca.security
2	track.hubspot.com
2	sp.infinigrow.com	dss6ntp5q2r0o.cloudfront.net
2	app.qualified.com	js.qualified.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	www.facebook.com	orca.security connect.facebook.net
2	googleads.g.doubleclick.net	www.googleadservices.com
2	services.infinigrow.com	ddzuuyx7zj81k.cloudfront.net
2	px.ads.linkedin.com	2 redirects
2	ajax.googleapis.com	go.orca.security
2	connect.facebook.net	orca.security connect.facebook.net
2	www.googleadservices.com	www.googletagmanager.com
1	analytics.twitter.com	static.ads-twitter.com
1	fast.wistia.com	pi.pardot.com
1	dss6ntp5q2r0o.cloudfront.net	ddzuuyx7zj81k.cloudfront.net
1	api.omappapi.com	a.omappapi.com
1	vars.hotjar.com	static.hotjar.com
1	t.co	orca.security
1	script.hotjar.com	static.hotjar.com
1	px4.ads.linkedin.com	orca.security
1	www.linkedin.com	1 redirects
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.qualified.com	www.googletagmanager.com
1	www.clickcease.com	orca.security
1	static.hotjar.com	orca.security
1	tracking.g2crowd.com	orca.security
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	ddzuuyx7zj81k.cloudfront.net	orca.security
1	forms.hsforms.com	js.hsforms.net
1	cdnjs.cloudflare.com	orca.security
1	js.hs-scripts.com	orca.security
1	js.hsforms.net	orca.security
1	maxcdn.bootstrapcdn.com	orca.security
1	links.readitquik.us	1 redirects
0	insiderdata360online.com Failed	orca.security
210	48

This site contains links to these domains. Also see Links.

Domain
orcasecurity.zendesk.com
app.orcasecurity.io
www.datacenterknowledge.com
securityintelligence.com
aws.amazon.com
www.businessinsider.com
beta.darkreading.com
twitter.com
www.linkedin.com
www.youtube.com
www.g2.com
support.orca.security
www.facebook.com

Subject Issuer	Validity	Valid
orca.security Cloudflare Inc ECC CA-3	`2021-07-22` - `2022-07-21`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2021-06-04` - `2022-06-03`	a year	crt.sh
go.orca.security R3	`2021-06-11` - `2021-09-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
*.g2crowd.com Sectigo ECC Domain Validation Secure Server CA	`2020-08-30` - `2021-09-28`	a year	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
js.qualified.com R3	`2021-06-24` - `2021-09-22`	3 months	crt.sh
a.omappapi.com R3	`2021-07-28` - `2021-10-26`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
services.infinigrow.com Amazon	`2021-07-26` - `2022-08-24`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-01-12` - `2022-01-11`	a year	crt.sh
api.opmnstr.com Amazon	`2021-03-11` - `2022-04-09`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
pi.pardot.com DigiCert SHA2 Secure Server CA	`2020-12-05` - `2021-12-04`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
app.qualified.com R3	`2021-06-24` - `2021-09-22`	3 months	crt.sh
sp.infinigrow.com Amazon	`2021-03-25` - `2022-04-23`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2021-06-26` - `2022-06-25`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
fast.wistia.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Frame ID: 4C3A3C670CFBFA58A1931F9C1D3C0482
Requests: 159 HTTP requests in this frame

Frame: https://go.orca.security/l/898611/2020-12-11/2vsl
Frame ID: BE766044EB798D2669C4C6170FFFD498
Requests: 18 HTTP requests in this frame

Frame: https://go.orca.security/l/898611/2020-12-11/2vsj
Frame ID: EA1E4F5674E0A3C82D5148A5D1143F1E
Requests: 18 HTTP requests in this frame

Frame: https://go.orca.security/l/898611/2020-12-11/2vsj
Frame ID: B76197F115A06AF4AD743097BF3B27E7
Requests: 16 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Frame ID: 28E1CBE8185621E4755323343EE6DA40
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://links.readitquik.us/els/v2/DzpEFW8aLEfx/MFdVcVNzdE9oSEZJL01pZTE2TEkxekdjOGJoWnpaVnVKS091V09zdWFz... HTTP 302
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

210
Requests

96 %
HTTPS

65 %
IPv6

36
Domains

48
Subdomains

44
IPs

5
Countries

3547 kB
Transfer

10089 kB
Size

4
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://orcasecurity.zendesk.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://app.orcasecurity.io/login
Title: Login

Search URL Search Domain Scan URL

URL: https://www.datacenterknowledge.com/security/report-cloud-security-breaches-surpass-prem-ones-first-time
Title: sharpening their efforts

Search URL Search Domain Scan URL

URL: https://securityintelligence.com/news/over-half-malware-delivered-via-cloud-applications/
Title: compromising cloud applications and assets

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/compliance/shared-responsibility-model/
Title: shared responsibility model

Search URL Search Domain Scan URL

URL: https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12
Title: SolarWinds customers were compromised

Search URL Search Domain Scan URL

URL: https://beta.darkreading.com/omdia/kaseya-hacked-via-authentication-bypass?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Title: customers of Kesaya

Search URL Search Domain Scan URL

URL: https://twitter.com/OrcaSec
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/orca-security/
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/orcasecurity
Title:

Search URL Search Domain Scan URL

URL: https://www.g2.com/products/orca-security/reviews
Title:

Search URL Search Domain Scan URL

URL: https://app.orcasecurity.io/
Title: Login

Search URL Search Domain Scan URL

URL: http://support.orca.security/resources/
Title: Support

Search URL Search Domain Scan URL

URL: http://www.facebook.com/Orca-Security-551725845231220
Title: Facebook-f

Search URL Search Domain Scan URL

URL: http://twitter.com/OrcaSec
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/35573984
Title: Linkedin-in

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCgCyH7xISzQGbpzfnIaWy_w
Title: Youtube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://links.readitquik.us/els/v2/DzpEFW8aLEfx/MFdVcVNzdE9oSEZJL01pZTE2TEkxekdjOGJoWnpaVnVKS091V09zdWFzZURUOFNITDFwMkkrcU84ZEZ0Q2oyS05IckR3TU15Z0dNVjlwOUgzNnpIbTJWV3Zwd3h4TFBzUFpBbk8weTVFZ009S0/ HTTP 302
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 141

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628172284726&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1286465%26time%3D1628172284726%26url%3Dhttps%253A%252F%252Forca.security%252Fresources%252Fblog%252Fcloud-malware-challenges-best-practices%252F%253Fsiteid%253DRIQSITE%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628172284726&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628172284726&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true&e_ipv6=AQLQ8zVIKdoGnwAAAXsWoXmXsnMkA4CEIzUyugNWrdUbyHQhM-WxOTLNDAoeF_KNLNYd0pHa

210 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
orca.security/resources/blog/cloud-malware-challenges-best-practices/
Redirect Chain

http://links.readitquik.us/els/v2/DzpEFW8aLEfx/MFdVcVNzdE9oSEZJL01pZTE2TEkxekdjOGJoWnpaVnVKS091V09zdWFzZURUOFNITDFwMkkrcU84ZEZ0Q2oyS05IckR3TU15Z0dNVjlwOUgzNnpIbTJWV3Zwd3h4TFBzUFpBbk8weTVFZ009S0/
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

633 KB
95 KB

3467ms
3364ms

Document
text/html

162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33f88da5f2ab8271ee3fac8339d1b4dad3b04483fe306483bb14b42def0c99d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: orca.security
:scheme: https
:path: /resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-type: text/html; charset=UTF-8
cf-ray: 67a093602a0e53e6-LHR
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://orca.security/resources/wp-json/>; rel="https://api.w.org/", <https://orca.security/resources/wp-json/wp/v2/posts/4106>; rel="alternate"; type="application/json", <https://orca.security/resources/?p=4106>; rel=shortlink
set-cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68; path=/
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
ki-edge: v=16.1
pragma: no-cache
x-content-type-options: nosniff
x-edge-location-klb: 1
x-kinsta-cache: BYPASS
x-pingback: https://orca.security/resources/xmlrpc.php
server: cloudflare
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

location: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
content-language: en-US
content-length: 0
date: Thu, 05 Aug 2021 14:04:37 GMT
x-envoy-upstream-service-time: 1
server: istio-envoy

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 141 KB
22 KB 34ms
16ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://orca.security
Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 8998947
cdn-cachedat: 2021-04-23 12:06:36
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: aa8dfdbb3012b19901a804376c336a28
cf-ray: 67a093752e452fa5-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
729 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 13:45:14 GMT
server: ESF
date: Thu, 05 Aug 2021 14:04:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 14:04:41 GMT

GET
H3-29 200 style.min.css
orca.security/resources/wp-content/themes/astra/assets/css/minified/ 71 KB
12 KB 702ms
646ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/astra/assets/css/minified/style.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef2b6a048828ba900123bc05b019ded3252e9b21260d7402fc9d11a321fb3dc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/astra/assets/css/minified/style.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:47:23 GMT
server: cloudflare
etag: W/"60f18deb-11b63"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093757b715434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 2 KB
552 B 74ms
19ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C&display=fallback&ver=3.6.4

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d39e13725b21bae85d8ec5a33e089d49b52ea78390dabf5e426751414499d0f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 13:54:02 GMT
server: ESF
date: Thu, 05 Aug 2021 14:04:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 14:04:41 GMT

GET
H3-29 200 style.min.css
orca.security/resources/wp-includes/css/dist/block-library/ 57 KB
9 KB 729ms
675ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/css/dist/block-library/style.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-e33b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093766d3c5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.css
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/css/ 69 KB
10 KB 784ms
730ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50bbb02baec0ea54be304a070a2c6d815f65ee593c04f0fd81f81ee4dc0133e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-11413"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093766d405434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 flatpickr.min.css
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 16 KB
3 KB 816ms
760ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

661e00570c65c29528d9ce6ee19e5e9939986716c293def67b07f8b6a191b018

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-3e52"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093766d425434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 select2.min.css
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/ 15 KB
2 KB 783ms
728ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-3a75"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d4f5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 elementor-icons.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/eicons/css/ 17 KB
4 KB 824ms
768ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e36eaa6e7cebbd4138dfb008ee3d53ab8195f45953b0f4f27d0d8156ab059021

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:34 GMT
server: cloudflare
etag: W/"60f0ad6e-4350"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d515434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 animations.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/animations/ 18 KB
3 KB 783ms
727ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/animations/animations.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/animations/animations.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:37 GMT
server: cloudflare
etag: W/"60f0ad35-4824"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d525434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend-legacy.min.css
orca.security/resources/wp-content/plugins/elementor/assets/css/ 4 KB
919 B 783ms
724ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e5aeaa58ab4c2345953f77e07fbc20578326076a259ed702eea64e077fde675

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:07 GMT
server: cloudflare
etag: W/"60f0acdb-f0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d665434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.css
orca.security/resources/wp-content/plugins/elementor/assets/css/ 115 KB
17 KB 778ms
718ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/css/frontend.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f9c38934fc41ee2a85f1a6e1ad59e96f7f1e73b9b4e653394708715d5ab32c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/css/frontend.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:08 GMT
server: cloudflare
etag: W/"60f0acdc-1cc44"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d6e5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-1480.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 1 KB
771 B 815ms
755ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-1480.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84053d1e000e4ec2e919fc747c16eb16856745bd7cdd0279ff6be2062f365650

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-1480.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:54 GMT
server: cloudflare
etag: W/"60f18fea-467"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d6f5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.css
orca.security/resources/wp-content/plugins/elementor-pro/assets/css/ 237 KB
27 KB 824ms
765ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/css/frontend.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ceaa8c47e55f50794d42966a696f0f35149ffd1560c46eecbca911d6b48d9371

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/css/frontend.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:19 GMT
server: cloudflare
etag: W/"60f0aa17-3b299"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d715434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 all.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 58 KB
13 KB 765ms
706ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:37 GMT
server: cloudflare
etag: W/"60f0ad71-e7d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d745434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 v4-shims.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 26 KB
5 KB 814ms
755ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fda3035030d3843c2751dc0da65fb802230ec00a4008aeed83ddddc7b97cbc93

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:39 GMT
server: cloudflare
etag: W/"60f0ad73-684e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d755434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 global.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 36 KB
3 KB 815ms
755ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/global.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71a920e8af6069911a728a6768baf9c58e8f2dcc99599985f36f2110466457a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/global.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:55 GMT
server: cloudflare
etag: W/"60f18feb-9179"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d795434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-403.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 6 KB
1 KB 804ms
755ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-403.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3f972393cbaeb692394b14498f8f9526c5a75480fe6fed1a5d14e83109e0cf4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-403.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 14:26:30 GMT
server: cloudflare
etag: W/"60f19716-190a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d7b5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-22.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 8 KB
1 KB 813ms
764ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-22.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f07ba5ad1ac0a01ef6b948f1a2223b2eff4e40f40da24614151b98939b6a5ef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-22.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:55 GMT
server: cloudflare
etag: W/"60f18feb-1eb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d7d5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-1240.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 2 KB
816 B 765ms
716ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-1240.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9b993464d1fb9e951a4e9c76d4d560b208604c73fa87c0a61091b5af0ddecec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-1240.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 14:38:20 GMT
server: cloudflare
etag: W/"60f199dc-8ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d7e5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-319.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 5 KB
1 KB 804ms
755ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-319.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8725ca355115b2fd4651581ad44a4115ec562fc3ad951c72b7da7f9c8e73051f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-319.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:55 GMT
server: cloudflare
etag: W/"60f18feb-12e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d815434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-76.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 2 KB
904 B 813ms
763ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-76.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

285c3c6ca39b53ee2e65d425a7b26d8d9415a8e15c323aa1d73f3b79496400fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-76.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Wed, 28 Jul 2021 19:17:25 GMT
server: cloudflare
etag: W/"6101ad45-8f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d835434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 sassy-social-share-public.css
orca.security/resources/wp-content/plugins/sassy-social-share/public/css/ 34 KB
10 KB 811ms
763ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

182cab990c2118fcdb18feab5115335e4eb4bc0b38bb30a36c4e73c92b080ea4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:10:04 GMT
server: cloudflare
etag: W/"60f0259c-87d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d845434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 sassy-social-share-svg.css
orca.security/resources/wp-content/plugins/sassy-social-share/admin/css/ 109 KB
35 KB 855ms
808ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/sassy-social-share/admin/css/sassy-social-share-svg.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7369eb7217705e08010dbd6c0ed5433f75e66391ff6f365372381b658b1f1da9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/sassy-social-share/admin/css/sassy-social-share-svg.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:10:08 GMT
server: cloudflare
etag: W/"60f025a0-1b41d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d865434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css2
fonts.googleapis.com/ 7 KB
661 B 64ms
17ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat%3Awght%40300%3B400%3B500%3B700&display=swap&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

86e8ec692b64a9bde2291aa1a5f06009bd66b1660584769d704e3ed84b0a875d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 13:49:41 GMT
server: ESF
date: Thu, 05 Aug 2021 14:04:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 14:04:41 GMT

GET
H3-29 200 slick.css
orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/ 2 KB
947 B 856ms
808ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:48 GMT
server: cloudflare
etag: W/"60f0276c-6f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d895434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 slick-theme.css
orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/ 3 KB
1 KB 856ms
809ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick-theme.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick-theme.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:48 GMT
server: cloudflare
etag: W/"60f0276c-c49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d8a5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 bootstrap.min.css
orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/css/ 141 KB
21 KB 856ms
809ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/css/bootstrap.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/css/bootstrap.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:38 GMT
server: cloudflare
etag: W/"60f02762-235ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d8d5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 style.css
orca.security/resources/wp-content/themes/incubator-child/ 13 KB
3 KB 882ms
834ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/style.css?version&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64380f313f85c6feb17b558f02b5b3d145bbf934a969e012302caac445a1922f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/style.css?version&ver=1.33
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sun, 18 Jul 2021 00:38:51 GMT
server: cloudflare
etag: W/"60f3781b-32df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d8f5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 main.css
orca.security/resources/wp-content/themes/incubator-child/ 118 KB
15 KB 882ms
834ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5da80845be0b787ddf4abd8c116be05e185e3e928c2773d65abb55903e362175

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/main.css?version&ver=1.33
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sun, 18 Jul 2021 00:37:59 GMT
server: cloudflare
etag: W/"60f377e7-1d634"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d945434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 24 KB
1 KB 63ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.7.2

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7742176d36a9ea889f4db0a843e62f522ba690a8d514e91dd5aa09eccf7340ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 13:59:09 GMT
server: ESF
date: Thu, 05 Aug 2021 14:04:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 14:04:41 GMT

GET
H3-29 200 fontawesome.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 57 KB
13 KB 952ms
904ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8d00356859998784bda26e1d14f2d981515921b96ded50d5d6f6f0e75bac15c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:38 GMT
server: cloudflare
etag: W/"60f0ad72-e238"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d965434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 solid.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 669 B
690 B 963ms
916ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ada5259a5ac61a7d68315f7efa6b98d61d2d0478df0545869c880afeaa67dcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:39 GMT
server: cloudflare
etag: W/"60f0ad73-29d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d975434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 brands.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 675 B
688 B 963ms
915ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71008cf308a9bb2a3a3ddaa973f816c0d3a11db5cc9e7bdd5498089423019b3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:37 GMT
server: cloudflare
etag: W/"60f0ad71-2a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093767d995434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.min.js Show response
orca.security/resources/wp-includes/js/jquery/ 87 KB
31 KB 959ms
912ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/jquery/jquery.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/jquery/jquery.min.js
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-15d98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093768da05434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery-migrate.min.js Show response
orca.security/resources/wp-includes/js/jquery/ 11 KB
4 KB 991ms
943ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/jquery/jquery-migrate.min.js
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093768da95434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 flatpickr.min.js Show response
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 47 KB
14 KB 991ms
940ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe2ac5219992a3608a5c9e2bc4759fac8fb2189b88d7a674d395ff6c435da536

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-bd86"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093769db25434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 select2.min.js Show response
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/ 69 KB
20 KB 991ms
940ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-114c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093769db75434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 gtm4wp-form-move-tracker.js Show response
orca.security/resources/wp-content/plugins/duracelltomi-google-tag-manager/js/ 1 KB
724 B 1005ms
956ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc71c403dc6113c8597e111a99d6a6a197dd2f2355402f8392ca4812dca57d3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:06:30 GMT
server: cloudflare
etag: W/"60f024c6-5cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093769dba5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 v4-shims.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/js/ 15 KB
5 KB 1005ms
956ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97cf1307c16a437b77b5f7f5c9bc0b985d0745a14be5a279019aca5a3432e264

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js
pragma: no-cache
cookie: PHPSESSID=0f84f7693f21c3ca3908464c5bdf6d68
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:43 GMT
server: cloudflare
etag: W/"60f0ad77-3acf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a093769dbb5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css2
fonts.googleapis.com/ 7 KB
543 B 34ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 14:04:41 GMT
server: ESF
date: Thu, 05 Aug 2021 14:04:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 14:04:41 GMT

GET
H3-29 200 logo-white.svg
orca.security/static-inc/images/ 6 KB
3 KB 704ms
679ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/logo-white.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b1378138bba66a489a96aa319ed93174ae2e9740c4e0dc6846c5f06d2193fb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/logo-white.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:05 GMT
server: cloudflare
etag: W/"60f12119-179c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bc05434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 logo.svg
orca.security/static-inc/images/ 6 KB
3 KB 742ms
717ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/logo.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05eee7dd84da8f541a1dfebd89d2a67e8b2322fced4845f991769c1df2d096ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/logo.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:05 GMT
server: cloudflare
etag: W/"60f12119-17b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bc35434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 icon-nav-side-scanning.svg
orca.security/static-inc/images/ 917 B
874 B 742ms
717ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-side-scanning.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44da12b1630d2ef003f2375847617620d5f4f7fae60a473b801cf55f15e6f9d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-side-scanning.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:05 GMT
server: cloudflare
etag: W/"60f12119-395"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bc45434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 icon-nav-context-aware-security.svg
orca.security/static-inc/images/ 1 KB
911 B 742ms
718ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-context-aware-security.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7c1382f2a55b9cfed948b2a888fe6169dd173219e33ef7ce057ccb002fa93cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-context-aware-security.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:04 GMT
server: cloudflare
etag: W/"60f12118-5bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bc65434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 icon-nav-built-in-compliance.svg
orca.security/static-inc/images/ 985 B
893 B 299ms
274ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-built-in-compliance.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfca36025004c1f9a54e8bca2961cd7c2c7d030b9f098b2f8d044e25944b1fdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-built-in-compliance.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:04 GMT
server: cloudflare
etag: W/"60f12118-3d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bc85434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 icon-nav-customization.svg
orca.security/static-inc/images/ 2 KB
910 B 764ms
739ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-customization.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15cabbfbc427cf3a6e897a426fa4cfc26d7171ae72763fcccc3d066338f15bf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-customization.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:04 GMT
server: cloudflare
etag: W/"60f12118-609"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bc95434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 nav-join-the-program.jpg
orca.security/static-inc/images/ 93 KB
94 KB 720ms
694ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/nav-join-the-program.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d68519a3166f1d5cf914c9e2c228ce1415ecbe40c8630d7d5ce8675fdafb5902

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/nav-join-the-program.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 95526
last-modified: Fri, 16 Jul 2021 15:27:41 GMT
server: cloudflare
etag: "60f1a56d-17526"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67a0937d5bca5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 nav-join-our-team.jpg
orca.security/static-inc/images/ 147 KB
148 KB 720ms
694ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/nav-join-our-team.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

598e0da49a0d44ca888818a794151e0be9e5a5801d78e53430f451a40d67e661

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/nav-join-our-team.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 150742
last-modified: Fri, 16 Jul 2021 15:27:36 GMT
server: cloudflare
etag: "60f1a568-24cd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67a0937d5bcf5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 nav-download-now.jpg
orca.security/static-inc/images/ 68 KB
68 KB 704ms
678ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/nav-download-now.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96456ea83a2a92121ff46321c0f0ca85237a5fbb1cc6391a7303057226b91529

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/nav-download-now.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 69166
last-modified: Fri, 16 Jul 2021 15:27:36 GMT
server: cloudflare
etag: "60f1a568-10e2e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67a0937d5bd25434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 authorphoto-150x150.jpeg
orca.security/resources/wp-content/uploads/sites/2/ 4 KB
4 KB 741ms
721ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/authorphoto-150x150.jpeg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3afe1773cbb9677bed9327f8f81058a02d8b593b22eb24a40658539bd8a5ead8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/authorphoto-150x150.jpeg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4082
last-modified: Thu, 15 Jul 2021 12:16:52 GMT
server: cloudflare
etag: "60f02734-ff2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67a0937d5bd35434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 footer_badge_aws.svg
orca.security/wp-content/uploads/2021/08/ 45 KB
17 KB 700ms
682ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/08/footer_badge_aws.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8191aac24052007a5eb3dff74bbcde3d14bd1b9eac048a8b781c08e144089f25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/08/footer_badge_aws.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 07:11:27 GMT
server: cloudflare
etag: W/"6108ec1f-b499"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bd45434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 footer_badge_iso.svg
orca.security/wp-content/uploads/2021/08/ 33 KB
14 KB 756ms
738ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/08/footer_badge_iso.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c51831a289a042fb47236cc90db37a4d2cdd827d8ba95120de2cb55826e68664

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/08/footer_badge_iso.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 07:11:25 GMT
server: cloudflare
etag: W/"6108ec1d-850c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bd75434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 footer_badge_soc.svg
orca.security/wp-content/uploads/2021/08/ 50 KB
21 KB 740ms
722ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/08/footer_badge_soc.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e51cef74e27fe2fbf08417acdaeccb250743a28dc7b82d16ba26560981041e0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/08/footer_badge_soc.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 07:11:24 GMT
server: cloudflare
etag: W/"6108ec1c-c80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bd95434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 logo.svg
orca.security/wp-content/uploads/2021/04/ 6 KB
3 KB 765ms
746ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/04/logo.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74706fc3a0764eb273029a2ca83422dd8663978130573095d48f7ed260f28671

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/04/logo.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 10:47:52 GMT
server: cloudflare
etag: W/"60f163d8-1709"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bdb5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 569 KB
145 KB 147ms
22ms Script
application/javascript 2606:4700::6811:b649
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b649 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

336032e8b6a0e53594ef6fd0333f2c8f791accdd85de58bfbbbcd134347672af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
via: 1.1 23c9ec01b6f4151f654547c0190aeebf.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 26 Jul 2021 08:58:31 UTC
server: cloudflare
etag: W/"54f88eaced1496c532226765043c50e7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5NlX8NpvttuWxlKHjAJ27DyTH5oNow9fOx2c5rrn2M%2FRfjdjuAxjkdHq1T7HzcESVZB4gjK97er22NQdt4dGJLYfzpfq7jhDj5TqCajkdov4zQu%2FG7icV%2BN0uNaYy68HSJG6XhzXjtF49Hah"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: CD.EJgxkQT0UFVsMcBVdkshUHUGkYwIo
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
cf-ray: 67a0937d4ff94edf-FRA
x-amz-cf-id: pcG6ZrhK-LOOC4JTc7uu7qMoOHgpEZoOrhSkorQFUEMqVwz7L4D9CA==
x-hs-target-asset: FormsNext/static-5.349/bundles/project_with_deps.js

GET
H3-29 200 style.min.js Show response
orca.security/resources/wp-content/themes/astra/assets/js/minified/ 10 KB
3 KB 639ms
638ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/astra/assets/js/minified/style.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ef0899dadf11eccd489e8aca5ef79eaf9c1caa00f9f1d4d8ad45ff1ed375ccf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/astra/assets/js/minified/style.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:47:23 GMT
server: cloudflare
etag: W/"60f18deb-28d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937caa475434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.js Show response
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/js/ 9 KB
3 KB 695ms
670ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

205988b80eeedc442aa4ba78fd4bda5b1b139415f3dc88043fc73adcd71cbae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-236e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d4b8b5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 dynamic-conditions-public.js Show response
orca.security/resources/wp-content/plugins/dynamicconditions/Public/js/ 2 KB
1 KB 671ms
646ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

751d5192326ddefce3e87157f7c9355217cdad7b4a969b5dd3161b4453671389

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:00:00 GMT
server: cloudflare
etag: W/"60f11250-8f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d4b8c5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 5544741.js Show response
js.hs-scripts.com/ 988 B
877 B 289ms
253ms Script
application/javascript 2606:4700::6811:d4cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/5544741.js?integration=WordPress
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:d4cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ff5defc7b92446f065b2652a2946a640c6f5e425c36a3aba012b8884db76236

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
x-hubspot-correlation-id: 29aa7cea-9411-46ef-b8c3-d22c52f618b2
x-trace: 2B3D0FAC7A488EBE3CCD60913CE72B18C1B75BFF23000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://orca.security
access-control-max-age: 3600
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 67a0937d6fe64333-FRA
expires: Thu, 05 Aug 2021 14:05:42 GMT

GET
H3-29 200 sassy-social-share-public.js Show response
orca.security/resources/wp-content/plugins/sassy-social-share/public/js/ 43 KB
11 KB 694ms
669ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afea7d7933d3140b754902ec8d48c7cc0db26b22f5912655b2fb1c1b07429478

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:10:04 GMT
server: cloudflare
etag: W/"60f0259c-ab59"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5b8d5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 orca.js Show response
orca.security/resources/wp-content/themes/incubator-child/ 4 KB
2 KB 692ms
667ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/orca.js?version&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9e4a21d7a0dd665ebfe69752a801f9034ee7f4d7e5930cb267b6c48aa3bee31

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/orca.js?version&ver=1.33
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:24 GMT
server: cloudflare
etag: W/"60f02754-10fd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5b8e5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 TweenMax.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.14.2/ 99 KB
30 KB 49ms
15ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.14.2/TweenMax.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9019bd99bb2b109f32b62d0439c01e6c9e828bfd160c1e254a5a0d1c7229a4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4198662
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 29505
cf-request-id: 0abdf800e200004a9104a3b000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-18d17"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w5Tm5%2FeQr93ZTbZBNW03Ex5rWdKnyQLWGWUpcDPWyyFTRuZHAu%2Fkph5VcnXio5fMCidM%2BdpQRpEKkrs63dluCtbQRE%2BusvMQO8aBepJ%2BbSUgKyxwDUcq0flHwH9XGL4IVhERw46NUuClcsbGwZ0XfCfA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 67a0937d58ae4d84-FRA
expires: Tue, 26 Jul 2022 14:04:42 GMT

GET
H3-29 200 ScrollMagic.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/ 17 KB
6 KB 703ms
678ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/ScrollMagic.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/ScrollMagic.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:30 GMT
server: cloudflare
etag: W/"60f0275a-4416"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5b8f5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 animation.gsap.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 1 KB
1 KB 677ms
653ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.gsap.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbd60db88b56b91e2c6ea79a36224ec46d01be9b58cf87db5176c86681f9270a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.gsap.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:32 GMT
server: cloudflare
etag: W/"60f0275c-508"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5b905434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 animation.velocity.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 1 KB
1 KB 686ms
662ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.velocity.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20ffeeb1b6274d88ea1a05f79a414e6bb12189c7516514c75067d081dcd47819

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.velocity.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:32 GMT
server: cloudflare
etag: W/"60f0275c-5b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5b995434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 debug.addIndicators.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 7 KB
3 KB 697ms
673ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/debug.addIndicators.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c15402dcdd0b03490883b62681c0d676af10894c7ce55218650d0f3827c6f0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/debug.addIndicators.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:30 GMT
server: cloudflare
etag: W/"60f0275a-1bb8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5b9b5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.ScrollMagic.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 495 B
691 B 705ms
680ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/jquery.ScrollMagic.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcca65cc24a8fa93b8c1c9b3fdab3c155b5a6c5e6013d1b0aa4e4447c8eec77c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/jquery.ScrollMagic.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:32 GMT
server: cloudflare
etag: W/"60f0275c-1ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5b9d5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 bootstrap.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/js/ 48 KB
13 KB 698ms
674ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/js/bootstrap.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/js/bootstrap.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:36 GMT
server: cloudflare
etag: W/"60f02760-bf30"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5ba05434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 iframeResizer.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/ 2 KB
2 KB 695ms
670ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/iframeResizer.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60aad8b6f919b3ac201f9441562712b6b4071e6e2928577910f31ca424ffa397

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/iframeResizer.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:26 GMT
server: cloudflare
etag: W/"60f02756-881"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5ba25434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 match-height.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/ 3 KB
2 KB 677ms
652ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/match-height.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c76c6456972a640a9057ae6e6ce9099722910ac60e2f31e514a1bf0066d9d64d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/match-height.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:26 GMT
server: cloudflare
etag: W/"60f02756-d55"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5ba45434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.waypoints.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/waypoints/lib/ 9 KB
3 KB 694ms
669ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/waypoints/lib/jquery.waypoints.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

368daab67b1a5b2b2802edbbac79a2aa4ba992a2ebf9c67b98ad784d8004018c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/waypoints/lib/jquery.waypoints.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:50 GMT
server: cloudflare
etag: W/"60f0276e-2344"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5ba65434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 slick.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/ 87 KB
16 KB 737ms
712ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0aaa4cf927b0e3631cffbe62f6786810aa65348483cd950e49f634a0881b16b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:48 GMT
server: cloudflare
etag: W/"60f0276c-15b7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5ba95434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 wp-embed.min.js Show response
orca.security/resources/wp-includes/js/ 1 KB
1 KB 754ms
730ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/wp-embed.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/wp-embed.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-592"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5baa5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 webpack-pro.runtime.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/js/ 5 KB
3 KB 690ms
665ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52adbaf8b7004e3e0ef2b06be5492748eeef0bdfbc2d91b4aa3aa7ddd7028703

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:44 GMT
server: cloudflare
etag: W/"60f0aa30-1556"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bac5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 webpack.runtime.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 737ms
712ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5641645c15c48b3ff5ce52e718563e1d04d18492e552eb126862768327e2855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:25 GMT
server: cloudflare
etag: W/"60f0aced-12a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bad5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend-modules.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 63 KB
22 KB 750ms
726ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/frontend-modules.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8e1bb6afaee4a9709470e6bc6712a4288aab63eff4a430e75935d0095648bb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/frontend-modules.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:21 GMT
server: cloudflare
etag: W/"60f0ace9-fd92"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bae5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.sticky.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/lib/sticky/ 6 KB
2 KB 755ms
730ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:36:28 GMT
server: cloudflare
etag: W/"60f0aa5c-19c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bb05434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/js/ 58 KB
16 KB 699ms
674ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

785c1179e9138a30fccbcd502d81ad2920049a12fd3d83fae433052e9be4c62f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:36 GMT
server: cloudflare
etag: W/"60f0aa28-e60d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bb15434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 waypoints.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 289ms
264ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:53 GMT
server: cloudflare
etag: W/"60f0ad45-2fa6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bb35434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 core.min.js Show response
orca.security/resources/wp-includes/js/jquery/ui/ 20 KB
7 KB 280ms
255ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/jquery/ui/core.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/jquery/ui/core.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-5133"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bb55434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 swiper.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/swiper/ 136 KB
35 KB 273ms
248ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:51 GMT
server: cloudflare
etag: W/"60f0ad43-21f91"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bb75434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 share-link.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/share-link/ 3 KB
1 KB 745ms
720ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a7ee62eb33f3bbb66c2151e5cac6bf4904e28302efc36128f3e3ccae6fde580

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:49 GMT
server: cloudflare
etag: W/"60f0ad41-a12"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bb95434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 dialog.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/dialog/ 11 KB
4 KB 300ms
276ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2989e0b9e836cb9de3274d641ec6a58c2052f039e790ddd59b22303930bfdeeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:39 GMT
server: cloudflare
etag: W/"60f0ad37-2a6f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bba5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 66 KB
20 KB 745ms
720ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/frontend.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17f076500dca787c42b1dd6238ce50a0752771eafd040e8512c713a7ec947c65

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/frontend.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:21 GMT
server: cloudflare
etag: W/"60f0ace9-1086a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bbb5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 preloaded-elements-handlers.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/js/ 160 KB
39 KB 276ms
251ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

897ebbdf379aeb2c751275f083d298f15b094902c6bd6a66405ffb0604c64124

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:41 GMT
server: cloudflare
etag: W/"60f0aa2d-27e8a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bbc5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 preloaded-modules.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 57 KB
17 KB 735ms
710ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d882dbd828af87ed3434862bf608a2dee6d347817ae547421c9b2051ce29a905

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:23 GMT
server: cloudflare
etag: W/"60f0aceb-e2e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bbd5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 scripts.min.js Show response
orca.security/static-inc/js/ 374 KB
100 KB 703ms
679ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/static-inc/js/scripts.min.js?ver=1.0

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9703acf1b9ace4e69669e5472063f067cfaf6eba3dff61ec47b95db163a3158

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/js/scripts.min.js?ver=1.0
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:17:23 GMT
server: cloudflare
etag: W/"60f12473-5d9e1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937d5bbe5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 169 KB
60 KB 54ms
35ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

daad363e1a1c8474f4498f86a1f3818a263b91acf479960422f8d77f49758d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61090
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 Aug 2021 14:04:42 GMT

GET
H2 200 KoeEOMZRk0HPEBurl41R Show response
ws.zoominfo.com/pixel/ 0
491 B 222ms
185ms Script
text/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/KoeEOMZRk0HPEBurl41R

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 67a0937d6d642c52-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
content-length: 0

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 122 KB
40 KB 115ms
55ms Script
application/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 169
x-guploader-uploadid: ADPycdsqDEW5C62PsVgvR9hfSSwDl9QH35SDB8IWr13WmIIDphvvEAexS5K_LZWy94kyW4d7G0ogtcJlT05Iejd_lo7kQvCsYw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Wed, 14 Jul 2021 10:39:08 GMT
server: cloudflare
etag: W/"1e1e37b752fd19a94113b3725ef35506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EP8N2g==, md5=Hh43t1L9GalBE7NyXvNVBg==
x-goog-generation: 1626259148350866
cache-control: public, max-age=3600
x-goog-stored-content-length: 124580
cf-ray: 67a0937d9cc805ed-FRA
expires: Thu, 05 Aug 2021 15:01:53 GMT

GET
H/1.0 200
OK Cookie set 2vsl Show response
go.orca.security/l/898611/2020-12-11/ Frame BE76 5 KB
3 KB 960ms
647ms Document
text/html 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 937c1830b0b7d490405e8534908597528dd8be51c3f3c2727e7379087b7dab00

Request headers

Host: go.orca.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Date: Thu, 05 Aug 2021 14:04:42 GMT
Set-Cookie: pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id898611=585733452; expires=Sun, 03-Aug-2031 14:04:43 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id898611-hash=5e149c09695d90ed1a27deaff0f262828e11561fa1d11f7087e3530439780924ab070ad7681dd42c365ccdace7ec1c4f511922d5; expires=Sun, 03-Aug-2031 14:04:43 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pardot-Rsp: 16/0/10
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 2101
Content-Type: text/html; charset=utf-8
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
Server: PardotServer
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Connection: keep-alive

GET
H/1.0 200
OK Cookie set 2vsj Show response
go.orca.security/l/898611/2020-12-11/ Frame EA1E 28 KB
9 KB 645ms
333ms Document
text/html 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: e56319a09d53a96a7b2864aa096022c41028595632a92a8bebec4febf331ba9f

Request headers

Host: go.orca.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Date: Thu, 05 Aug 2021 14:04:42 GMT
Set-Cookie: pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id898611=585733444; expires=Sun, 03-Aug-2031 14:04:42 GMT; Max-Age=315359999; path=/; secure; SameSite=None visitor_id898611-hash=070bafc555289bd6c47e8d8c405be43cec08c0a0b9f05a6c11e800d6e4976635278547d84b9eb39f5b173094838a3f28a5b91743; expires=Sun, 03-Aug-2031 14:04:42 GMT; Max-Age=315359999; path=/; secure; SameSite=None
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pardot-Rsp: 16/79/29
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 7856
Content-Type: text/html; charset=utf-8
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
Server: PardotServer
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Connection: keep-alive

GET
H/1.0 200
OK Cookie set 2vsj Show response
go.orca.security/l/898611/2020-12-11/ Frame B761 28 KB
9 KB 580ms
259ms Document
text/html 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: e56319a09d53a96a7b2864aa096022c41028595632a92a8bebec4febf331ba9f

Request headers

Host: go.orca.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Date: Thu, 05 Aug 2021 14:04:42 GMT
Set-Cookie: pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id898611=585733442; expires=Sun, 03-Aug-2031 14:04:42 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id898611-hash=c4195913d835e0f9277f4a5cd0483d9d6dcd6a6943d5e8ef3930ed54fc09b847ade7c8012b22ca093652fcf504add960dcd2bf00; expires=Sun, 03-Aug-2031 14:04:42 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pardot-Rsp: 16/98/179
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 7856
Content-Type: text/html; charset=utf-8
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
Server: PardotServer
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Connection: keep-alive

GET
DATA 200
OK truncated
/ 219 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34b499c3bed76acb12665df0c8b65d14bac3ee6161e420a9403bd694be549e78

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 682 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c2e8b4fba49f90cfca5a43371c09879aed7447e0ba2ed4abd75b81448776c4f7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 425 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 54c9560cb0117d8d1f955aefe0f88b843517964e118512d8f1a224a8a9b662f4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 302 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b980f62a2d545d64f24e6f96902c8fbf5da0018569c369bc18f9e5b5fcf099ed

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H3-29 200 rings-small.png
orca.security/resources/wp-content/themes/incubator-child/images/ 13 KB
13 KB 684ms
680ms Image
image/png 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/images/rings-small.png

Requested by

Host: orca.security
URL: https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f57f8ab879288c31393c0234a10d05b7b8955999a0192d4b17d4bf6c4769a18

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/images/rings-small.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 13301
last-modified: Thu, 15 Jul 2021 12:17:26 GMT
server: cloudflare
etag: "60f02756-33f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67a0937dac455434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v16/ 20 KB
20 KB 10ms
8ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v16/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat%3Awght%40300%3B400%3B500%3B700&display=swap&ver=1.33

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 18:40:08 GMT
x-content-type-options: nosniff
age: 156274
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20040
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 18:15:54 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 18:40:08 GMT

GET
H2 200 xn7gYHE41ni1AdIRggexSg.woff2
fonts.gstatic.com/s/manrope/v4/ 22 KB
22 KB 13ms
11ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/manrope/v4/xn7gYHE41ni1AdIRggexSg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a41d60f8ac48aafcddd891ddebb318735c5684c4d8c8971f2a236233f89fc3be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 01:26:03 GMT
x-content-type-options: nosniff
age: 218319
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22788
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 21:57:26 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 01:26:03 GMT

GET
H3-29 200 orca.ttf
orca.security/fonts/ 2 KB
2 KB 706ms
704ms Font
application/x-font-ttf 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/fonts/orca.ttf?vhq0nq

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb0772532e523b486ea3419e8de8a9a40a0f632bf85ddf21f0d8753427972280

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /fonts/orca.ttf?vhq0nq
pragma: no-cache
origin: https://orca.security
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://orca.security
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:28:50 GMT
server: cloudflare
etag: W/"60f12722-940"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67a0937dbc815434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 fa-solid-900.woff2
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 78 KB
79 KB 706ms
705ms Font
application/font-woff2 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2

Requested by

Host: orca.security
URL: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
pragma: no-cache
origin: https://orca.security
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: orca.security
referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://orca.security
Referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 80300
last-modified: Thu, 15 Jul 2021 21:49:47 GMT
server: cloudflare
etag: "60f0ad7b-139ac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67a0937dcc8c5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 fa-brands-400.woff2
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 77 KB
77 KB 225ms
223ms Font
application/font-woff2 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2

Requested by

Host: orca.security
URL: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
pragma: no-cache
origin: https://orca.security
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: orca.security
referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://orca.security
Referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:42 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 78460
last-modified: Thu, 15 Jul 2021 21:49:45 GMT
server: cloudflare
etag: "60f0ad79-1327c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67a0937dcc8e5434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 18:26:24 GMT
x-content-type-options: nosniff
age: 243498
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Aug 2022 18:26:24 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v27/ 17 KB
17 KB 12ms
10ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.7.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 19:20:02 GMT
x-content-type-options: nosniff
age: 240280
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17304
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Aug 2022 19:20:02 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
16 KB 11ms
9ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 12:00:01 GMT
x-content-type-options: nosniff
age: 180281
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 12:00:01 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 16 KB
16 KB 23ms
7ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 17:17:27 GMT
x-content-type-options: nosniff
age: 161235
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 17:17:27 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2
fonts.gstatic.com/s/roboto/v27/ 17 KB
17 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a938256d2de59b044f8ca7c7aa0c788ed2ffa9a48bf0e3930a5830c4298f509

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:01:00 GMT
x-content-type-options: nosniff
age: 173022
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17380
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:45 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 14:01:00 GMT

GET
H3-29 200 ORC03296_Graphic-Request_Malware-Blog_1200x628_R3V2.jpg
orca.security/resources/wp-content/uploads/sites/2/ 419 KB
420 KB 247ms
243ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/ORC03296_Graphic-Request_Malware-Blog_1200x628_R3V2.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be29174d2fe6ed8aad6c27420ce60f754419d072bfb1603ffa20626463295a57

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/ORC03296_Graphic-Request_Malware-Blog_1200x628_R3V2.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 429292
last-modified: Thu, 15 Jul 2021 12:15:52 GMT
server: cloudflare
etag: "60f026f8-68cec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67a0937fc8735434-LHR
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 03772d1e-aef0-4e74-a117-9f4ee3b9e51c Show response
forms.hsforms.com/embed/v3/form/5544741/ 6 KB
2 KB 186ms
132ms Script
application/javascript 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/5544741/03772d1e-aef0-4e74-a117-9f4ee3b9e51c?callback=hs_reqwest_0&hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0516199d8f2a3a2c60c0086210426617742ffa8e903b878f4eddc4985a424a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 4de2f758-c158-4035-acfb-e5687319c987
content-disposition: attachment; filename=no-rfd.txt
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
x-trace: 2B25ED9967AC495811533A4529FE4CA925D37D5F28000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 67a093834c424a55-FRA

GET
H2 403 getMapping Show response
ws.zoominfo.com/form-complete/ 26 B
205 B 195ms
169ms XHR
application/json 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/form-complete/getMapping?formId=wymcNktFMIhtz4zMJ4Cn

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

d9fd9e2d2293c369f4aa2abe2dcdee1ff7135ceb33f12cdfab98a348bf9ac455

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
via: 1.1 google
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://orca.security
access-control-allow-credentials: true
cf-ray: 67a093850e0b2c52-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
etag: W/"1a-6NuuSjmV14w26uMjJ2AMk7q0aZk"

GET
H2 200 attributionSnippet.js Show response
ddzuuyx7zj81k.cloudfront.net/1.0.0/ 6 KB
2 KB 137ms
12ms Script
application/javascript 2600:9000:206f:c800:8:8d2f:9e00:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:c800:8:8d2f:9e00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7fc2adee3e43f35ce8e32c26f8d8cc18c647e98f5d82106937a981db839897d5

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: byeHX812S_yqEUlWJThDSpvTDsdImXfO
content-encoding: gzip
last-modified: Mon, 07 Dec 2020 13:24:02 GMT
server: AmazonS3
age: 64607
etag: W/"095ed9e012f89a607e757ca1e6ae6cec"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
date: Wed, 04 Aug 2021 20:07:58 GMT
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: m1pVg0Ynpa6z4xBqbEWeZGpNISVowQUaP3OKvNLcfcVa8ng2GaKDnQ==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 121ms
10ms Script
application/x-javascript 2a02:26f0:6c00:295::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:295::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:04:44 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Jun 2021 01:25:13 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=70562
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2079

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 91ms
0ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 1689
date: Thu, 05 Aug 2021 13:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 05 Aug 2021 15:36:34 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 250ms
32ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a53ea60fbea6cb1775430998564d5f295aba7d3bfe548a0ba79aa2a049aba839

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:44 GMT
via: 1.1 varnish
last-modified: Mon, 12 Jul 2021 21:25:31 GMT
age: 50252
etag: "65cf0c0ceb852397f0d1e6732cd3c533+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1958
x-timer: S1628172284.142508,VS0,VE0
x-served-by: cache-fra19122-FRA

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 97ms
47ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13910
x-xss-protection: 0
server: cafe
etag: 8154934153164151798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 05 Aug 2021 14:04:44 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
25 KB 51ms
4ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25944
x-xss-protection: 0
pragma: public
x-fb-debug: bHKNd/SdJS+HscUHEoZFhOyyFe3vR8Qrsv/oOEcqlhfjLeOKeVRR7fi5IKTMr8E/rMlgJU5o7JIZTdotb1MOtw==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Thu, 05 Aug 2021 14:04:44 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 3724.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 238ms
160ms Script
text/javascript 2606:4700::6812:1abe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/3724.js?p=https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE&e=

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1abe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:44 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 1510ecbe-245e-4f01-8adc-c49ce63f7421
x-runtime: 0.009390
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-ray: 67a093874d0e05bf-FRA

GET
H2 200 hotjar-1785482.js Show response
static.hotjar.com/c/ 4 KB
2 KB 237ms
66ms Script
application/javascript 13.224.96.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1785482.js?sv=6

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-96-116.zrh50.r.cloudfront.net

Software

Resource Hash

8b92d981b81e79ebe22af779d7874b863893da5877d01b7b5f361d04c48a28d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:44 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: ZRH50-C1
etag: W/e821fac73e0364210702b51cb72d0996
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
content-length: 2038
via: 1.1 08c5e904e2f0226b2d9c1417f32b12f2.cloudfront.net (CloudFront)
x-amz-cf-id: QsRfWFbMTAx39oCfKADiS7OL4WnezZgfxFgPxfnJnU1ynoDyHjfAvw==

GET
H2 200 stat.js Show response
www.clickcease.com/monitor/ 68 KB
25 KB 83ms
28ms Script
application/javascript 2606:4700:20::ac43:4470
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.clickcease.com/monitor/stat.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4470 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9335a3578fbb78eba8922527950b8773e21ebc2d28e6f72ce9d223094bfdbdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 614709
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
strict-transport-security: max-age=31536000
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 14 Mar 2021 09:24:44 GMT
server: cloudflare
x-frame-options: sameorigin
etag: W/"10eb4-5bd7bb41f7cc3-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1728000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tfxbN87HznB15sZlaTPO23qglAfJWLzTwDqqy5l13qDekUXDCvF4LgfqHCd%2Bzv7auiBZID2Ns9hQ3xd51qzKO%2B5yurCu4w6JHPoAcCM%2Fjlb9lJQ3neqO%2B7H8QxYGn79MrpDGDKSG%2BxnnGVnZ5VsRg1A%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding,User-Agent
cache-control: max-age=2678400
access-control-allow-credentials: true
cf-ray: 67a093871a8305dc-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,C$
expires: Sat, 28 Aug 2021 11:19:35 GMT

GET
H/1.1 200
OK qualified.js Show response
js.qualified.com/ 222 KB
66 KB 454ms
136ms Script
text/javascript 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=gndr1NireXGRNRuC

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

nginx /

Resource Hash

91dbec0f4e07b605763f34157768eae027d683004a5200638e1153600927c575

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:04:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Xss-Protection: 1; mode=block
X-Request-Id: 0a171eff-cc15-bdf4-359e-d0b0fd022e3a
X-Runtime: 0.011612
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"91dbec0f4e07b605763f34157768eae0"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Via: 1.1 spaces-router (020d7643da32)
Cache-Control: max-age=0, private, must-revalidate

GET platform.js
insiderdata360online.com/service/ 0
0

GET
H2 200 5544741.js Show response
js.hs-analytics.net/analytics/1628172000000/ 62 KB
20 KB 138ms
23ms Script
text/javascript 2606:4700::6811:47b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1628172000000/5544741.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5544741.js?integration=WordPress
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f25bf2d1b5903b70c1c7bdd0164cd286a3854b4e963d2a00382bcb91faee853a

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:44 GMT
content-encoding: br
cf-cache-status: HIT
age: 121
x-amz-server-side-encryption: AES256
x-amz-request-id: E5EF4BQ3WBAHE1GQ
x-amz-id-2: 4QkdTvBLa21MB1miRBZLzp3D9WsQIBXcHgIRL/D35rJ8kVJ3cFTug8KIJKB+rhNDdSPklN5jMvQ=
last-modified: Mon, 19 Jul 2021 15:12:57 GMT
server: cloudflare
etag: W/"78a248225b68495c056b0f9ae16d10b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
x-amz-version-id: null
cf-ray: 67a09388c9c50609-FRA
expires: Thu, 05 Aug 2021 14:07:43 GMT

GET
H2 200 5544741.js Show response
js.hs-banner.com/ 60 KB
16 KB 552ms
428ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/5544741.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5544741.js?integration=WordPress
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13a16fa0e2ba101a24f92ce030067384bf8a08838e8988796626af25a2712ad2

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:44 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: E8XEFSGS0BEY73TK
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: mB306T0kwTXj7pgVNwVu9r7FiQy+tYVW56U9gYvwMdC9U1Bw9FUV5cn3345Y76gZRF8wsU4W1DQ=
timing-allow-origin: *
last-modified: Wed, 14 Jul 2021 15:14:57 GMT
server: cloudflare
etag: W/"cc7f3dfb670857209dbca0ce79c7e799"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: qAvWVl6x2g8s03_33QOoTm4URsvipXAG
access-control-allow-origin: https://orca.security
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 67a09388deebc2a9-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Thu, 05 Aug 2021 14:09:44 GMT

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 205 KB
57 KB 239ms
117ms Script
application/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 9b528d20480c531315ae34b2941b0f98e9727df6e7e8d057e599174df79c0dbd

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:44 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-169
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-08-05 14:35:37
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
last-modified: Thu, 29 Jul 2021 03:01:14 GMT
server: BunnyCDN-DE1-756
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control: public, max-age=31919000
cdn-requestid: 8705a4722a9aa7a84956d38078cfcb51
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ Frame B761 94 KB
33 KB 54ms
9ms Script
text/javascript 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 09:33:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16257
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33576
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Aug 2022 09:33:47 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame B761 7 KB
639 B 41ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 14:04:44 GMT
server: ESF
date: Thu, 05 Aug 2021 14:04:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 14:04:44 GMT

GET
H/1.1 200
OK form.css
go.orca.security/css/ Frame B761 31 KB
8 KB 151ms
125ms Stylesheet
text/css 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/css/form.css?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:04:44 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Wed, 04 Aug 2021 13:29:24 GMT
Server: PardotServer
ETag: "7be2-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 7660
Expires: Sat, 05 Aug 2023 14:04:44 GMT

GET
H/1.1 200
OK piUtils.js Show response
go.orca.security/js/ Frame B761 341 KB
99 KB 270ms
245ms Script
application/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/js/piUtils.js?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:04:44 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Wed, 04 Aug 2021 13:29:25 GMT
Server: PardotServer
ETag: "55586-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Sat, 05 Aug 2023 14:04:44 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame B761 105 KB
40 KB 38ms
35ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

361025ec86f2e6a8a929f687f60cc36c393039ee1b2e5c145a3cee6d11354148

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:45 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40706
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 Aug 2021 14:04:45 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ Frame EA1E 94 KB
33 KB 37ms
10ms Script
text/javascript 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 09:33:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16257
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33576
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Aug 2022 09:33:47 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame EA1E 7 KB
616 B 32ms
25ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 13:50:07 GMT
server: ESF
date: Thu, 05 Aug 2021 14:04:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 14:04:44 GMT

GET
H/1.1 200
OK form.css
go.orca.security/css/ Frame EA1E 31 KB
8 KB 398ms
105ms Stylesheet
text/css 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/css/form.css?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:04:44 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Wed, 04 Aug 2021 13:29:24 GMT
Server: PardotServer
ETag: "7be2-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 7660
Expires: Sat, 05 Aug 2023 14:04:44 GMT

GET
H/1.1 200
OK piUtils.js Show response
go.orca.security/js/ Frame EA1E 341 KB
99 KB 489ms
195ms Script
application/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/js/piUtils.js?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:04:44 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Wed, 04 Aug 2021 13:29:25 GMT
Server: PardotServer
ETag: "55586-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Sat, 05 Aug 2023 14:04:44 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame EA1E 105 KB
40 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

361025ec86f2e6a8a929f687f60cc36c393039ee1b2e5c145a3cee6d11354148

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:45 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40706
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 Aug 2021 14:04:45 GMT

GET
H/1.1 200
OK form.css
go.orca.security/css/ Frame BE76 31 KB
8 KB 147ms
121ms Stylesheet
text/css 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/css/form.css?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:04:44 GMT
Content-Encoding: gzip
X-Pardot-Route: fb09abcaff05ac363535c455b453208a
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Wed, 04 Aug 2021 13:29:24 GMT
Server: PardotServer
ETag: "7be2-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 7660
Expires: Sat, 05 Aug 2023 14:04:44 GMT

GET
H/1.1 200
OK piUtils.js Show response
go.orca.security/js/ Frame BE76 341 KB
99 KB 489ms
195ms Script
application/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/js/piUtils.js?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:04:44 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Wed, 04 Aug 2021 13:29:25 GMT
Server: PardotServer
ETag: "55586-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Sat, 05 Aug 2023 14:04:44 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame BE76 111 KB
42 KB 44ms
25ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

42b79edc019300d0f556a3b2ad370e5c3cda2807102c24956604c7c835f03f71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:45 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42973
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 Aug 2021 14:04:45 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 99 KB
39 KB 203ms
13ms Script
application/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=OPT-PWBBWC3&t=gtm4&cid=898839617.1628172285

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0a91bc6001255d94690ddcbcfcdb2085c56d4cd1225aed2e5864e641115bca71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:44 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40094
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 Aug 2021 14:04:44 GMT

GET
H2 200 208134170283065 Show response
connect.facebook.net/signals/config/ 253 KB
72 KB 247ms
31ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/208134170283065?v=2.9.44&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e0e5bde2976de971453ff399dd44a574f999ff6cca7c6dec94991b07e94d477

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: +Qn3qDiqTUPsLEpv6KlIgzgSC9eZnqJSVKN5yCBe18lkvzdB6H6MspVlUBBTvViY7Q6QPcX3QvGhAtlptlsM+Q==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
date: Thu, 05 Aug 2021 14:04:44 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628172284726&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1286465%26time%3D1628172284726%26url%3Dhttps%253A%252F%252Forca.security%252Freso...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628172284726&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSy...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628172284726&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liS...

0
483 B

419ms
174ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628172284726&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true&e_ipv6=AQLQ8zVIKdoGnwAAAXsWoXmXsnMkA4CEIzUyugNWrdUbyHQhM-WxOTLNDAoeF_KNLNYd0pHa
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:47 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: iBAooRFumBbwOhVFdisAAA==

Redirect headers

date: Thu, 05 Aug 2021 14:04:46 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628172284726&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true&e_ipv6=AQLQ8zVIKdoGnwAAAXsWoXmXsnMkA4CEIzUyugNWrdUbyHQhM-WxOTLNDAoeF_KNLNYd0pHa
x-li-proto: http/2
x-li-pop: prod-eda6
content-length: 0
x-li-uuid: JBrfaBFumBbgvV1lZSsAAA==

POST
H2 200 setcookie2 Show response
services.infinigrow.com/ 15 B
678 B 584ms
479ms Fetch
application/json 13.32.22.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://services.infinigrow.com/setcookie2
Requested by: Host: ddzuuyx7zj81k.cloudfront.net
URL: https://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.22.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-22-105.fra56.r.cloudfront.net
Software: /
Resource Hash: a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 05 Aug 2021 14:04:46 GMT
via: 1.1 307a3e1075dd3d0976c64513a6ec3d74.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-amzn-requestid: 2d71aeb5-92ff-4302-9e05-93b3334ad3d6
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: https://orca.security
x-amzn-trace-id: Root=1-610beffe-00a7b0c3515cf35e12d989d0;Sampled=0
access-control-allow-credentials: true
x-amz-apigw-id: DmJv0GRwPHcFolA=
content-length: 15
x-amz-cf-id: ePAy_ODQlCsfYnKQzovPenX2K34M85HtQCSaRY5eU3gdHQML5a-h-g==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/653025264/ 2 KB
1 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/653025264/?random=1628172284909&cv=9&fst=1628172284909&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg840&sendb=1&ig=1&frm=0&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&tiba=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7f801e04999a53bc656d441db1d02a9bff11d0de3d60924fa5ae95823720b25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 14:04:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1077
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.7cb32ca5fc09d90486d4.js Show response
script.hotjar.com/ 221 KB
59 KB 130ms
45ms Script
application/javascript 13.224.96.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.7cb32ca5fc09d90486d4.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1785482.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-96-67.zrh50.r.cloudfront.net

Software

Resource Hash

cc33742f4eab551d4e76af8a2da85c3d2304d8252171d16a3e56207c0c073e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 10:44:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 271240
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59482
access-control-allow-origin: *
last-modified: Mon, 02 Aug 2021 10:43:09 GMT
etag: "e6f555ee598c867e151cb33c3be24c8f"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 792f70324a941726ce7e749514e6fc3c.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: SADSnizj0rCgEA8Drj2qPOL93Dc8EBDLPvzeOOFJM_Eqe6LhWax7fA==

GET
H2 200 adsct
t.co/i/ 43 B
454 B 738ms
185ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.1&p_id=Twitter&p_user_id=0&txn_id=o4qyy&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 05 Aug 2021 14:04:45 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: ae95ef16cd0a130079c10b2eef9beb54775189ac0704df868a0a505658de73ff
x-transaction: 3200b337854183be
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ Frame B761 122 KB
40 KB 58ms
56ms Script
application/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:45 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 172
x-guploader-uploadid: ADPycdsqDEW5C62PsVgvR9hfSSwDl9QH35SDB8IWr13WmIIDphvvEAexS5K_LZWy94kyW4d7G0ogtcJlT05Iejd_lo7kQvCsYw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Wed, 14 Jul 2021 10:39:08 GMT
server: cloudflare
etag: W/"1e1e37b752fd19a94113b3725ef35506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EP8N2g==, md5=Hh43t1L9GalBE7NyXvNVBg==
x-goog-generation: 1626259148350866
cache-control: public, max-age=3600
x-goog-stored-content-length: 124580
cf-ray: 67a0938e696505ed-FRA
expires: Thu, 05 Aug 2021 15:01:53 GMT

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ Frame EA1E 122 KB
40 KB 61ms
59ms Script
application/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:45 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 172
x-guploader-uploadid: ADPycdsqDEW5C62PsVgvR9hfSSwDl9QH35SDB8IWr13WmIIDphvvEAexS5K_LZWy94kyW4d7G0ogtcJlT05Iejd_lo7kQvCsYw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Wed, 14 Jul 2021 10:39:08 GMT
server: cloudflare
etag: W/"1e1e37b752fd19a94113b3725ef35506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EP8N2g==, md5=Hh43t1L9GalBE7NyXvNVBg==
x-goog-generation: 1626259148350866
cache-control: public, max-age=3600
x-goog-stored-content-length: 124580
cf-ray: 67a0938feca605ed-FRA
expires: Thu, 05 Aug 2021 15:01:53 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 28E1 2 KB
1 KB 129ms
40ms Document
text/html 13.224.96.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1785482.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-118.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 6CtTTAQyCjojVUNXQCrq3timpoItaWunJIXFaWkIE3Ann8U11LiH4Q==
age: 1604895

GET
H3-29 200 xn7gYHE41ni1AdIRggexSg.woff2
fonts.gstatic.com/s/manrope/v4/ Frame EA1E 22 KB
22 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/manrope/v4/xn7gYHE41ni1AdIRggexSg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a41d60f8ac48aafcddd891ddebb318735c5684c4d8c8971f2a236233f89fc3be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://go.orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 01:26:03 GMT
x-content-type-options: nosniff
age: 218322
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22788
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 21:57:26 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 01:26:03 GMT

GET
DATA 200
OK truncated
/ Frame EA1E 268 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a33b00a04c9fc9b04282a6ed5e20fdef28fcb08cbcd7712057cacf7c6edd669

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 78657 Show response
api.omappapi.com/v2/embed/ 9 KB
3 KB 135ms
130ms XHR
application/json 13.224.96.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/78657?d=orca.security
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-68.zrh50.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 2aeb3b324941917165414ab3fc00805dd9a9d155605f4d15ac6632c4c188d95b

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:45 GMT
content-encoding: gzip
x-cache-config: 0 0
x-amz-cf-pop: ZRH50-C1
x-cache-status: HIT
x-cache: Miss from cloudfront
access-control-allow-headers: X-CSRF-Token
x-optinmonster-account: 88433
x-user-agent: standard--
last-modified: Tue, 03 Aug 2021 11:45:35 GMT
server: Pagely Gateway/1.5.1
etag: W/"34a7b940604a261644d2ef0ae5433d2d"
vary: Accept-Encoding, User-Agent
content-type: application/json
via: 1.1 110750d14d1d900cd5c76d0ac872f5dd.cloudfront.net (CloudFront)
access-control-expose-headers: X-OptinMonster-Account, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-origin: *
x-amz-cf-id: zUU2ufigBMYZaqI5yA-UrF3QahiWE-RcxiXqRA8A4AEIZOG4wn5uLg==
expires: Thu, 05 Aug 2021 13:37:17 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
147 B 17ms
8ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=208134170283065&ev=PageView&dl=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&rl=&if=false&ts=1628172285577&sw=1600&sh=1200&v=2.9.44&r=stable&ec=0&o=30&fbp=fb.1.1628172285572.241026082&it=1628172284631&coo=false&rqm=GET

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:45 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Thu, 05 Aug 2021 14:04:45 GMT

OPTIONS
H2 204 setcookie2
services.infinigrow.com/ Frame 0
0 1275ms
495ms Preflight 13.32.22.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://services.infinigrow.com/setcookie2
Protocol: H2
Server: 13.32.22.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-22-105.fra56.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://orca.security
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 05 Aug 2021 14:04:46 GMT
x-amzn-requestid: b47bb26a-7d0c-4a25-acd1-f6df44e1d8fe
access-control-allow-origin: https://orca.security
access-control-allow-headers: Origin,Content-Length,Content-Type
x-amz-apigw-id: DmJvuFHfPHcFmBw=
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD
x-amzn-trace-id: Root=1-610beffe-66be27f376f53b987544da5d;Sampled=0
access-control-max-age: 43200
access-control-allow-credentials: true
x-cache: Miss from cloudfront
via: 1.1 0434556f8ccac61e8735f7c75767727c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: w8bKjtD8gdX7TWS2_FI4Rjhp4VzKfL49eZYnQ-37iRl0FJzWKbhW7g==

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 20ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=903909658&t=pageview&_s=1&dl=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&ul=en-us&de=UTF-8&dt=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEADQAAAAC~&jid=844842427&gjid=596381040&cid=898839617.1628172285&tid=UA-141329870-1&_gid=210292502.1628172285&_r=1&gtm=2wg840MFH8KTP&z=889181759

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 14:04:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://orca.security
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 webfont.js Show response
a.omappapi.com/app/js/webfont/1.5.18/ 16 KB
7 KB 41ms
34ms Script
application/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:45 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-169
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-08-05 14:35:37
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 17:38:16 GMT
server: BunnyCDN-DE1-756
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control: public, max-age=31919000
cdn-requestid: 46f25114f0f52d947d56db1ef9ef5f78
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 moment.min.js Show response
a.omappapi.com/app/js/moment.js/2.24.0/ 52 KB
19 KB 96ms
93ms Script
application/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/moment.js/2.24.0/moment.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:45 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-169
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-08-05 14:35:40
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 17:38:19 GMT
server: BunnyCDN-DE1-756
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control: public, max-age=31919000
cdn-requestid: 53f43fb565944a88a3557cff9c52c5bc
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 f705569335081612217557-0103-OrcaSecurity-WebsiteCard-1.png
a.omappapi.com/users/16cbaba9fcb1/images/ 27 KB
27 KB 56ms
54ms Image
image/webp 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.omappapi.com/users/16cbaba9fcb1/images/f705569335081612217557-0103-OrcaSecurity-WebsiteCard-1.png
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: d5e6f422bf9513df9dd847931b0783e78f2cc6d7a3f189450b9c932b40c584d7

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:45 GMT
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-51
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-08-05 14:38:28
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-length: 27446
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 18:29:20 GMT
server: BunnyCDN-DE1-756
cdn-requestpullcode: 200
content-type: image/webp
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control: public, max-age=31919000
cdn-requestid: 0ce470e3e246b0e2b4867cbdbcd7d298
accept-ranges: bytes
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
86 B 49ms
13ms XHR
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-141329870-1&cid=898839617.1628172285&jid=844842427&gjid=596381040&_gid=210292502.1628172285&_u=aGDAAEACQAAAAC~&z=893911369

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 05 Aug 2021 14:04:45 GMT
content-type: text/plain
access-control-allow-origin: https://orca.security
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/653025264/ 42 B
324 B 48ms
23ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/653025264/?random=1628172284909&cv=9&fst=1628172000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg840&sendb=1&frm=0&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&tiba=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&async=1&fmt=3&is_vtc=1&random=1827016590&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 14:04:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/653025264/ 42 B
154 B 42ms
17ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/653025264/?random=1628172284909&cv=9&fst=1628172000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg840&sendb=1&frm=0&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&tiba=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&async=1&fmt=3&is_vtc=1&random=1827016590&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 14:04:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getMapping Show response
ws.zoominfo.com/form-complete/ Frame B761 814 B
644 B 169ms
168ms XHR
application/json 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/form-complete/getMapping?formId=wymcNktFMIhtz4zMJ4Cn

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

08dbb435439815752ce09bfc9581b9085db9c9a66095bf5062b1c5c8adc08031

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
via: 1.1 google
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.orca.security
access-control-allow-credentials: true
cf-ray: 67a09393ee782c52-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
etag: W/"32e-56y0x/xolG6sqdVLNPZOnEQpq9g"

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ Frame BE76 5 KB
2 KB 440ms
102ms Script
application/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:04:46 GMT
Content-Encoding: gzip
X-Pardot-Route: 4587f66dff94d6e76a668284fbf3dba1
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Wed, 04 Aug 2021 13:29:25 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Sat, 05 Aug 2023 14:04:46 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 29ms
25ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-141329870-1&cid=898839617.1628172285&jid=844842427&_u=aGDAAEACQAAAAC~&z=1164830887

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 14:04:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.de/ads/ 42 B
63 B 26ms
22ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-141329870-1&cid=898839617.1628172285&jid=844842427&_u=aGDAAEACQAAAAC~&z=1164830887

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 14:04:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET attributionSnippet.js
ddzuuyx7zj81k.cloudfront.net/1.0.0/ Frame BE76 0
0

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame BE76 48 KB
19 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 3065
date: Thu, 05 Aug 2021 13:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 05 Aug 2021 15:13:41 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ Frame BE76 36 KB
14 KB 46ms
45ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13910
x-xss-protection: 0
server: cafe
etag: 8154934153164151798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 05 Aug 2021 14:04:46 GMT

GET attributionSnippet.js
ddzuuyx7zj81k.cloudfront.net/1.0.0/ Frame EA1E 0
0

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame EA1E 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 3065
date: Thu, 05 Aug 2021 13:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 05 Aug 2021 15:13:41 GMT

GET conversion_async.js
www.googleadservices.com/pagead/ Frame EA1E 0
0

GET
H2 200 getMapping Show response
ws.zoominfo.com/form-complete/ Frame EA1E 814 B
573 B 147ms
146ms XHR
application/json 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/form-complete/getMapping?formId=wymcNktFMIhtz4zMJ4Cn

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

08dbb435439815752ce09bfc9581b9085db9c9a66095bf5062b1c5c8adc08031

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
via: 1.1 google
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.orca.security
access-control-allow-credentials: true
cf-ray: 67a093948f932c52-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
etag: W/"32e-56y0x/xolG6sqdVLNPZOnEQpq9g"

POST
H3-29 200 /
www.facebook.com/tr/ 0
18 B 19ms
7ms Ping
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryalGAU4tzsqaXgREf

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Thu, 05 Aug 2021 14:04:46 GMT
content-type: text/plain
access-control-allow-origin: https://orca.security
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ Frame B761 5 KB
2 KB 418ms
116ms Script
application/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:04:46 GMT
Content-Encoding: gzip
X-Pardot-Route: 4587f66dff94d6e76a668284fbf3dba1
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Wed, 04 Aug 2021 13:29:25 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Sat, 05 Aug 2023 14:04:46 GMT

GET
H2 200 moment-timezone-with-data-2012-2022.min.js Show response
a.omappapi.com/app/js/moment-timezone/0.5.23/ 32 KB
11 KB 108ms
86ms Script
application/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/moment-timezone/0.5.23/moment-timezone-with-data-2012-2022.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 23190e1539469cc8b5faccb038b260ccda2cc62672c70efa1900a51a8e3d1be5

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:46 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-51
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-08-05 14:35:38
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 03:51:03 GMT
server: BunnyCDN-DE1-756
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control: public, max-age=31919000
cdn-requestid: 45bb8a606380b49f9ea5d9e71ab20a80
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET attributionSnippet.js
ddzuuyx7zj81k.cloudfront.net/1.0.0/ Frame B761 0
0

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame B761 48 KB
19 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 3065
date: Thu, 05 Aug 2021 13:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 05 Aug 2021 15:13:41 GMT

GET conversion_async.js
www.googleadservices.com/pagead/ Frame B761 0
0

POST
H2 200 collect Show response
www.google-analytics.com/j/ Frame BE76 2 B
110 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=206466822&t=pageview&_s=1&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsl&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1213x155&je=0&_u=YEBAAEABAAAAAC~&jid=970467300&gjid=1423910082&cid=1239254906.1628172286&tid=UA-141329870-1&_gid=1199515939.1628172286&_r=1&gtm=2wg840MTM87SL&z=726049625

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 14:04:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.orca.security
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ Frame EA1E 35 B
55 B 11ms
10ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=67757987&t=pageview&_s=1&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=248x94&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1239254906.1628172286&tid=UA-141329870-1&_gid=1199515939.1628172286&gtm=2wg840MTM87SL&z=665612687

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 22:21:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 56573
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/653025264/ Frame BE76 2 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/653025264/?random=1628172286886&cv=9&fst=1628172286886&num=1&userId=true&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg840&sendb=1&ig=1&frm=2&url=true&ref=true&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

128ecf4fc7cfb1cbb1d353321e99b0b3d0a0ba791c391b633853524bfc16d267

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 14:04:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 967
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H/1.1 200
OK visitor_events
app.qualified.com/w/1/gndr1NireXGRNRuC/ Frame 0
0 314ms
99ms Preflight 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/visitor_events
Protocol: HTTP/1.1
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://orca.security
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Access-Control-Max-Age: 7200
Date: Thu, 05 Aug 2021 14:04:47 GMT
Server: nginx
Via: 1.1 spaces-router (020d7643da32)
Content-Length: 0

POST
H/1.1 204
No Content visitor_events Show response
app.qualified.com/w/1/gndr1NireXGRNRuC/ 0
639 B 122ms
121ms XHR
text/plain 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/gndr1NireXGRNRuC/visitor_events

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=gndr1NireXGRNRuC

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json; charset=UTF-8

Response headers

Date: Thu, 05 Aug 2021 14:04:47 GMT
Via: 1.1 spaces-router (020d7643da32)
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Access-Control-Max-Age: 7200
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Xss-Protection: 1; mode=block
X-Request-Id: 3e22a99b-7001-ed6b-3fcb-801575b33f4d
X-Runtime: 0.005444
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Vary: Origin
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: no-cache

GET
H3-29 200 css
fonts.googleapis.com/ 7 KB
723 B 21ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6fa14c7b40a31f3345c4371c7fc74452ae9232af5627c31b633752a1b0cb3665

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 14:04:47 GMT
server: ESF
date: Thu, 05 Aug 2021 14:04:47 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 14:04:47 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ Frame BE76 4 B
88 B 37ms
13ms XHR
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-141329870-1&cid=1239254906.1628172286&jid=970467300&gjid=1423910082&_gid=1199515939.1628172286&_u=YEBAAEAAAAAAAC~&z=505386726

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 05 Aug 2021 14:04:47 GMT
content-type: text/plain
access-control-allow-origin: https://go.orca.security
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 infinigrow.js Show response
dss6ntp5q2r0o.cloudfront.net/2.9.0/ 74 KB
25 KB 110ms
18ms Script
application/javascript 2600:9000:2190:4000:10:7994:d200:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dss6ntp5q2r0o.cloudfront.net/2.9.0/infinigrow.js
Requested by: Host: ddzuuyx7zj81k.cloudfront.net
URL: https://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:4000:10:7994:d200:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a6d75aad5c009d0bdf36d4c1d68d90e2848460fce782adb137819228842eefe0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 20:36:43 GMT
content-encoding: gzip
last-modified: Sun, 24 Jun 2018 15:14:02 GMT
server: AmazonS3
age: 62885
etag: W/"2f70fa2239343e20deb5c199873fbed1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 1437ff2cfbc1ea8c7a36e6b0ce6e935a.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: oUWxlz2NiWdYx2ilzf7eX5vadL1j-pjE2te4upnJCxfEYCeKHb3Qcg==

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v18/ 23 KB
23 KB 12ms
11ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v18/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 18:40:08 GMT
x-content-type-options: nosniff
age: 156279
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 18:18:32 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 18:40:08 GMT

GET
H3-29 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v21/ 14 KB
14 KB 32ms
14ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v21/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 18:36:37 GMT
x-content-type-options: nosniff
age: 156490
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 18:10:00 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 18:36:37 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v21/ 15 KB
15 KB 21ms
10ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v21/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 18:36:37 GMT
x-content-type-options: nosniff
age: 156490
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15112
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 18:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 18:36:37 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN8rsOUuhp.woff2
fonts.gstatic.com/s/opensans/v21/ 15 KB
15 KB 26ms
12ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v21/mem5YaGs126MiZpBA-UN8rsOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47300f73d115d5d1586ff7b01cc7319166b160bdad6e54a54ad02ac9312f6426

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 18:36:37 GMT
x-content-type-options: nosniff
age: 156490
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15188
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 18:10:37 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 18:36:37 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ Frame EA1E 5 KB
2 KB 105ms
103ms Script
application/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:04:47 GMT
Content-Encoding: gzip
X-Pardot-Route: 4587f66dff94d6e76a668284fbf3dba1
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Wed, 04 Aug 2021 13:29:25 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Sat, 05 Aug 2023 14:04:47 GMT

GET
H3-29 200 collect
www.google-analytics.com/ Frame B761 35 B
55 B 16ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=1078988808&t=pageview&_s=1&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1239254906.1628172286&tid=UA-141329870-1&_gid=1199515939.1628172286&gtm=2wg840MTM87SL&z=2092554370

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 22:21:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 56574
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ Frame BE76 42 B
107 B 19ms
18ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-141329870-1&cid=1239254906.1628172286&jid=970467300&_u=YEBAAEAAAAAAAC~&z=820306164

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 14:04:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ Frame BE76 42 B
107 B 18ms
18ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-141329870-1&cid=1239254906.1628172286&jid=970467300&_u=YEBAAEAAAAAAAC~&z=820306164

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 14:04:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ Frame BE76 3 KB
3 KB 316ms
313ms Script
text/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=17085&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsl&referrer=https%3A%2F%2Forca.security%2F

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-4-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

f41e060e8852b0a258bd2b375ab0c155a0db31e034d3723b33cfcd9f2b1b35e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 14:04:47 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 17/2/19
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1445
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ Frame B761 3 KB
3 KB 241ms
241ms Script
text/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&referrer=https%3A%2F%2Forca.security%2F

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-4-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

431f61d1c23e36e9718027a0b3671c83532d1f16bad7e908f427629686f0562c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 14:04:47 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 16/49/80
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1444
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/653025264/ Frame BE76 42 B
64 B 29ms
24ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/653025264/?random=1628172286886&cv=9&fst=1628172000000&num=1&userId=true&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg840&sendb=1&frm=2&url=true&ref=true&async=1&fmt=3&is_vtc=1&random=3065824794&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 14:04:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/653025264/ Frame BE76 42 B
64 B 26ms
21ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/653025264/?random=1628172286886&cv=9&fst=1628172000000&num=1&userId=true&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg840&sendb=1&frm=2&url=true&ref=true&async=1&fmt=3&is_vtc=1&random=3065824794&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 14:04:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK tp2 Show response
sp.infinigrow.com/com.snowplowanalytics.snowplow/ 2 B
460 B 1101ms
204ms XHR
text/plain 44.233.138.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sp.infinigrow.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: dss6ntp5q2r0o.cloudfront.net
URL: https://dss6ntp5q2r0o.cloudfront.net/2.9.0/infinigrow.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.233.138.195 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-233-138-195.us-west-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Date: Thu, 05 Aug 2021 14:04:49 GMT
Server: akka-http/10.0.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin: https://orca.security
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/plain; charset=UTF-8
Content-Length: 2

OPTIONS
H/1.1 200
OK tp2
sp.infinigrow.com/com.snowplowanalytics.snowplow/ Frame 0
0 1091ms
196ms Preflight 44.233.138.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sp.infinigrow.com/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Server: 44.233.138.195 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-233-138-195.us-west-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://orca.security
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://orca.security
Date: Thu, 05 Aug 2021 14:04:48 GMT
Server: akka-http/10.0.9
Content-Length: 0
Connection: keep-alive

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ Frame EA1E 3 KB
3 KB 330ms
226ms Script
text/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-4-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

7a891e412fb2d6fd640f7d6ac17485c8c0add2fad9d9ce82c08304b916cf5a9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 14:04:47 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 16/97/182
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1444
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
go.orca.security/ Frame B761 50 B
1 KB 194ms
193ms Script
text/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&pi_form=true&visitor_id=585733554&visitor_id_sign=2d358be32820364a14f57c6321158fc8db628dfcc54646fe14d4b73faca58bfad638fbb53b8a8037f412e40c4e3a66126e07081c&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https://go.orca.security/l/898611/2020-12-11/2vsj&referrer=https://orca.security/
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&referrer=https%3A%2F%2Forca.security%2F
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 14:04:47 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 17/9/200
Vary: User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET embed_shepherd-v1.js
fast.wistia.com/static/ Frame B761 0
0

GET
H/1.0 200
OK analytics Show response
go.orca.security/ Frame BE76 50 B
1 KB 195ms
194ms Script
text/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&pi_form=true&visitor_id=585733558&visitor_id_sign=c23dd4e9722cb8c8a3fd11ea7212bd8018f15537b0e27a4ab182261435cadb7edd7357220625473a39a2e4e485b77fed2f0e905e&pi_opt_in=&campaign_id=17085&account_id=899611&title=&url=https://go.orca.security/l/898611/2020-12-11/2vsl&referrer=https://orca.security/
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=17085&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsl&referrer=https%3A%2F%2Forca.security%2F
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 14:04:47 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 16/89/90
Vary: User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET embed_shepherd-v1.js
fast.wistia.com/static/ Frame BE76 0
0

GET
H/1.0 200
OK analytics Show response
go.orca.security/ Frame EA1E 50 B
1 KB 194ms
191ms Script
text/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&pi_form=true&visitor_id=585733562&visitor_id_sign=aa6d70a1c46b147db492dd552eabf94ca6d44de9fd4e1ebf8480b79496bde933f112e2e3a92f6f121104252d0cca2bc625ea46f8&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https://go.orca.security/l/898611/2020-12-11/2vsj&referrer=https://orca.security/
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&referrer=https%3A%2F%2Forca.security%2F
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 14:04:48 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 17/9/200
Vary: User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET embed_shepherd-v1.js
fast.wistia.com/static/ Frame EA1E 0
0

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 104ms
103ms Script
application/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 14:04:54 GMT
Content-Encoding: gzip
X-Pardot-Route: 4587f66dff94d6e76a668284fbf3dba1
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Wed, 04 Aug 2021 13:29:25 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Sat, 05 Aug 2023 14:04:54 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
358 B 67ms
37ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=03772d1e-aef0-4e74-a117-9f4ee3b9e51c&fci=832e28df-6283-44c8-bf5a-342c1c3df68f&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=5544741&ct=blog-post&rcu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F&pu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&t=Malware+in+the+Cloud%3A+Challenges+and+Best+Practices+-+Orca+Security&cts=1628172294189&vi=3535aef0d1136567f9c07359be774476&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:54 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: f4f58695-3580-46b0-a5e2-ab21052fd05f
cf-ray: 67a093c6fdc40621-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K7eS2VWScJ0dT3fhs66oRj3J8g7DHlvEuiNXUQ83J%2F9PKyRvCh1vMb5gOXJ1%2BlG%2FgAQt48hmpRzHP6hLrnZ%2BvnOm2JhUAK659YHVmbLqbW4q9hRI2NIY8hLaSPz9pW7wycu5MD1aAKKhu5tlkWqG"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
801 B 58ms
29ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=5544741&ct=blog-post&rcu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F&pu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&t=Malware+in+the+Cloud%3A+Challenges+and+Best+Practices+-+Orca+Security&cts=1628172294202&vi=3535aef0d1136567f9c07359be774476&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:54 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: f257811d-fca3-44cf-a58b-25276301b081
cf-ray: 67a093c6fdc80621-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GXQ8wSM0VTTFisljK0yFMbKN%2B5CjKKDbkwDRzvM2NYlZ06ocziEyE6J7Q03tf0l2zFC0c0CKKUWJ6fFYYiC921OD7wunLA%2F6lrvFOAlufPMqb%2FHtbCOO3%2Bn3aZxwTpwlPgLKqrMRyO9r1xN3HwdB"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
658 B 514ms
179ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.1&p_id=Twitter&p_user_id=0&txn_id=o4qyy&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 05 Aug 2021 14:04:54 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 8c750f859dfba31017bdf85eecca9e9f7aa6d2462453dab1edd9b26e6c52473d
x-transaction: 1e21c4340c697db5
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 3 KB
3 KB 270ms
269ms Script
text/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&referrer=

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-4-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

cbbd3467849f9c5083535291150f0a4723751a275d01a20f89a4401ac4597f5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 14:04:54 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 16/103/172
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1442
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
go.orca.security/ 50 B
1 KB 192ms
191ms Script
text/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&visitor_id=585733738&visitor_id_sign=6983c684d180d7d117252529e3f8484193b63e5049e1c522fa7a48cde751e1a1b84add8cf3a05f331d78c19f82ac2e1ed11ba69f&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud:%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&referrer=
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 14:04:54 GMT
X-Pardot-Route: c2c10298b36224142948b084fe4d7b30
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 16/22/49
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 embed_shepherd-v1.js Show response
fast.wistia.com/static/ 572 KB
104 KB 37ms
12ms Script
application/javascript 2a04:4e42:3::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/static/embed_shepherd-v1.js

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&referrer=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9e588c1c9f9aaf018b98c44009b7a1ce46264e0ca0fa5c6b4c6d464af2b6d54a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:04:54 GMT
content-encoding: br
vary: Accept-Encoding
age: 556
x-cache: HIT, HIT
content-length: 106273
x-served-by: cache-dca12924-DCA, cache-fra19155-FRA
access-control-allow-origin: *
x-browser-version: 89
last-modified: Wed, 04 Aug 2021 15:31:04 GMT
x-timer: S1628172295.692383,VS0,VE0
etag: "610ab2b8-19f21"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 12

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: insiderdata360online.com
URL: https://insiderdata360online.com/service/platform.js?ran=0.6162563148598994

Domain: ddzuuyx7zj81k.cloudfront.net
URL: http://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js

Domain: ddzuuyx7zj81k.cloudfront.net
URL: http://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: ddzuuyx7zj81k.cloudfront.net
URL: http://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: fast.wistia.com
URL: http://fast.wistia.com/static/embed_shepherd-v1.js

Domain: fast.wistia.com
URL: http://fast.wistia.com/static/embed_shepherd-v1.js

Domain: fast.wistia.com
URL: http://fast.wistia.com/static/embed_shepherd-v1.js

Verdicts & Comments Add Verdict or Comment

255 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.orca.security/	1970-01-19 20:16:14	Name: __hssc Value: 132551249.1.1628172294164
.orca.security/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.orca.security/	1970-01-20 05:37:48	Name: hubspotutk Value: 3535aef0d1136567f9c07359be774476
.orca.security/	1970-01-20 05:37:48	Name: __hstc Value: 132551249.3535aef0d1136567f9c07359be774476.1628172294159.1628172294159.1628172294159.1

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://orca.security/resources/wp-includes/js/jquery/jquery-migrate.min.js(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	log	URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE(Line 100) Message: Anchor Ready
console-api	log	URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE(Line 165) Message: [object Object]
console-api	warning	URL: https://orca.security/resources/wp-includes/js/jquery/jquery.min.js(Line 2) Message: jQuery.Deferred exception: Cannot read property 'getItem' of null TypeError: Cannot read property 'getItem' of null at _default.get (https://orca.security/resources/wp-content/plugins/elementor/assets/js/frontend.min.js:2:56236) at _default.setViewsAndSessions (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js:2:89347) at new _default (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js:2:89098) at Function.<anonymous> (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js:2:5491) at Function.each (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:3026) at ElementorProFrontend.initModules (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js:2:5456) at ElementorProFrontend.onElementorFrontendInit (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js:2:5712) at dispatch (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:43090) at v.handle (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:41074) at Object.trigger (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:71513) undefined

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
ajax.googleapis.com
analytics.twitter.com
api.omappapi.com
app.qualified.com
cdnjs.cloudflare.com
connect.facebook.net
ddzuuyx7zj81k.cloudfront.net
dss6ntp5q2r0o.cloudfront.net
fast.wistia.com
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
go.orca.security
googleads.g.doubleclick.net
insiderdata360online.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsforms.net
js.qualified.com
links.readitquik.us
maxcdn.bootstrapcdn.com
orca.security
pi.pardot.com
px.ads.linkedin.com
px4.ads.linkedin.com
script.hotjar.com
services.infinigrow.com
snap.licdn.com
sp.infinigrow.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
track.hubspot.com
tracking.g2crowd.com
vars.hotjar.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.clickcease.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
ddzuuyx7zj81k.cloudfront.net
fast.wistia.com
insiderdata360online.com
www.googleadservices.com
100.25.249.86
104.244.42.131
104.244.42.197
108.174.10.14
13.224.96.116
13.224.96.118
13.224.96.67
13.224.96.68
13.32.22.105
142.250.186.98
151.101.12.157
162.159.135.42
18.142.0.45
2600:9000:206f:c800:8:8d2f:9e00:21
2600:9000:2190:4000:10:7994:d200:21
2606:4700:20::ac43:4470
2606:4700::6810:125e
2606:4700::6810:5805
2606:4700::6810:650c
2606:4700::6810:a852
2606:4700::6811:47b0
2606:4700::6811:b649
2606:4700::6811:d4cc
2606:4700::6812:14bf
2606:4700::6812:1abe
2606:4700::6812:bcf
2606:4700::6813:9b53
2620:119:50e3:101::6cae:b45
2620:1ec:21::14
2a00:1450:4001:802::200a
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:812::2003
2a00:1450:4001:828::2004
2a00:1450:4001:828::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2008
2a00:1450:4001:831::200a
2a00:1450:400c:c06::9a
2a02:26f0:6c00:295::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:3::622
35.174.151.106
44.233.138.195
89.187.169.47
00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908
05eee7dd84da8f541a1dfebd89d2a67e8b2322fced4845f991769c1df2d096ab
08dbb435439815752ce09bfc9581b9085db9c9a66095bf5062b1c5c8adc08031
0a91bc6001255d94690ddcbcfcdb2085c56d4cd1225aed2e5864e641115bca71
0a938256d2de59b044f8ca7c7aa0c788ed2ffa9a48bf0e3930a5830c4298f509
0aaa4cf927b0e3631cffbe62f6786810aa65348483cd950e49f634a0881b16b4
0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
128ecf4fc7cfb1cbb1d353321e99b0b3d0a0ba791c391b633853524bfc16d267
13a16fa0e2ba101a24f92ce030067384bf8a08838e8988796626af25a2712ad2
15cabbfbc427cf3a6e897a426fa4cfc26d7171ae72763fcccc3d066338f15bf7
17f076500dca787c42b1dd6238ce50a0752771eafd040e8512c713a7ec947c65
182cab990c2118fcdb18feab5115335e4eb4bc0b38bb30a36c4e73c92b080ea4
1a33b00a04c9fc9b04282a6ed5e20fdef28fcb08cbcd7712057cacf7c6edd669
1ada5259a5ac61a7d68315f7efa6b98d61d2d0478df0545869c880afeaa67dcd
1e5aeaa58ab4c2345953f77e07fbc20578326076a259ed702eea64e077fde675
1ef0899dadf11eccd489e8aca5ef79eaf9c1caa00f9f1d4d8ad45ff1ed375ccf
205988b80eeedc442aa4ba78fd4bda5b1b139415f3dc88043fc73adcd71cbae2
20ffeeb1b6274d88ea1a05f79a414e6bb12189c7516514c75067d081dcd47819
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
23190e1539469cc8b5faccb038b260ccda2cc62672c70efa1900a51a8e3d1be5
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
285c3c6ca39b53ee2e65d425a7b26d8d9415a8e15c323aa1d73f3b79496400fc
2989e0b9e836cb9de3274d641ec6a58c2052f039e790ddd59b22303930bfdeeb
2aeb3b324941917165414ab3fc00805dd9a9d155605f4d15ac6632c4c188d95b
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde
336032e8b6a0e53594ef6fd0333f2c8f791accdd85de58bfbbbcd134347672af
33f88da5f2ab8271ee3fac8339d1b4dad3b04483fe306483bb14b42def0c99d2
34b499c3bed76acb12665df0c8b65d14bac3ee6161e420a9403bd694be549e78
361025ec86f2e6a8a929f687f60cc36c393039ee1b2e5c145a3cee6d11354148
368daab67b1a5b2b2802edbbac79a2aa4ba992a2ebf9c67b98ad784d8004018c
3afe1773cbb9677bed9327f8f81058a02d8b593b22eb24a40658539bd8a5ead8
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3e0e5bde2976de971453ff399dd44a574f999ff6cca7c6dec94991b07e94d477
3f9c38934fc41ee2a85f1a6e1ad59e96f7f1e73b9b4e653394708715d5ab32c5
3ff5defc7b92446f065b2652a2946a640c6f5e425c36a3aba012b8884db76236
42b79edc019300d0f556a3b2ad370e5c3cda2807102c24956604c7c835f03f71
431f61d1c23e36e9718027a0b3671c83532d1f16bad7e908f427629686f0562c
44da12b1630d2ef003f2375847617620d5f4f7fae60a473b801cf55f15e6f9d7
46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd
47300f73d115d5d1586ff7b01cc7319166b160bdad6e54a54ad02ac9312f6426
4a7ee62eb33f3bbb66c2151e5cac6bf4904e28302efc36128f3e3ccae6fde580
50bbb02baec0ea54be304a070a2c6d815f65ee593c04f0fd81f81ee4dc0133e2
52adbaf8b7004e3e0ef2b06be5492748eeef0bdfbc2d91b4aa3aa7ddd7028703
54c9560cb0117d8d1f955aefe0f88b843517964e118512d8f1a224a8a9b662f4
598e0da49a0d44ca888818a794151e0be9e5a5801d78e53430f451a40d67e661
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c15402dcdd0b03490883b62681c0d676af10894c7ce55218650d0f3827c6f0f
5da80845be0b787ddf4abd8c116be05e185e3e928c2773d65abb55903e362175
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
60aad8b6f919b3ac201f9441562712b6b4071e6e2928577910f31ca424ffa397
64380f313f85c6feb17b558f02b5b3d145bbf934a969e012302caac445a1922f
661e00570c65c29528d9ce6ee19e5e9939986716c293def67b07f8b6a191b018
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271
6f57f8ab879288c31393c0234a10d05b7b8955999a0192d4b17d4bf6c4769a18
6fa14c7b40a31f3345c4371c7fc74452ae9232af5627c31b633752a1b0cb3665
71008cf308a9bb2a3a3ddaa973f816c0d3a11db5cc9e7bdd5498089423019b3e
71a920e8af6069911a728a6768baf9c58e8f2dcc99599985f36f2110466457a0
71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba
7369eb7217705e08010dbd6c0ed5433f75e66391ff6f365372381b658b1f1da9
744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c
74706fc3a0764eb273029a2ca83422dd8663978130573095d48f7ed260f28671
751d5192326ddefce3e87157f7c9355217cdad7b4a969b5dd3161b4453671389
7742176d36a9ea889f4db0a843e62f522ba690a8d514e91dd5aa09eccf7340ce
785c1179e9138a30fccbcd502d81ad2920049a12fd3d83fae433052e9be4c62f
7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9
7a891e412fb2d6fd640f7d6ac17485c8c0add2fad9d9ce82c08304b916cf5a9e
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
7fc2adee3e43f35ce8e32c26f8d8cc18c647e98f5d82106937a981db839897d5
8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e
8191aac24052007a5eb3dff74bbcde3d14bd1b9eac048a8b781c08e144089f25
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84053d1e000e4ec2e919fc747c16eb16856745bd7cdd0279ff6be2062f365650
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86e8ec692b64a9bde2291aa1a5f06009bd66b1660584769d704e3ed84b0a875d
8725ca355115b2fd4651581ad44a4115ec562fc3ad951c72b7da7f9c8e73051f
897ebbdf379aeb2c751275f083d298f15b094902c6bd6a66405ffb0604c64124
8b1378138bba66a489a96aa319ed93174ae2e9740c4e0dc6846c5f06d2193fb4
8b92d981b81e79ebe22af779d7874b863893da5877d01b7b5f361d04c48a28d6
9019bd99bb2b109f32b62d0439c01e6c9e828bfd160c1e254a5a0d1c7229a4fe
91dbec0f4e07b605763f34157768eae027d683004a5200638e1153600927c575
937c1830b0b7d490405e8534908597528dd8be51c3f3c2727e7379087b7dab00
96456ea83a2a92121ff46321c0f0ca85237a5fbb1cc6391a7303057226b91529
97cf1307c16a437b77b5f7f5c9bc0b985d0745a14be5a279019aca5a3432e264
9b528d20480c531315ae34b2941b0f98e9727df6e7e8d057e599174df79c0dbd
9e588c1c9f9aaf018b98c44009b7a1ce46264e0ca0fa5c6b4c6d464af2b6d54a
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
a41d60f8ac48aafcddd891ddebb318735c5684c4d8c8971f2a236233f89fc3be
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473
a53ea60fbea6cb1775430998564d5f295aba7d3bfe548a0ba79aa2a049aba839
a6d75aad5c009d0bdf36d4c1d68d90e2848460fce782adb137819228842eefe0
a9703acf1b9ace4e69669e5472063f067cfaf6eba3dff61ec47b95db163a3158
a9e4a21d7a0dd665ebfe69752a801f9034ee7f4d7e5930cb267b6c48aa3bee31
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15
af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325
afea7d7933d3140b754902ec8d48c7cc0db26b22f5912655b2fb1c1b07429478
b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b5641645c15c48b3ff5ce52e718563e1d04d18492e552eb126862768327e2855
b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820
b980f62a2d545d64f24e6f96902c8fbf5da0018569c369bc18f9e5b5fcf099ed
bb0772532e523b486ea3419e8de8a9a40a0f632bf85ddf21f0d8753427972280
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc71c403dc6113c8597e111a99d6a6a197dd2f2355402f8392ca4812dca57d3d
bcca65cc24a8fa93b8c1c9b3fdab3c155b5a6c5e6013d1b0aa4e4447c8eec77c
be29174d2fe6ed8aad6c27420ce60f754419d072bfb1603ffa20626463295a57
c2e8b4fba49f90cfca5a43371c09879aed7447e0ba2ed4abd75b81448776c4f7
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c3f972393cbaeb692394b14498f8f9526c5a75480fe6fed1a5d14e83109e0cf4
c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b
c51831a289a042fb47236cc90db37a4d2cdd827d8ba95120de2cb55826e68664
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
c76c6456972a640a9057ae6e6ce9099722910ac60e2f31e514a1bf0066d9d64d
cbbd3467849f9c5083535291150f0a4723751a275d01a20f89a4401ac4597f5a
cc33742f4eab551d4e76af8a2da85c3d2304d8252171d16a3e56207c0c073e93
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
ceaa8c47e55f50794d42966a696f0f35149ffd1560c46eecbca911d6b48d9371
cfca36025004c1f9a54e8bca2961cd7c2c7d030b9f098b2f8d044e25944b1fdf
d39e13725b21bae85d8ec5a33e089d49b52ea78390dabf5e426751414499d0f1
d5e6f422bf9513df9dd847931b0783e78f2cc6d7a3f189450b9c932b40c584d7
d68519a3166f1d5cf914c9e2c228ce1415ecbe40c8630d7d5ce8675fdafb5902
d7c1382f2a55b9cfed948b2a888fe6169dd173219e33ef7ce057ccb002fa93cf
d882dbd828af87ed3434862bf608a2dee6d347817ae547421c9b2051ce29a905
d8e1bb6afaee4a9709470e6bc6712a4288aab63eff4a430e75935d0095648bb6
d9b993464d1fb9e951a4e9c76d4d560b208604c73fa87c0a61091b5af0ddecec
d9fd9e2d2293c369f4aa2abe2dcdee1ff7135ceb33f12cdfab98a348bf9ac455
da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7
daad363e1a1c8474f4498f86a1f3818a263b91acf479960422f8d77f49758d6f
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e0516199d8f2a3a2c60c0086210426617742ffa8e903b878f4eddc4985a424a9
e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964
e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999
e36eaa6e7cebbd4138dfb008ee3d53ab8195f45953b0f4f27d0d8156ab059021
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e51cef74e27fe2fbf08417acdaeccb250743a28dc7b82d16ba26560981041e0d
e56319a09d53a96a7b2864aa096022c41028595632a92a8bebec4febf331ba9f
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
e7f801e04999a53bc656d441db1d02a9bff11d0de3d60924fa5ae95823720b25
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2b6a048828ba900123bc05b019ded3252e9b21260d7402fc9d11a321fb3dc1
f07ba5ad1ac0a01ef6b948f1a2223b2eff4e40f40da24614151b98939b6a5ef1
f25bf2d1b5903b70c1c7bdd0164cd286a3854b4e963d2a00382bcb91faee853a
f41e060e8852b0a258bd2b375ab0c155a0db31e034d3723b33cfcd9f2b1b35e6
f8d00356859998784bda26e1d14f2d981515921b96ded50d5d6f6f0e75bac15c
f9335a3578fbb78eba8922527950b8773e21ebc2d28e6f72ce9d223094bfdbdc
fbd60db88b56b91e2c6ea79a36224ec46d01be9b58cf87db5176c86681f9270a
fda3035030d3843c2751dc0da65fb802230ec00a4008aeed83ddddc7b97cbc93
fe2ac5219992a3608a5c9e2bc4759fac8fb2189b88d7a674d395ff6c435da536
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

orca.security Open in urlscan Pro 162.159.135.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

210 Requests

96 %HTTPS

65 %IPv6

36 Domains

48 Subdomains

44 IPs

5 Countries

3547 kBTransfer

10089 kBSize

4 Cookies

17 Outgoing links

Page URL History

Redirected requests

210 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

orca.security Open in urlscan Pro
162.159.135.42 Public Scan

Screenshot
Live screenshot

Full Image

210
Requests

96 %
HTTPS

65 %
IPv6

36
Domains

48
Subdomains

44
IPs

5
Countries

3547 kB
Transfer

10089 kB
Size

4
Cookies

210 HTTP transactions
5 data transactions