orca.security Open in urlscan Pro
162.159.135.42 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://links.readitquik.us/els/v2/z9eksRxW0-Sa/VzFSUUtuZ25CQVJkRTg3eUZvSFRvb25pU1I5R3dhekx5c3FLYlZKc2lkNXVLS1RFbFdEczdMN3lM...
Effective URL:
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Submission: On August 05 via api (August 5th 2021, 6:09:03 am UTC) from US

Summary HTTP 248 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 46 IPs in 5 countries across 37 domains to perform 248 HTTP transactions. The main IP is 162.159.135.42, located in and belongs to CLOUDFLARENET, US. The main domain is orca.security.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 22nd 2021. Valid for: a year.

This is the only time orca.security was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	18.142.0.45 18.142.0.45	16509 (AMAZON-02) (AMAZON-02)
85	162.159.135.42 162.159.135.42	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:b649	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:d4cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6810:a852	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:650c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
22	52.21.178.134 52.21.178.134	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6810:5705	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:219... 2600:9000:2190:ea00:8:8d2f:9e00:21	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2bb::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6812:1bbe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.224.96.91 13.224.96.91	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::ac43:4470	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.226.239.18 54.226.239.18	14618 (AMAZON-AES) (AMAZON-AES)
2 2	2620:119:50e3... 2620:119:50e3:101::6cae:b45	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
2	13.224.96.100 13.224.96.100	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
14	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9d	15169 (GOOGLE) (GOOGLE)
1	13.224.96.104 13.224.96.104	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6811:46b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:15bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
5	185.59.220.194 185.59.220.194	60068 (CDN77 ^_^) (CDN77 ^_^)
1	13.224.96.22 13.224.96.22	16509 (AMAZON-02) (AMAZON-02)
17	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	13.224.96.55 13.224.96.55	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:220... 2600:9000:2204:4c00:10:7994:d200:21	16509 (AMAZON-02) (AMAZON-02)
2	52.89.105.17 52.89.105.17	16509 (AMAZON-02) (AMAZON-02)
11	100.25.249.86 100.25.249.86	14618 (AMAZON-AES) (AMAZON-AES)
2	52.217.104.76 52.217.104.76	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:3::622 2a04:4e42:3::622	54113 (FASTLY) (FASTLY)
248	46

1 18.142.0.45 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-142-0-45.ap-southeast-1.compute.amazonaws.com

links.readitquik.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

85 162.159.135.42 (None, )

ASN13335 (CLOUDFLARENET, US)

orca.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:b649 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d4cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 52.21.178.134 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-2-ue1.aws.pardot.com

go.orca.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5705 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:ea00:8:8d2f:9e00:21 (United States)

ASN16509 (AMAZON-02, US)

ddzuuyx7zj81k.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2bb::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1bbe (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-91.zrh50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4470 (United States)

ASN13335 (CLOUDFLARENET, US)

www.clickcease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.226.239.18 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e3:101::6cae:b45 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.96.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-100.zrh50.r.cloudfront.net

services.infinigrow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-104.zrh50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:46b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.59.220.194 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: edge-713.bunnyinfra.net

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-22.zrh50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-55.zrh50.r.cloudfront.net

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2204:4c00:10:7994:d200:21 (United States)

ASN16509 (AMAZON-02, US)

dss6ntp5q2r0o.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.89.105.17 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-89-105-17.us-west-2.compute.amazonaws.com

sp.infinigrow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 100.25.249.86 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-25-249-86.compute-1.amazonaws.com

app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.217.104.76 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

qualified-production.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::622 (United States)

ASN54113 (FASTLY, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
99	orca.security orca.security go.orca.security	2 MB
31	gstatic.com fonts.gstatic.com www.gstatic.com	2 MB
14	google.com www.google.com	67 KB
12	qualified.com js.qualified.com app.qualified.com	722 KB
10	googleapis.com fonts.googleapis.com ajax.googleapis.com	71 KB
9	google-analytics.com www.google-analytics.com	116 KB
8	pardot.com pi.pardot.com	20 KB
7	zoominfo.com ws.zoominfo.com ws-assets.zoominfo.com	124 KB
6	omappapi.com a.omappapi.com api.omappapi.com	124 KB
5	googletagmanager.com www.googletagmanager.com	179 KB
4	infinigrow.com services.infinigrow.com sp.infinigrow.com	1 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	62 KB
2	hubspot.com track.hubspot.com	1 KB
2	amazonaws.com qualified-production.s3.amazonaws.com	18 KB
2	facebook.com www.facebook.com	266 B
2	google.de www.google.de	676 B
2	doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net	1 KB
2	facebook.net connect.facebook.net	98 KB
2	cloudfront.net ddzuuyx7zj81k.cloudfront.net dss6ntp5q2r0o.cloudfront.net	28 KB
1	wistia.com fast.wistia.com Failed	104 KB
1	twitter.com analytics.twitter.com	659 B
1	hs-banner.com js.hs-banner.com	16 KB
1	hs-analytics.net js.hs-analytics.net	20 KB
1	t.co t.co	454 B
1	clickcease.com www.clickcease.com	25 KB
1	g2crowd.com tracking.g2crowd.com	1 KB
1	googleadservices.com www.googleadservices.com	14 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	licdn.com snap.licdn.com	2 KB
1	hsforms.com forms.hsforms.com	2 KB
1	cloudflare.com cdnjs.cloudflare.com	30 KB
1	hs-scripts.com js.hs-scripts.com	881 B
1	hsforms.net js.hsforms.net	145 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	22 KB
1	readitquik.us 1 redirects links.readitquik.us	262 B
0	insiderdata360online.com Failed insiderdata360online.com Failed
248	37

	Domain	Requested by
85	orca.security	orca.security
17	www.gstatic.com	www.google.com www.gstatic.com
14	www.google.com	orca.security go.orca.security www.gstatic.com
14	go.orca.security	orca.security go.orca.security js.qualified.com pi.pardot.com
14	fonts.gstatic.com	fonts.googleapis.com www.google.com
11	app.qualified.com	js.qualified.com app.qualified.com orca.security
9	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com go.orca.security
8	pi.pardot.com	go.orca.security pi.pardot.com orca.security
8	fonts.googleapis.com	orca.security go.orca.security a.omappapi.com
5	a.omappapi.com	www.googletagmanager.com a.omappapi.com orca.security
5	www.googletagmanager.com	orca.security go.orca.security
4	ws.zoominfo.com	orca.security ws-assets.zoominfo.com
3	ws-assets.zoominfo.com	orca.security go.orca.security
2	track.hubspot.com
2	qualified-production.s3.amazonaws.com	orca.security app.qualified.com
2	sp.infinigrow.com	dss6ntp5q2r0o.cloudfront.net
2	ajax.googleapis.com	go.orca.security
2	www.facebook.com	orca.security connect.facebook.net
2	www.google.de	orca.security
2	services.infinigrow.com	ddzuuyx7zj81k.cloudfront.net
2	px.ads.linkedin.com	2 redirects
2	connect.facebook.net	orca.security connect.facebook.net
1	fast.wistia.com	pi.pardot.com
1	dss6ntp5q2r0o.cloudfront.net	ddzuuyx7zj81k.cloudfront.net
1	api.omappapi.com	a.omappapi.com
1	vars.hotjar.com	static.hotjar.com
1	analytics.twitter.com	static.ads-twitter.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	script.hotjar.com	static.hotjar.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	t.co	orca.security
1	googleads.g.doubleclick.net	www.googleadservices.com
1	px4.ads.linkedin.com	orca.security
1	www.linkedin.com	1 redirects
1	js.qualified.com	www.googletagmanager.com
1	www.clickcease.com	orca.security
1	static.hotjar.com	orca.security
1	tracking.g2crowd.com	orca.security
1	www.googleadservices.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	ddzuuyx7zj81k.cloudfront.net	orca.security
1	forms.hsforms.com	js.hsforms.net
1	cdnjs.cloudflare.com	orca.security
1	js.hs-scripts.com	orca.security
1	js.hsforms.net	orca.security
1	maxcdn.bootstrapcdn.com	orca.security
1	links.readitquik.us	1 redirects
0	insiderdata360online.com Failed	orca.security
248	50

This site contains links to these domains. Also see Links.

Domain
orcasecurity.zendesk.com
app.orcasecurity.io
www.datacenterknowledge.com
securityintelligence.com
aws.amazon.com
www.businessinsider.com
beta.darkreading.com
twitter.com
www.linkedin.com
www.youtube.com
www.g2.com
support.orca.security
www.facebook.com

Subject Issuer	Validity	Valid
orca.security Cloudflare Inc ECC CA-3	`2021-07-22` - `2022-07-21`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2021-06-04` - `2022-06-03`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
go.orca.security R3	`2021-06-11` - `2021-09-09`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
*.g2crowd.com Sectigo ECC Domain Validation Secure Server CA	`2020-08-30` - `2021-09-28`	a year	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
js.qualified.com R3	`2021-06-24` - `2021-09-22`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
services.infinigrow.com Amazon	`2021-07-26` - `2022-08-24`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
a.omappapi.com R3	`2021-07-28` - `2021-10-26`	3 months	crt.sh
api.opmnstr.com Amazon	`2021-03-11` - `2022-04-09`	a year	crt.sh
pi.pardot.com DigiCert SHA2 Secure Server CA	`2020-12-05` - `2021-12-04`	a year	crt.sh
sp.infinigrow.com Amazon	`2021-03-25` - `2022-04-23`	a year	crt.sh
app.qualified.com R3	`2021-06-24` - `2021-09-22`	3 months	crt.sh
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-01-11` - `2022-02-11`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2021-06-26` - `2022-06-25`	a year	crt.sh
fast.wistia.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh

This page contains 12 frames:

Primary Page: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Frame ID: FF2B3569AC1DD92D9198CAC92014A7B8
Requests: 162 HTTP requests in this frame

Frame: https://go.orca.security/l/898611/2020-12-11/2vsl
Frame ID: A237E2B1B2CD315073579332B6E33EC4
Requests: 14 HTTP requests in this frame

Frame: https://go.orca.security/l/898611/2020-12-11/2vsj
Frame ID: 88339303045467DA502FE6AE332A817B
Requests: 20 HTTP requests in this frame

Frame: https://go.orca.security/l/898611/2020-12-11/2vsj
Frame ID: 0ECD730E3C931588811E88322E7F2BFD
Requests: 18 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Frame ID: DCD3AA31DF0F1D227B0091E49D90A77F
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=normal&cb=lzc6x7rz4pcw
Frame ID: 3A923BC48A012F7B66259738556D2F21
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=normal&cb=e7u858sbhai5
Frame ID: F6EEFBD5AEB43ABFAF13DF0B9F3C86FF
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=normal&cb=wsnbmduonvae
Frame ID: 6BEBCF051DDCB518FFCEC21EC18D1CDD
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=eog28bmjmxx4
Frame ID: A91D9B003B9AB995733384734195E8BF
Requests: 3 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
Frame ID: 62718663FFA40EC22CA93A557F51ED9E
Requests: 10 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=ab7vj0cs3tpl
Frame ID: D1C939CC0C5F569A1772DA1BF270F111
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=n7i05qw00bl1
Frame ID: A88B1AE5D74C4D72B3307A19D6499219
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://links.readitquik.us/els/v2/z9eksRxW0-Sa/VzFSUUtuZ25CQVJkRTg3eUZvSFRvb25pU1I5R3dhekx5c3FLYlZKc2lk... HTTP 302
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

248
Requests

96 %
HTTPS

63 %
IPv6

37
Domains

50
Subdomains

46
IPs

5
Countries

5814 kB
Transfer

15414 kB
Size

5
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://orcasecurity.zendesk.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://app.orcasecurity.io/login
Title: Login

Search URL Search Domain Scan URL

URL: https://www.datacenterknowledge.com/security/report-cloud-security-breaches-surpass-prem-ones-first-time
Title: sharpening their efforts

Search URL Search Domain Scan URL

URL: https://securityintelligence.com/news/over-half-malware-delivered-via-cloud-applications/
Title: compromising cloud applications and assets

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/compliance/shared-responsibility-model/
Title: shared responsibility model

Search URL Search Domain Scan URL

URL: https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12
Title: SolarWinds customers were compromised

Search URL Search Domain Scan URL

URL: https://beta.darkreading.com/omdia/kaseya-hacked-via-authentication-bypass?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Title: customers of Kesaya

Search URL Search Domain Scan URL

URL: https://twitter.com/OrcaSec
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/orca-security/
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/orcasecurity
Title:

Search URL Search Domain Scan URL

URL: https://www.g2.com/products/orca-security/reviews
Title:

Search URL Search Domain Scan URL

URL: https://app.orcasecurity.io/
Title: Login

Search URL Search Domain Scan URL

URL: http://support.orca.security/resources/
Title: Support

Search URL Search Domain Scan URL

URL: http://www.facebook.com/Orca-Security-551725845231220
Title: Facebook-f

Search URL Search Domain Scan URL

URL: http://twitter.com/OrcaSec
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/35573984
Title: Linkedin-in

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCgCyH7xISzQGbpzfnIaWy_w
Title: Youtube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://links.readitquik.us/els/v2/z9eksRxW0-Sa/VzFSUUtuZ25CQVJkRTg3eUZvSFRvb25pU1I5R3dhekx5c3FLYlZKc2lkNXVLS1RFbFdEczdMN3lMR1AvVkxlZmlZWGwrNW1aaWtXSjl1YlNaKytRR0RZV3lxdFFUcW9BQ3BEOEk0eEtQMG89S0 HTTP 302
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 125

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628143715591&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1286465%26time%3D1628143715591%26url%3Dhttps%253A%252F%252Forca.security%252Fresources%252Fblog%252Fcloud-malware-challenges-best-practices%252F%253Fsiteid%253DRIQSITE%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628143715591&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628143715591&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true&e_ipv6=AQLKlycoVxkCPQAAAXsU7YeUbSiTW72W27I-hjxLJsc3FzfxTEilXgOtMiRMWQrc4055oNC7

248 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
orca.security/resources/blog/cloud-malware-challenges-best-practices/
Redirect Chain

http://links.readitquik.us/els/v2/z9eksRxW0-Sa/VzFSUUtuZ25CQVJkRTg3eUZvSFRvb25pU1I5R3dhekx5c3FLYlZKc2lkNXVLS1RFbFdEczdMN3lMR1AvVkxlZmlZWGwrNW1aaWtXSjl1YlNaKytRR0RZV3lxdFFUcW9BQ3BEOEk0eEtQMG89S0
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

633 KB
95 KB

1331ms
1232ms

Document
text/html

162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df9e7523b26f19bbbf9242495b0ff59da0f8c8469b0015096f5a79d8ec165484

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: orca.security
:scheme: https
:path: /resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-type: text/html; charset=UTF-8
cf-ray: 679dd9fd5c9854cf-MAN
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://orca.security/resources/wp-json/>; rel="https://api.w.org/", <https://orca.security/resources/wp-json/wp/v2/posts/4106>; rel="alternate"; type="application/json", <https://orca.security/resources/?p=4106>; rel=shortlink
set-cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d; path=/
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
ki-edge: v=16.1
pragma: no-cache
x-content-type-options: nosniff
x-edge-location-klb: 1
x-kinsta-cache: BYPASS
x-pingback: https://orca.security/resources/xmlrpc.php
server: cloudflare
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

location: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
content-language: en-US
content-length: 0
date: Thu, 05 Aug 2021 06:08:32 GMT
x-envoy-upstream-service-time: 5
server: istio-envoy

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 141 KB
22 KB 34ms
17ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://orca.security
Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 8970380
cdn-cachedat: 2021-04-23 12:06:36
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: aa8dfdbb3012b19901a804376c336a28
cf-ray: 679dda052b9e2c2e-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
729 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 05:42:13 GMT
server: ESF
date: Thu, 05 Aug 2021 06:08:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 06:08:34 GMT

GET
H3-29 200 style.min.css
orca.security/resources/wp-content/themes/astra/assets/css/minified/ 71 KB
12 KB 766ms
739ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/astra/assets/css/minified/style.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef2b6a048828ba900123bc05b019ded3252e9b21260d7402fc9d11a321fb3dc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/astra/assets/css/minified/style.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:47:23 GMT
server: cloudflare
etag: W/"60f18deb-11b63"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0548f3064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 2 KB
552 B 29ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C&display=fallback&ver=3.6.4

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d39e13725b21bae85d8ec5a33e089d49b52ea78390dabf5e426751414499d0f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 06:08:34 GMT
server: ESF
date: Thu, 05 Aug 2021 06:08:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 06:08:34 GMT

GET
H3-29 200 style.min.css
orca.security/resources/wp-includes/css/dist/block-library/ 57 KB
9 KB 738ms
736ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/css/dist/block-library/style.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-e33b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05e92c064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.css
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/css/ 69 KB
10 KB 730ms
727ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50bbb02baec0ea54be304a070a2c6d815f65ee593c04f0fd81f81ee4dc0133e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-11413"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f92d064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 flatpickr.min.css
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 16 KB
3 KB 777ms
774ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

661e00570c65c29528d9ce6ee19e5e9939986716c293def67b07f8b6a191b018

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-3e52"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f92f064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 select2.min.css
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/ 15 KB
2 KB 777ms
774ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-3a75"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f931064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 elementor-icons.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/eicons/css/ 17 KB
4 KB 777ms
773ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e36eaa6e7cebbd4138dfb008ee3d53ab8195f45953b0f4f27d0d8156ab059021

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:34 GMT
server: cloudflare
etag: W/"60f0ad6e-4350"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f937064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 animations.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/animations/ 18 KB
3 KB 729ms
725ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/animations/animations.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/animations/animations.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:37 GMT
server: cloudflare
etag: W/"60f0ad35-4824"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f938064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend-legacy.min.css
orca.security/resources/wp-content/plugins/elementor/assets/css/ 4 KB
918 B 777ms
773ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e5aeaa58ab4c2345953f77e07fbc20578326076a259ed702eea64e077fde675

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:07 GMT
server: cloudflare
etag: W/"60f0acdb-f0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f939064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.css
orca.security/resources/wp-content/plugins/elementor/assets/css/ 115 KB
17 KB 777ms
772ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/css/frontend.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f9c38934fc41ee2a85f1a6e1ad59e96f7f1e73b9b4e653394708715d5ab32c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/css/frontend.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:08 GMT
server: cloudflare
etag: W/"60f0acdc-1cc44"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f93b064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-1480.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 1 KB
770 B 777ms
772ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-1480.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84053d1e000e4ec2e919fc747c16eb16856745bd7cdd0279ff6be2062f365650

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-1480.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:54 GMT
server: cloudflare
etag: W/"60f18fea-467"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f93d064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.css
orca.security/resources/wp-content/plugins/elementor-pro/assets/css/ 237 KB
27 KB 751ms
745ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/css/frontend.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ceaa8c47e55f50794d42966a696f0f35149ffd1560c46eecbca911d6b48d9371

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/css/frontend.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:19 GMT
server: cloudflare
etag: W/"60f0aa17-3b299"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f93e064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 all.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 58 KB
13 KB 777ms
771ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:37 GMT
server: cloudflare
etag: W/"60f0ad71-e7d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f93f064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 v4-shims.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 26 KB
5 KB 777ms
771ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fda3035030d3843c2751dc0da65fb802230ec00a4008aeed83ddddc7b97cbc93

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:39 GMT
server: cloudflare
etag: W/"60f0ad73-684e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f940064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 global.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 36 KB
3 KB 751ms
745ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/global.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71a920e8af6069911a728a6768baf9c58e8f2dcc99599985f36f2110466457a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/global.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:55 GMT
server: cloudflare
etag: W/"60f18feb-9179"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f941064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-403.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 6 KB
1 KB 781ms
775ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-403.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3f972393cbaeb692394b14498f8f9526c5a75480fe6fed1a5d14e83109e0cf4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-403.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 14:26:30 GMT
server: cloudflare
etag: W/"60f19716-190a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f942064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-22.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 8 KB
1 KB 781ms
776ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-22.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f07ba5ad1ac0a01ef6b948f1a2223b2eff4e40f40da24614151b98939b6a5ef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-22.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:55 GMT
server: cloudflare
etag: W/"60f18feb-1eb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f944064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-1240.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 2 KB
816 B 782ms
776ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-1240.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9b993464d1fb9e951a4e9c76d4d560b208604c73fa87c0a61091b5af0ddecec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-1240.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 14:38:20 GMT
server: cloudflare
etag: W/"60f199dc-8ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f945064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-319.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 5 KB
1 KB 757ms
752ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-319.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8725ca355115b2fd4651581ad44a4115ec562fc3ad951c72b7da7f9c8e73051f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-319.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:55 GMT
server: cloudflare
etag: W/"60f18feb-12e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f946064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-76.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 2 KB
903 B 750ms
745ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-76.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

285c3c6ca39b53ee2e65d425a7b26d8d9415a8e15c323aa1d73f3b79496400fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-76.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Wed, 28 Jul 2021 19:17:25 GMT
server: cloudflare
etag: W/"6101ad45-8f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f947064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 sassy-social-share-public.css
orca.security/resources/wp-content/plugins/sassy-social-share/public/css/ 34 KB
10 KB 750ms
745ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

182cab990c2118fcdb18feab5115335e4eb4bc0b38bb30a36c4e73c92b080ea4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:10:04 GMT
server: cloudflare
etag: W/"60f0259c-87d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f948064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 sassy-social-share-svg.css
orca.security/resources/wp-content/plugins/sassy-social-share/admin/css/ 109 KB
35 KB 781ms
776ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/sassy-social-share/admin/css/sassy-social-share-svg.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7369eb7217705e08010dbd6c0ed5433f75e66391ff6f365372381b658b1f1da9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/sassy-social-share/admin/css/sassy-social-share-svg.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:10:08 GMT
server: cloudflare
etag: W/"60f025a0-1b41d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f949064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css2
fonts.googleapis.com/ 7 KB
661 B 25ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat%3Awght%40300%3B400%3B500%3B700&display=swap&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

86e8ec692b64a9bde2291aa1a5f06009bd66b1660584769d704e3ed84b0a875d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 06:08:34 GMT
server: ESF
date: Thu, 05 Aug 2021 06:08:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 06:08:34 GMT

GET
H3-29 200 slick.css
orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/ 2 KB
946 B 795ms
790ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:48 GMT
server: cloudflare
etag: W/"60f0276c-6f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f94a064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 slick-theme.css
orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/ 3 KB
1 KB 796ms
791ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick-theme.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick-theme.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:48 GMT
server: cloudflare
etag: W/"60f0276c-c49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f94b064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 bootstrap.min.css
orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/css/ 141 KB
21 KB 796ms
791ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/css/bootstrap.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/css/bootstrap.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:38 GMT
server: cloudflare
etag: W/"60f02762-235ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f94c064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 style.css
orca.security/resources/wp-content/themes/incubator-child/ 13 KB
3 KB 796ms
791ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/style.css?version&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64380f313f85c6feb17b558f02b5b3d145bbf934a969e012302caac445a1922f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/style.css?version&ver=1.33
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sun, 18 Jul 2021 00:38:51 GMT
server: cloudflare
etag: W/"60f3781b-32df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f94d064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 main.css
orca.security/resources/wp-content/themes/incubator-child/ 118 KB
15 KB 796ms
792ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5da80845be0b787ddf4abd8c116be05e185e3e928c2773d65abb55903e362175

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/main.css?version&ver=1.33
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sun, 18 Jul 2021 00:37:59 GMT
server: cloudflare
etag: W/"60f377e7-1d634"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f94e064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 24 KB
1 KB 41ms
32ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.7.2

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7742176d36a9ea889f4db0a843e62f522ba690a8d514e91dd5aa09eccf7340ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 06:08:34 GMT
server: ESF
date: Thu, 05 Aug 2021 06:08:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 06:08:34 GMT

GET
H3-29 200 fontawesome.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 57 KB
13 KB 796ms
792ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8d00356859998784bda26e1d14f2d981515921b96ded50d5d6f6f0e75bac15c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:38 GMT
server: cloudflare
etag: W/"60f0ad72-e238"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f94f064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 solid.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 669 B
689 B 796ms
792ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ada5259a5ac61a7d68315f7efa6b98d61d2d0478df0545869c880afeaa67dcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:39 GMT
server: cloudflare
etag: W/"60f0ad73-29d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f950064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 brands.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 675 B
687 B 796ms
792ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71008cf308a9bb2a3a3ddaa973f816c0d3a11db5cc9e7bdd5498089423019b3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:37 GMT
server: cloudflare
etag: W/"60f0ad71-2a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f951064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.min.js Show response
orca.security/resources/wp-includes/js/jquery/ 87 KB
31 KB 796ms
792ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/jquery/jquery.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/jquery/jquery.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-15d98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f952064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery-migrate.min.js Show response
orca.security/resources/wp-includes/js/jquery/ 11 KB
4 KB 796ms
793ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/jquery/jquery-migrate.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f953064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 flatpickr.min.js Show response
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 47 KB
14 KB 796ms
793ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe2ac5219992a3608a5c9e2bc4759fac8fb2189b88d7a674d395ff6c435da536

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-bd86"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f954064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 select2.min.js Show response
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/ 69 KB
20 KB 796ms
793ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-114c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f955064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 gtm4wp-form-move-tracker.js Show response
orca.security/resources/wp-content/plugins/duracelltomi-google-tag-manager/js/ 1 KB
724 B 798ms
794ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc71c403dc6113c8597e111a99d6a6a197dd2f2355402f8392ca4812dca57d3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:06:30 GMT
server: cloudflare
etag: W/"60f024c6-5cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f957064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 v4-shims.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/js/ 15 KB
5 KB 798ms
795ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97cf1307c16a437b77b5f7f5c9bc0b985d0745a14be5a279019aca5a3432e264

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:43 GMT
server: cloudflare
etag: W/"60f0ad77-3acf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda05f958064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css2
fonts.googleapis.com/ 7 KB
543 B 22ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 06:08:34 GMT
server: ESF
date: Thu, 05 Aug 2021 06:08:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 06:08:34 GMT

GET
H3-29 200 logo-white.svg
orca.security/static-inc/images/ 6 KB
3 KB 645ms
639ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/logo-white.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b1378138bba66a489a96aa319ed93174ae2e9740c4e0dc6846c5f06d2193fb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/logo-white.svg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:05 GMT
server: cloudflare
etag: W/"60f12119-179c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc99064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 logo.svg
orca.security/static-inc/images/ 6 KB
3 KB 631ms
625ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/logo.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05eee7dd84da8f541a1dfebd89d2a67e8b2322fced4845f991769c1df2d096ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/logo.svg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:05 GMT
server: cloudflare
etag: W/"60f12119-17b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc9a064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 icon-nav-side-scanning.svg
orca.security/static-inc/images/ 917 B
874 B 203ms
198ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-side-scanning.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44da12b1630d2ef003f2375847617620d5f4f7fae60a473b801cf55f15e6f9d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-side-scanning.svg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:05 GMT
server: cloudflare
etag: W/"60f12119-395"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc9b064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 icon-nav-context-aware-security.svg
orca.security/static-inc/images/ 1 KB
911 B 204ms
199ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-context-aware-security.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7c1382f2a55b9cfed948b2a888fe6169dd173219e33ef7ce057ccb002fa93cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-context-aware-security.svg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:04 GMT
server: cloudflare
etag: W/"60f12118-5bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc9c064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 icon-nav-built-in-compliance.svg
orca.security/static-inc/images/ 985 B
893 B 618ms
612ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-built-in-compliance.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfca36025004c1f9a54e8bca2961cd7c2c7d030b9f098b2f8d044e25944b1fdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-built-in-compliance.svg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:04 GMT
server: cloudflare
etag: W/"60f12118-3d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc9d064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 icon-nav-customization.svg
orca.security/static-inc/images/ 2 KB
910 B 644ms
639ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-customization.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15cabbfbc427cf3a6e897a426fa4cfc26d7171ae72763fcccc3d066338f15bf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-customization.svg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:04 GMT
server: cloudflare
etag: W/"60f12118-609"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc9e064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 nav-join-the-program.jpg
orca.security/static-inc/images/ 93 KB
94 KB 612ms
607ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/nav-join-the-program.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d68519a3166f1d5cf914c9e2c228ce1415ecbe40c8630d7d5ce8675fdafb5902

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/nav-join-the-program.jpg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 95526
last-modified: Fri, 16 Jul 2021 15:27:41 GMT
server: cloudflare
etag: "60f1a56d-17526"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 679dda0cbca0064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 nav-join-our-team.jpg
orca.security/static-inc/images/ 147 KB
148 KB 641ms
635ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/nav-join-our-team.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

598e0da49a0d44ca888818a794151e0be9e5a5801d78e53430f451a40d67e661

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/nav-join-our-team.jpg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 150742
last-modified: Fri, 16 Jul 2021 15:27:36 GMT
server: cloudflare
etag: "60f1a568-24cd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 679dda0cbca1064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 nav-download-now.jpg
orca.security/static-inc/images/ 68 KB
68 KB 634ms
629ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/nav-download-now.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96456ea83a2a92121ff46321c0f0ca85237a5fbb1cc6391a7303057226b91529

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/nav-download-now.jpg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 69166
last-modified: Fri, 16 Jul 2021 15:27:36 GMT
server: cloudflare
etag: "60f1a568-10e2e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 679dda0cbca2064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 authorphoto-150x150.jpeg
orca.security/resources/wp-content/uploads/sites/2/ 4 KB
4 KB 612ms
606ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/authorphoto-150x150.jpeg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3afe1773cbb9677bed9327f8f81058a02d8b593b22eb24a40658539bd8a5ead8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/authorphoto-150x150.jpeg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4082
last-modified: Thu, 15 Jul 2021 12:16:52 GMT
server: cloudflare
etag: "60f02734-ff2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 679dda0cbca3064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 footer_badge_aws.svg
orca.security/wp-content/uploads/2021/08/ 45 KB
17 KB 204ms
199ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/08/footer_badge_aws.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8191aac24052007a5eb3dff74bbcde3d14bd1b9eac048a8b781c08e144089f25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/08/footer_badge_aws.svg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 07:11:27 GMT
server: cloudflare
etag: W/"6108ec1f-b499"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbca4064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 footer_badge_iso.svg
orca.security/wp-content/uploads/2021/08/ 33 KB
14 KB 641ms
636ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/08/footer_badge_iso.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c51831a289a042fb47236cc90db37a4d2cdd827d8ba95120de2cb55826e68664

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/08/footer_badge_iso.svg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 07:11:25 GMT
server: cloudflare
etag: W/"6108ec1d-850c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbca6064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 footer_badge_soc.svg
orca.security/wp-content/uploads/2021/08/ 50 KB
21 KB 618ms
612ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/08/footer_badge_soc.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e51cef74e27fe2fbf08417acdaeccb250743a28dc7b82d16ba26560981041e0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/08/footer_badge_soc.svg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 07:11:24 GMT
server: cloudflare
etag: W/"6108ec1c-c80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbca7064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 logo.svg
orca.security/wp-content/uploads/2021/04/ 6 KB
3 KB 191ms
185ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/04/logo.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74706fc3a0764eb273029a2ca83422dd8663978130573095d48f7ed260f28671

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/04/logo.svg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 10:47:52 GMT
server: cloudflare
etag: W/"60f163d8-1709"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbca8064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 569 KB
145 KB 48ms
32ms Script
application/javascript 2606:4700::6811:b649
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b649 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

336032e8b6a0e53594ef6fd0333f2c8f791accdd85de58bfbbbcd134347672af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
via: 1.1 ffa4b37ccdc94a8c62bf6b6414725210.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 477
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 26 Jul 2021 08:58:31 UTC
server: cloudflare
etag: W/"54f88eaced1496c532226765043c50e7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L4ztd7QHYh4IFiC4rJcxxRMFha%2BGpvbmi6zta68ORsFb2DpFVhtMGBZ4ka%2BTyZgOdvFdSOFb4u69wbkKOSAiaYNUmYGvZ2UXcdyoPdiWR8dbzhnt6KO9dOWcHEe%2BOwU7Uj83%2BxGq2x0PuJ9n"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: CD.EJgxkQT0UFVsMcBVdkshUHUGkYwIo
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
cf-ray: 679dda0bcef242d5-FRA
x-amz-cf-id: XHb5UOfsaMSNq8ePI4Mjrztp5HBQ3d9m2pu73qbQt2mmoA1ZKJ5vpw==
x-hs-target-asset: FormsNext/static-5.349/bundles/project_with_deps.js

GET
H3-29 200 style.min.js Show response
orca.security/resources/wp-content/themes/astra/assets/js/minified/ 10 KB
3 KB 179ms
179ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/astra/assets/js/minified/style.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ef0899dadf11eccd489e8aca5ef79eaf9c1caa00f9f1d4d8ad45ff1ed375ccf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/astra/assets/js/minified/style.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:47:23 GMT
server: cloudflare
etag: W/"60f18deb-28d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0c3c29064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.js Show response
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/js/ 9 KB
3 KB 589ms
589ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

205988b80eeedc442aa4ba78fd4bda5b1b139415f3dc88043fc73adcd71cbae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-236e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0c6c4e064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 dynamic-conditions-public.js Show response
orca.security/resources/wp-content/plugins/dynamicconditions/Public/js/ 2 KB
1 KB 201ms
194ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

751d5192326ddefce3e87157f7c9355217cdad7b4a969b5dd3161b4453671389

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:00:00 GMT
server: cloudflare
etag: W/"60f11250-8f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc7b064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 5544741.js Show response
js.hs-scripts.com/ 988 B
881 B 443ms
422ms Script
application/javascript 2606:4700::6811:d4cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/5544741.js?integration=WordPress
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:d4cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c0f298c1006cdf62756f1b7e1dcc9cd946eb6528c4671b3f2dfb892ff76ba5b

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
x-hubspot-correlation-id: 5a5fd902-f6d3-4645-8d50-f7f40259d0b2
x-trace: 2B2BD909FE649FAB56DA992C8D8BB19A136B9BA555000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://orca.security
access-control-max-age: 3600
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 679dda0ccae62bd6-FRA
expires: Thu, 05 Aug 2021 06:09:35 GMT

GET
H3-29 200 sassy-social-share-public.js Show response
orca.security/resources/wp-content/plugins/sassy-social-share/public/js/ 43 KB
11 KB 621ms
613ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afea7d7933d3140b754902ec8d48c7cc0db26b22f5912655b2fb1c1b07429478

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:10:04 GMT
server: cloudflare
etag: W/"60f0259c-ab59"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc7c064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 orca.js Show response
orca.security/resources/wp-content/themes/incubator-child/ 4 KB
2 KB 209ms
202ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/orca.js?version&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9e4a21d7a0dd665ebfe69752a801f9034ee7f4d7e5930cb267b6c48aa3bee31

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/orca.js?version&ver=1.33
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:24 GMT
server: cloudflare
etag: W/"60f02754-10fd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc7d064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 TweenMax.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.14.2/ 99 KB
30 KB 36ms
13ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.14.2/TweenMax.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9019bd99bb2b109f32b62d0439c01e6c9e828bfd160c1e254a5a0d1c7229a4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9147
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 29505
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-18d17"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YWV4PZo4f1b3JhQAQAMe76%2FuIFHqFrppyYRFbpu0ZsvHCPe%2F%2BfPDpurpsFh9tbsEam5tax7fg9eQZJf0kKq8jnsFSg1AzRgAsfcxDsyvzVgvNEltK%2FWezrG%2BRiL5wHbx5ov7yfXO%2FXG3w390eaSbT24P"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 679dda0cbd314abc-FRA
expires: Tue, 26 Jul 2022 06:08:35 GMT

GET
H3-29 200 ScrollMagic.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/ 17 KB
6 KB 623ms
615ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/ScrollMagic.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/ScrollMagic.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:30 GMT
server: cloudflare
etag: W/"60f0275a-4416"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc7e064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 animation.gsap.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 1 KB
1 KB 216ms
209ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.gsap.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbd60db88b56b91e2c6ea79a36224ec46d01be9b58cf87db5176c86681f9270a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.gsap.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:32 GMT
server: cloudflare
etag: W/"60f0275c-508"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc80064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 animation.velocity.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 1 KB
1 KB 214ms
207ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.velocity.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20ffeeb1b6274d88ea1a05f79a414e6bb12189c7516514c75067d081dcd47819

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.velocity.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:32 GMT
server: cloudflare
etag: W/"60f0275c-5b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc81064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 debug.addIndicators.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 7 KB
3 KB 620ms
613ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/debug.addIndicators.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c15402dcdd0b03490883b62681c0d676af10894c7ce55218650d0f3827c6f0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/debug.addIndicators.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:30 GMT
server: cloudflare
etag: W/"60f0275a-1bb8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc82064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.ScrollMagic.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 495 B
690 B 216ms
209ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/jquery.ScrollMagic.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcca65cc24a8fa93b8c1c9b3fdab3c155b5a6c5e6013d1b0aa4e4447c8eec77c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/jquery.ScrollMagic.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:32 GMT
server: cloudflare
etag: W/"60f0275c-1ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc83064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 bootstrap.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/js/ 48 KB
13 KB 204ms
197ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/js/bootstrap.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/js/bootstrap.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:36 GMT
server: cloudflare
etag: W/"60f02760-bf30"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc84064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 iframeResizer.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/ 2 KB
2 KB 209ms
202ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/iframeResizer.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60aad8b6f919b3ac201f9441562712b6b4071e6e2928577910f31ca424ffa397

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/iframeResizer.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:26 GMT
server: cloudflare
etag: W/"60f02756-881"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc85064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 match-height.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/ 3 KB
2 KB 212ms
205ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/match-height.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c76c6456972a640a9057ae6e6ce9099722910ac60e2f31e514a1bf0066d9d64d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/match-height.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:26 GMT
server: cloudflare
etag: W/"60f02756-d55"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc86064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.waypoints.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/waypoints/lib/ 9 KB
3 KB 624ms
617ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/waypoints/lib/jquery.waypoints.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

368daab67b1a5b2b2802edbbac79a2aa4ba992a2ebf9c67b98ad784d8004018c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/waypoints/lib/jquery.waypoints.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:50 GMT
server: cloudflare
etag: W/"60f0276e-2344"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc87064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 slick.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/ 87 KB
16 KB 205ms
199ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0aaa4cf927b0e3631cffbe62f6786810aa65348483cd950e49f634a0881b16b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:48 GMT
server: cloudflare
etag: W/"60f0276c-15b7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc88064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 wp-embed.min.js Show response
orca.security/resources/wp-includes/js/ 1 KB
1 KB 633ms
627ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/wp-embed.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/wp-embed.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-592"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc89064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 webpack-pro.runtime.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/js/ 5 KB
3 KB 624ms
618ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52adbaf8b7004e3e0ef2b06be5492748eeef0bdfbc2d91b4aa3aa7ddd7028703

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:44 GMT
server: cloudflare
etag: W/"60f0aa30-1556"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc8a064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 webpack.runtime.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 631ms
624ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5641645c15c48b3ff5ce52e718563e1d04d18492e552eb126862768327e2855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:25 GMT
server: cloudflare
etag: W/"60f0aced-12a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc8b064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend-modules.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 63 KB
22 KB 647ms
641ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/frontend-modules.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8e1bb6afaee4a9709470e6bc6712a4288aab63eff4a430e75935d0095648bb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/frontend-modules.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:21 GMT
server: cloudflare
etag: W/"60f0ace9-fd92"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc8c064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.sticky.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/lib/sticky/ 6 KB
2 KB 202ms
195ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:36:28 GMT
server: cloudflare
etag: W/"60f0aa5c-19c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc8d064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/js/ 58 KB
16 KB 625ms
619ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

785c1179e9138a30fccbcd502d81ad2920049a12fd3d83fae433052e9be4c62f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:36 GMT
server: cloudflare
etag: W/"60f0aa28-e60d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc8e064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 waypoints.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 638ms
631ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:53 GMT
server: cloudflare
etag: W/"60f0ad45-2fa6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc90064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 core.min.js Show response
orca.security/resources/wp-includes/js/jquery/ui/ 20 KB
7 KB 634ms
628ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/jquery/ui/core.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/jquery/ui/core.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-5133"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc91064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 swiper.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/swiper/ 136 KB
36 KB 630ms
624ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:51 GMT
server: cloudflare
etag: W/"60f0ad43-21f91"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc92064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 share-link.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/share-link/ 3 KB
1 KB 635ms
629ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a7ee62eb33f3bbb66c2151e5cac6bf4904e28302efc36128f3e3ccae6fde580

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:49 GMT
server: cloudflare
etag: W/"60f0ad41-a12"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc93064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 dialog.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/dialog/ 11 KB
4 KB 633ms
627ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2989e0b9e836cb9de3274d641ec6a58c2052f039e790ddd59b22303930bfdeeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:39 GMT
server: cloudflare
etag: W/"60f0ad37-2a6f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc94064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 66 KB
20 KB 644ms
639ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/frontend.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17f076500dca787c42b1dd6238ce50a0752771eafd040e8512c713a7ec947c65

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/frontend.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:21 GMT
server: cloudflare
etag: W/"60f0ace9-1086a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc95064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 preloaded-elements-handlers.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/js/ 160 KB
39 KB 625ms
619ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

897ebbdf379aeb2c751275f083d298f15b094902c6bd6a66405ffb0604c64124

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:41 GMT
server: cloudflare
etag: W/"60f0aa2d-27e8a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc96064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 preloaded-modules.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 57 KB
17 KB 620ms
615ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d882dbd828af87ed3434862bf608a2dee6d347817ae547421c9b2051ce29a905

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:23 GMT
server: cloudflare
etag: W/"60f0aceb-e2e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc97064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 scripts.min.js Show response
orca.security/static-inc/js/ 374 KB
100 KB 640ms
635ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/static-inc/js/scripts.min.js?ver=1.0

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9703acf1b9ace4e69669e5472063f067cfaf6eba3dff61ec47b95db163a3158

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/js/scripts.min.js?ver=1.0
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:17:23 GMT
server: cloudflare
etag: W/"60f12473-5d9e1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cbc98064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 169 KB
60 KB 40ms
34ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7f9dec7f9dab0753e8ef7f30914bce6e3881799d4b3f3971b31b1d11495ffaae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61084
x-xss-protection: 0
expires: Thu, 05 Aug 2021 06:08:35 GMT

GET
H2 200 KoeEOMZRk0HPEBurl41R Show response
ws.zoominfo.com/pixel/ 0
490 B 184ms
162ms Script
text/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/KoeEOMZRk0HPEBurl41R

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 679dda0ccd8f2bad-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
content-length: 0

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 122 KB
40 KB 91ms
63ms Script
application/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 3027
x-guploader-uploadid: ADPycdtQQ6zxHuD0tP-GTqu_3sb0lSAu5_wRXWOzhAHpaXrn9U-p5Ys_EnN5CDdXe10cxEICLdAPw3n33z8pnyXBsg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Wed, 14 Jul 2021 10:39:08 GMT
server: cloudflare
etag: W/"1e1e37b752fd19a94113b3725ef35506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EP8N2g==, md5=Hh43t1L9GalBE7NyXvNVBg==
x-goog-generation: 1626259148350866
cache-control: public, max-age=3600
x-goog-stored-content-length: 124580
cf-ray: 679dda0cc9701f39-FRA
expires: Thu, 05 Aug 2021 06:18:08 GMT

GET
DATA 200
OK truncated
/ 219 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34b499c3bed76acb12665df0c8b65d14bac3ee6161e420a9403bd694be549e78

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 682 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c2e8b4fba49f90cfca5a43371c09879aed7447e0ba2ed4abd75b81448776c4f7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 425 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 54c9560cb0117d8d1f955aefe0f88b843517964e118512d8f1a224a8a9b662f4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 302 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b980f62a2d545d64f24e6f96902c8fbf5da0018569c369bc18f9e5b5fcf099ed

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H3-29 200 rings-small.png
orca.security/resources/wp-content/themes/incubator-child/images/ 13 KB
13 KB 611ms
610ms Image
image/png 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/images/rings-small.png

Requested by

Host: orca.security
URL: https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f57f8ab879288c31393c0234a10d05b7b8955999a0192d4b17d4bf6c4769a18

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/images/rings-small.png
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 13301
last-modified: Thu, 15 Jul 2021 12:17:26 GMT
server: cloudflare
etag: "60f02756-33f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 679dda0cdcbb064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v16/ 20 KB
20 KB 8ms
5ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v16/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat%3Awght%40300%3B400%3B500%3B700&display=swap&ver=1.33

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 18:40:08 GMT
x-content-type-options: nosniff
age: 127707
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20040
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 18:15:54 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 18:40:08 GMT

GET
H2 200 xn7gYHE41ni1AdIRggexSg.woff2
fonts.gstatic.com/s/manrope/v4/ 22 KB
22 KB 10ms
8ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/manrope/v4/xn7gYHE41ni1AdIRggexSg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a41d60f8ac48aafcddd891ddebb318735c5684c4d8c8971f2a236233f89fc3be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 01:26:03 GMT
x-content-type-options: nosniff
age: 189752
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22788
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 21:57:26 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 01:26:03 GMT

GET
H3-29 200 orca.ttf
orca.security/fonts/ 2 KB
2 KB 598ms
596ms Font
application/x-font-ttf 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/fonts/orca.ttf?vhq0nq

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb0772532e523b486ea3419e8de8a9a40a0f632bf85ddf21f0d8753427972280

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://orca.security
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
:path: /fonts/orca.ttf?vhq0nq
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://orca.security
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:28:50 GMT
server: cloudflare
etag: W/"60f12722-940"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 679dda0cdcbf064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 fa-solid-900.woff2
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 78 KB
79 KB 617ms
616ms Font
application/font-woff2 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2

Requested by

Host: orca.security
URL: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://orca.security
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: orca.security
referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://orca.security
Referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 80300
last-modified: Thu, 15 Jul 2021 21:49:47 GMT
server: cloudflare
etag: "60f0ad7b-139ac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 679dda0cdcc0064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 fa-brands-400.woff2
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 77 KB
77 KB 608ms
606ms Font
application/font-woff2 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2

Requested by

Host: orca.security
URL: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://orca.security
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: orca.security
referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://orca.security
Referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 78460
last-modified: Thu, 15 Jul 2021 21:49:45 GMT
server: cloudflare
etag: "60f0ad79-1327c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 679dda0cdcc1064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 18:26:24 GMT
x-content-type-options: nosniff
age: 214931
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Aug 2022 18:26:24 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v27/ 17 KB
17 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.7.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 19:20:02 GMT
x-content-type-options: nosniff
age: 211713
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17304
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Aug 2022 19:20:02 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
16 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 12:00:01 GMT
x-content-type-options: nosniff
age: 151714
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 12:00:01 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 16 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 17:17:27 GMT
x-content-type-options: nosniff
age: 132668
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 17:17:27 GMT

GET
H3-29 200 KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2
fonts.gstatic.com/s/roboto/v27/ 17 KB
17 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a938256d2de59b044f8ca7c7aa0c788ed2ffa9a48bf0e3930a5830c4298f509

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:01:00 GMT
x-content-type-options: nosniff
age: 144455
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17380
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:45 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 14:01:00 GMT

GET
H3-29 200 ORC03296_Graphic-Request_Malware-Blog_1200x628_R3V2.jpg
orca.security/resources/wp-content/uploads/sites/2/ 419 KB
420 KB 182ms
181ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/ORC03296_Graphic-Request_Malware-Blog_1200x628_R3V2.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be29174d2fe6ed8aad6c27420ce60f754419d072bfb1603ffa20626463295a57

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/ORC03296_Graphic-Request_Malware-Blog_1200x628_R3V2.jpg
pragma: no-cache
cookie: PHPSESSID=1ba8529bcec767bcafc77c8ae8b6198d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 429292
last-modified: Thu, 15 Jul 2021 12:15:52 GMT
server: cloudflare
etag: "60f026f8-68cec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 679dda0d6d08064c-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.0 200
OK Cookie set 2vsl Show response
go.orca.security/l/898611/2020-12-11/ Frame A237 6 KB
3 KB 826ms
486ms Document
text/html 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 3b8445ffccb8367866ab9a95af5439a7faffcb30a67e7902324192a6059b056a

Request headers

Host: go.orca.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Date: Thu, 05 Aug 2021 06:08:35 GMT
Set-Cookie: pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id898611=585125474; expires=Sun, 03-Aug-2031 06:08:36 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id898611-hash=e2a5155e6406851a7c97daa46e2fab2c91643cc7b2cdea755792e2e5be9ccc63f570a5ef2155410f990504580c394cfc5acf6eba; expires=Sun, 03-Aug-2031 06:08:36 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pardot-Rsp: 16/34/156
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 2231
Content-Type: text/html; charset=utf-8
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
Server: PardotServer
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Connection: keep-alive

GET
H/1.0 200
OK Cookie set 2vsj Show response
go.orca.security/l/898611/2020-12-11/ Frame 8833 28 KB
9 KB 625ms
284ms Document
text/html 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 5b650b79e0be51cb31213cfe3a6576941044fd10b367ee0d0c73a05580e9fcf3

Request headers

Host: go.orca.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Date: Thu, 05 Aug 2021 06:08:35 GMT
Set-Cookie: pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id898611=585125468; expires=Sun, 03-Aug-2031 06:08:35 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id898611-hash=08459ecb6b6dfaed2f8a2bec7d30dda408de0e1e7012d2dc3d764e408e4e13cedfa12b8e8404454e3bba5d387ae2105133718b9c; expires=Sun, 03-Aug-2031 06:08:35 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pardot-Rsp: 16/70/208
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 7987
Content-Type: text/html; charset=utf-8
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
Server: PardotServer
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Connection: keep-alive

GET
H/1.0 200
OK Cookie set 2vsj Show response
go.orca.security/l/898611/2020-12-11/ Frame 0ECD 28 KB
9 KB 783ms
479ms Document
text/html 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 5b650b79e0be51cb31213cfe3a6576941044fd10b367ee0d0c73a05580e9fcf3

Request headers

Host: go.orca.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Date: Thu, 05 Aug 2021 06:08:35 GMT
Set-Cookie: pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id898611=585125476; expires=Sun, 03-Aug-2031 06:08:36 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id898611-hash=356d0b4f82d1f1ad6873a7cc8fdcb53952d8811572de0b92f6598e8fa91f281b75d44262f84b3a5c190c64e882278a7ae90f4c19; expires=Sun, 03-Aug-2031 06:08:36 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pardot-Rsp: 16/80/8
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 7987
Content-Type: text/html; charset=utf-8
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
Server: PardotServer
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Connection: keep-alive

GET
H2 403 getMapping Show response
ws.zoominfo.com/form-complete/ 26 B
182 B 150ms
150ms XHR
application/json 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/form-complete/getMapping?formId=wymcNktFMIhtz4zMJ4Cn

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

d9fd9e2d2293c369f4aa2abe2dcdee1ff7135ceb33f12cdfab98a348bf9ac455

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
via: 1.1 google
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://orca.security
access-control-allow-credentials: true
cf-ray: 679dda0dcf922bad-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
etag: W/"1a-6NuuSjmV14w26uMjJ2AMk7q0aZk"

GET
H2 200 03772d1e-aef0-4e74-a117-9f4ee3b9e51c Show response
forms.hsforms.com/embed/v3/form/5544741/ 6 KB
2 KB 139ms
123ms Script
application/javascript 2606:4700::6810:5705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/5544741/03772d1e-aef0-4e74-a117-9f4ee3b9e51c?callback=hs_reqwest_0&hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5705 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7428c33bbf1f01ba9161ed486e9d6a3400782fbd4b6629b3e33a7004924e02fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 7a7cc8e3-2dad-4c54-8e7e-b62048fce176
content-disposition: attachment; filename=no-rfd.txt
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
x-trace: 2BA5DD25E316197DE122DDEC0E5DB10C44D33707BC000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 679dda0e0d511f11-FRA

GET
H2 200 attributionSnippet.js Show response
ddzuuyx7zj81k.cloudfront.net/1.0.0/ 6 KB
2 KB 51ms
12ms Script
application/javascript 2600:9000:2190:ea00:8:8d2f:9e00:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:ea00:8:8d2f:9e00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7fc2adee3e43f35ce8e32c26f8d8cc18c647e98f5d82106937a981db839897d5

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: byeHX812S_yqEUlWJThDSpvTDsdImXfO
content-encoding: gzip
last-modified: Mon, 07 Dec 2020 13:24:02 GMT
server: AmazonS3
age: 36038
etag: W/"095ed9e012f89a607e757ca1e6ae6cec"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
date: Wed, 04 Aug 2021 20:07:58 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: XgO_yhJE8x9KyHPp5y5sUhnbe0O_-5ybDimBZYilMWK_cvWgjsffLg==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 21ms
6ms Script
application/x-javascript 2a02:26f0:6c00:2bb::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2bb::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:35 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Jun 2021 01:25:13 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=64061
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2079

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 3294
date: Thu, 05 Aug 2021 05:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 05 Aug 2021 07:13:41 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 26ms
9ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a53ea60fbea6cb1775430998564d5f295aba7d3bfe548a0ba79aa2a049aba839

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
via: 1.1 varnish
last-modified: Mon, 12 Jul 2021 21:25:31 GMT
age: 21683
etag: "65cf0c0ceb852397f0d1e6732cd3c533+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1958
x-timer: S1628143716.545080,VS0,VE0
x-served-by: cache-fra19155-FRA

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 39ms
16ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13910
x-xss-protection: 0
server: cafe
etag: 8154934153164151798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 05 Aug 2021 06:08:35 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25944
x-xss-protection: 0
pragma: public
x-fb-debug: QiF1mNCHLd1zLd9PgFNBKSNKwj98us+KK+OXn4DXwWNkd6grcbc+1QRi6ifwygbtW4vINsscWsAOwf51f3Oc9g==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
date: Thu, 05 Aug 2021 06:08:35 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 3724.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 191ms
170ms Script
text/javascript 2606:4700::6812:1bbe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/3724.js?p=https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE&e=

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1bbe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 37ad7264-d42a-4006-bf99-c0771d57aa42
x-runtime: 0.009093
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-ray: 679dda0e2c244e7f-FRA

GET
H2 200 hotjar-1785482.js Show response
static.hotjar.com/c/ 4 KB
2 KB 129ms
66ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1785482.js?sv=6

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-96-91.zrh50.r.cloudfront.net

Software

Resource Hash

a984c620b66fd1ff8082247cd7d7d57a4267c7d46049bde2326dc1309bcdcdce

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: ZRH50-C1
etag: W/4416043e5c0aec8e643cb85bf5fd123a
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
content-length: 2041
via: 1.1 8455bcb2c0203b0c4ee93b610d75e69b.cloudfront.net (CloudFront)
x-amz-cf-id: o4Vme5A1HzETOmomDVz-JQ1O6kl9qKmnVOejM7FBnhtPiR8wfHqXZA==

GET
H2 200 stat.js Show response
www.clickcease.com/monitor/ 68 KB
25 KB 36ms
20ms Script
application/javascript 2606:4700:20::ac43:4470
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.clickcease.com/monitor/stat.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4470 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9335a3578fbb78eba8922527950b8773e21ebc2d28e6f72ce9d223094bfdbdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 586140
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
strict-transport-security: max-age=31536000
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 14 Mar 2021 09:24:44 GMT
server: cloudflare
x-frame-options: sameorigin
etag: W/"10eb4-5bd7bb41f7cc3-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1728000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B79P%2F83XulitDlfsYCL6mgi0ye1u1jE19IXxd%2BfjGx5Q2%2BFg66aThu3Vl4X%2FdZUJ7emTGEbHS0h3rcRSPWBfKn4zlyjRgqB9R8v1uhzhTdQ6s4jWe5uMfutOwkjDpSFMH8nPZzCaL6JtIBJNKrZlhU8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding,User-Agent
cache-control: max-age=2678400
access-control-allow-credentials: true
cf-ray: 679dda0e28204e7a-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,C$
expires: Sat, 28 Aug 2021 11:19:35 GMT

GET
H/1.1 200
OK qualified.js Show response
js.qualified.com/ 222 KB
66 KB 377ms
123ms Script
text/javascript 54.226.239.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=gndr1NireXGRNRuC

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.226.239.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

nginx /

Resource Hash

91dbec0f4e07b605763f34157768eae027d683004a5200638e1153600927c575

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:35 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Xss-Protection: 1; mode=block
X-Request-Id: ff93ab97-5b22-c5a4-d282-ff44ccb01f4a
X-Runtime: 0.013186
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"91dbec0f4e07b605763f34157768eae0"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Via: 1.1 spaces-router (020d7643da32)
Cache-Control: max-age=0, private, must-revalidate

GET platform.js
insiderdata360online.com/service/ 0
0

GET
H3-29 200 js Show response
www.google-analytics.com/gtm/ 99 KB
39 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=OPT-PWBBWC3&t=gtm4&cid=1656837360.1628143716

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6ea89c32d32523058b169bb16b29b3db768f110270eaa9ee459a40d590358fc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40091
x-xss-protection: 0
expires: Thu, 05 Aug 2021 06:08:35 GMT

GET
H3-29 200 208134170283065 Show response
connect.facebook.net/signals/config/ 253 KB
72 KB 54ms
47ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/208134170283065?v=2.9.44&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e0e5bde2976de971453ff399dd44a574f999ff6cca7c6dec94991b07e94d477

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: XSD/aICWo8jL1cChisi9SbdNBq7U540vAuCBgdHtvM07QAzVzSJ41kUo/eVjq4fR1F+zCqYJb8E4N014eV6ifA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 05 Aug 2021 06:08:35 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628143715591&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1286465%26time%3D1628143715591%26url%3Dhttps%253A%252F%252Forca.security%252Freso...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628143715591&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSy...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628143715591&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liS...

0
155 B

340ms
144ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628143715591&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true&e_ipv6=AQLKlycoVxkCPQAAAXsU7YeUbSiTW72W27I-hjxLJsc3FzfxTEilXgOtMiRMWQrc4055oNC7
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: m4OdfRVUmBbQ5p0RqisAAA==

Redirect headers

date: Thu, 05 Aug 2021 06:08:36 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628143715591&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true&e_ipv6=AQLKlycoVxkCPQAAAXsU7YeUbSiTW72W27I-hjxLJsc3FzfxTEilXgOtMiRMWQrc4055oNC7
x-li-proto: http/2
x-li-pop: prod-eda6
content-length: 0
x-li-uuid: 079MaRVUmBaQqJmPBCsAAA==

POST
H2 200 setcookie2 Show response
services.infinigrow.com/ 15 B
849 B 555ms
483ms Fetch
application/json 13.224.96.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://services.infinigrow.com/setcookie2
Requested by: Host: ddzuuyx7zj81k.cloudfront.net
URL: https://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-100.zrh50.r.cloudfront.net
Software: /
Resource Hash: a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
via: 1.1 d7147e532e5cf73689fcb39fa760bcf3.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amzn-requestid: b4294ad1-4012-4879-a16a-b49a1efc7fe7
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: https://orca.security
x-amzn-trace-id: Root=1-610b8064-7ea663a26b7dbb5c369c94c2;Sampled=0
access-control-allow-credentials: true
x-amz-apigw-id: DlD_wG39PHcFdaQ=
content-length: 15
x-amz-cf-id: lEy0nBcRpuBOBZ9772YXEdN9Bbo9y4BKjbaBP8S_kAZXeM8Ltg5D6A==

OPTIONS
H2 204 setcookie2
services.infinigrow.com/ Frame 0
0 569ms
477ms Preflight 13.224.96.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://services.infinigrow.com/setcookie2
Protocol: H2
Server: 13.224.96.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-100.zrh50.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://orca.security
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
x-amzn-requestid: 03487c91-6aa5-4d10-a3c5-7e4df99e4146
access-control-allow-origin: https://orca.security
access-control-allow-headers: Origin,Content-Length,Content-Type
x-amz-apigw-id: DlD_qGatvHcFhKw=
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD
x-amzn-trace-id: Root=1-610b8064-05ba93f90956ada94738ef3f;Sampled=0
access-control-max-age: 43200
access-control-allow-credentials: true
x-cache: Miss from cloudfront
via: 1.1 c76347c8ef1f3a2b6fb69cd7d1c6f749.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 0rMDPTv8aL-JOXbzx9791lJV0EXXALAkROkWxiu7ndSm5JjVP84IaA==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/653025264/ 2 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/653025264/?random=1628143715594&cv=9&fst=1628143715594&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg840&sendb=1&ig=1&frm=0&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&tiba=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7e6e40531454a93362ca8a1c5a4e7a33cbfa76371bfee888b88933332f5c5cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1077
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
454 B 151ms
120ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.1&p_id=Twitter&p_user_id=0&txn_id=o4qyy&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 05 Aug 2021 06:08:35 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 029bbacafdfa4b00f61d58fa3a798e536bdac2a17a0f7f302c62ec3f8744ebf3
x-transaction: 1e8fd4c851963122
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=631084072&t=pageview&_s=1&dl=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&ul=en-us&de=UTF-8&dt=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEADQAAAAC~&jid=920720383&gjid=185247088&cid=1656837360.1628143716&tid=UA-141329870-1&_gid=1400043426.1628143716&_r=1&gtm=2wg840MFH8KTP&z=31612279

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 06:08:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://orca.security
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/653025264/ 42 B
324 B 17ms
17ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/653025264/?random=1628143715594&cv=9&fst=1628143200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg840&sendb=1&frm=0&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&tiba=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&async=1&fmt=3&is_vtc=1&random=3015210945&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 06:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/653025264/ 42 B
154 B 44ms
24ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/653025264/?random=1628143715594&cv=9&fst=1628143200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg840&sendb=1&frm=0&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&tiba=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&async=1&fmt=3&is_vtc=1&random=3015210945&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 06:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
88 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-141329870-1&cid=1656837360.1628143716&jid=920720383&gjid=185247088&_gid=1400043426.1628143716&_u=aGDAAEACQAAAAC~&z=1865073317

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 05 Aug 2021 06:08:35 GMT
content-type: text/plain
access-control-allow-origin: https://orca.security
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 17ms
16ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-141329870-1&cid=1656837360.1628143716&jid=920720383&_u=aGDAAEACQAAAAC~&z=1155189057

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 06:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
522 B 17ms
17ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-141329870-1&cid=1656837360.1628143716&jid=920720383&_u=aGDAAEACQAAAAC~&z=1155189057

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 06:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.7cb32ca5fc09d90486d4.js Show response
script.hotjar.com/ 221 KB
59 KB 97ms
33ms Script
application/javascript 13.224.96.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.7cb32ca5fc09d90486d4.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1785482.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-96-104.zrh50.r.cloudfront.net

Software

Resource Hash

cc33742f4eab551d4e76af8a2da85c3d2304d8252171d16a3e56207c0c073e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 10:44:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 242670
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59482
access-control-allow-origin: *
last-modified: Mon, 02 Aug 2021 10:43:09 GMT
etag: "e6f555ee598c867e151cb33c3be24c8f"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: rNm3Lw1LPCms2R12G1yWgtlGxmzPupV5emI7JrQLgtwskm8TmBuU9A==

GET
H2 200 /
www.facebook.com/tr/ 44 B
251 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=208134170283065&ev=PageView&dl=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&rl=&if=false&ts=1628143715673&sw=1600&sh=1200&v=2.9.44&r=stable&ec=0&o=30&fbp=fb.1.1628143715672.1739086629&it=1628143715589&coo=false&rqm=GET

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Thu, 05 Aug 2021 06:08:35 GMT

GET
H2 200 5544741.js Show response
js.hs-analytics.net/analytics/1628143500000/ 62 KB
20 KB 166ms
150ms Script
text/javascript 2606:4700::6811:46b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1628143500000/5544741.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5544741.js?integration=WordPress
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:46b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f25bf2d1b5903b70c1c7bdd0164cd286a3854b4e963d2a00382bcb91faee853a

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 0TXNEVEPPVYVW67D
x-amz-server-side-encryption: AES256
cf-ray: 679dda1029c80631-FRA
x-amz-id-2: hDsf4czE85sceuyy2qp1u3uYRUVR7dNLA7StVkbuVBg7dgJ1lJ4S9IjP2L1w+UGrEv8RatMS2EU=
last-modified: Mon, 19 Jul 2021 15:12:57 GMT
server: cloudflare
etag: W/"78a248225b68495c056b0f9ae16d10b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Thu, 05 Aug 2021 06:13:35 GMT

GET
H2 200 5544741.js Show response
js.hs-banner.com/ 60 KB
16 KB 396ms
380ms Script
text/javascript 2606:4700::6812:15bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/5544741.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5544741.js?integration=WordPress
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13a16fa0e2ba101a24f92ce030067384bf8a08838e8988796626af25a2712ad2

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: E8XEFSGS0BEY73TK
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: mB306T0kwTXj7pgVNwVu9r7FiQy+tYVW56U9gYvwMdC9U1Bw9FUV5cn3345Y76gZRF8wsU4W1DQ=
timing-allow-origin: *
last-modified: Wed, 14 Jul 2021 15:14:57 GMT
server: cloudflare
etag: W/"cc7f3dfb670857209dbca0ce79c7e799"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: qAvWVl6x2g8s03_33QOoTm4URsvipXAG
access-control-allow-origin: https://orca.security
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 679dda10293f4a6d-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Thu, 05 Aug 2021 06:13:36 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ Frame 8833 94 KB
33 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 05:48:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1211
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33576
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Aug 2022 05:48:25 GMT

GET
H3-29 200 css2
fonts.googleapis.com/ Frame 8833 7 KB
543 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 06:08:36 GMT
server: ESF
date: Thu, 05 Aug 2021 06:08:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 06:08:36 GMT

GET
H/1.1 200
OK form.css
go.orca.security/css/ Frame 8833 31 KB
8 KB 111ms
110ms Stylesheet
text/css 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/css/form.css?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:36 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified: Wed, 04 Aug 2021 13:29:24 GMT
Server: PardotServer
ETag: "7be2-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 7660
Expires: Sat, 05 Aug 2023 06:08:36 GMT

GET
H/1.1 200
OK piUtils.js Show response
go.orca.security/js/ Frame 8833 341 KB
99 KB 232ms
121ms Script
application/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/js/piUtils.js?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:36 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified: Wed, 04 Aug 2021 13:29:25 GMT
Server: PardotServer
ETag: "55586-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Sat, 05 Aug 2023 06:08:36 GMT

GET
H3-29 200 api.js Show response
www.google.com/recaptcha/ Frame 8833 850 B
574 B 16ms
15ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b91bca177cd45dfc501b5e808b9c46c643596282dd69202f192d3a515678e9e3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 553
x-xss-protection: 1; mode=block
expires: Thu, 05 Aug 2021 06:08:36 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame 8833 105 KB
40 KB 35ms
21ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7f2c118d33b7a0cc1824d4a0f6cbeba99b36fd7471dba921c4e74396a8d1667a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40703
x-xss-protection: 0
expires: Thu, 05 Aug 2021 06:08:36 GMT

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ Frame 8833 122 KB
41 KB 142ms
142ms Script
application/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 312
x-guploader-uploadid: ADPycdv1apJH3DgXdSvtWnhEWyeAkAUvELfN-cw0m3OfCz3kXMQRBoladsJuTNqGouyTUl-7Hlb0BT8_0tBrsNm-IXJDmggoxg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Wed, 14 Jul 2021 10:39:08 GMT
server: cloudflare
etag: W/"1e1e37b752fd19a94113b3725ef35506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EP8N2g==, md5=Hh43t1L9GalBE7NyXvNVBg==
x-goog-generation: 1626259148350866
cache-control: public, max-age=3600
x-goog-stored-content-length: 124580
cf-ray: 679dda1249c11f39-FRA
expires: Thu, 05 Aug 2021 07:03:24 GMT

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 6ms
6ms Ping
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryOCXSA9YpAxe6KxWR

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Thu, 05 Aug 2021 06:08:36 GMT
content-type: text/plain
access-control-allow-origin: https://orca.security
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame 8833 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 3295
date: Thu, 05 Aug 2021 05:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 05 Aug 2021 07:13:41 GMT

GET conversion_async.js
www.googleadservices.com/pagead/ Frame 8833 0
0

GET
H/1.1 200
OK form.css
go.orca.security/css/ Frame A237 31 KB
8 KB 104ms
103ms Stylesheet
text/css 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/css/form.css?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:36 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified: Wed, 04 Aug 2021 13:29:24 GMT
Server: PardotServer
ETag: "7be2-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 7660
Expires: Sat, 05 Aug 2023 06:08:36 GMT

GET
H/1.1 200
OK piUtils.js Show response
go.orca.security/js/ Frame A237 341 KB
99 KB 112ms
111ms Script
application/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/js/piUtils.js?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:36 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified: Wed, 04 Aug 2021 13:29:25 GMT
Server: PardotServer
ETag: "55586-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Sat, 05 Aug 2023 06:08:36 GMT

GET
H3-29 200 api.js Show response
www.google.com/recaptcha/ Frame A237 850 B
574 B 16ms
16ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b91bca177cd45dfc501b5e808b9c46c643596282dd69202f192d3a515678e9e3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 553
x-xss-protection: 1; mode=block
expires: Thu, 05 Aug 2021 06:08:36 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame A237 105 KB
40 KB 19ms
18ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1fca93a07ea41f4c06f69e767c8defabe3dd38df306e41f6a4a98518112c5f09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40706
x-xss-protection: 0
expires: Thu, 05 Aug 2021 06:08:36 GMT

GET
H3-29 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ Frame 0ECD 94 KB
33 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 05:48:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1211
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33576
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Aug 2022 05:48:25 GMT

GET
H3-29 200 css2
fonts.googleapis.com/ Frame 0ECD 7 KB
543 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 06:08:36 GMT
server: ESF
date: Thu, 05 Aug 2021 06:08:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 06:08:36 GMT

GET
H/1.1 200
OK form.css
go.orca.security/css/ Frame 0ECD 31 KB
8 KB 107ms
106ms Stylesheet
text/css 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/css/form.css?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:36 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified: Wed, 04 Aug 2021 13:29:24 GMT
Server: PardotServer
ETag: "7be2-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 7660
Expires: Sat, 05 Aug 2023 06:08:36 GMT

GET
H/1.1 200
OK piUtils.js Show response
go.orca.security/js/ Frame 0ECD 341 KB
99 KB 215ms
113ms Script
application/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/js/piUtils.js?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:36 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified: Wed, 04 Aug 2021 13:29:25 GMT
Server: PardotServer
ETag: "55586-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Sat, 05 Aug 2023 06:08:36 GMT

GET
H3-29 200 api.js Show response
www.google.com/recaptcha/ Frame 0ECD 850 B
574 B 15ms
14ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b91bca177cd45dfc501b5e808b9c46c643596282dd69202f192d3a515678e9e3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 553
x-xss-protection: 1; mode=block
expires: Thu, 05 Aug 2021 06:08:36 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame 0ECD 105 KB
40 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6ab62a4ad842886cbbb19d267d745bf8c54f0b218f828e730c49640070a8a11a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40704
x-xss-protection: 0
expires: Thu, 05 Aug 2021 06:08:36 GMT

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ Frame 0ECD 122 KB
40 KB 47ms
46ms Script
application/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 3028
x-guploader-uploadid: ADPycdtQQ6zxHuD0tP-GTqu_3sb0lSAu5_wRXWOzhAHpaXrn9U-p5Ys_EnN5CDdXe10cxEICLdAPw3n33z8pnyXBsg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Wed, 14 Jul 2021 10:39:08 GMT
server: cloudflare
etag: W/"1e1e37b752fd19a94113b3725ef35506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EP8N2g==, md5=Hh43t1L9GalBE7NyXvNVBg==
x-goog-generation: 1626259148350866
cache-control: public, max-age=3600
x-goog-stored-content-length: 124580
cf-ray: 679dda13bc461f39-FRA
expires: Thu, 05 Aug 2021 06:18:08 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
659 B 155ms
124ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.1&p_id=Twitter&p_user_id=0&txn_id=o4qyy&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 05 Aug 2021 06:08:36 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: b42a60acb796c8f96a990a729da314870d6d84c003102f4b460c45e2788ad51f
x-transaction: 43d4af3487a80d3d
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 205 KB
57 KB 92ms
41ms Script
application/javascript 185.59.220.194
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.59.220.194 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-713.bunnyinfra.net
Software: BunnyCDN-DE1-713 /
Resource Hash: 9b528d20480c531315ae34b2941b0f98e9727df6e7e8d057e599174df79c0dbd

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: br
cdn-edgestorageid: 755
perma-cache: HIT
cdn-storageserver: DE-169
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-07-29 03:01:50
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
last-modified: Thu, 29 Jul 2021 03:01:14 GMT
server: BunnyCDN-DE1-713
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control: public, max-age=31919000
cdn-requestid: a94ac4ca58a0bc571efd7d9ab0867191
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 getMapping Show response
ws.zoominfo.com/form-complete/ Frame 8833 814 B
644 B 145ms
145ms XHR
application/json 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/form-complete/getMapping?formId=wymcNktFMIhtz4zMJ4Cn

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

08dbb435439815752ce09bfc9581b9085db9c9a66095bf5062b1c5c8adc08031

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
via: 1.1 google
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.orca.security
access-control-allow-credentials: true
cf-ray: 679dda13baca2bad-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
etag: W/"32e-56y0x/xolG6sqdVLNPZOnEQpq9g"

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame DCD3 2 KB
1 KB 99ms
30ms Document
text/html 13.224.96.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1785482.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-22.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 792f70324a941726ce7e749514e6fc3c.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: LuQUL1nMHy3fyi3j2vRF1GL62j5xzLKA5rd7C6kHODf_dYEFuktYGw==
age: 1576326

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame A237 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 3295
date: Thu, 05 Aug 2021 05:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 05 Aug 2021 07:13:41 GMT

GET conversion_async.js
www.googleadservices.com/pagead/ Frame A237 0
0

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame 0ECD 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 3295
date: Thu, 05 Aug 2021 05:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 05 Aug 2021 07:13:41 GMT

GET conversion_async.js
www.googleadservices.com/pagead/ Frame 0ECD 0
0

GET
H3-29 200 collect
www.google-analytics.com/ Frame 8833 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=189391967&t=pageview&_s=1&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=248x94&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1656837360.1628143716&tid=UA-141329870-1&_gid=1400043426.1628143716&gtm=2wg840MTM87SL&z=1568718595

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 18:31:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 41807
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ Frame A237 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=362224460&t=pageview&_s=1&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsl&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1213x155&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1656837360.1628143716&tid=UA-141329870-1&_gid=1400043426.1628143716&gtm=2wg840MTM87SL&z=1197197931

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 18:31:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 41807
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame 8833 342 KB
133 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://go.orca.security
Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 04:42:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5145
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136251
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Aug 2022 04:42:51 GMT

GET
H3-29 200 xn7gYHE41ni1AdIRggexSg.woff2
fonts.gstatic.com/s/manrope/v4/ Frame 8833 22 KB
22 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/manrope/v4/xn7gYHE41ni1AdIRggexSg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a41d60f8ac48aafcddd891ddebb318735c5684c4d8c8971f2a236233f89fc3be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://go.orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 01:26:03 GMT
x-content-type-options: nosniff
age: 189753
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22788
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 21:57:26 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 01:26:03 GMT

GET
DATA 200
OK truncated
/ Frame 8833 268 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a33b00a04c9fc9b04282a6ed5e20fdef28fcb08cbcd7712057cacf7c6edd669

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 getMapping Show response
ws.zoominfo.com/form-complete/ Frame 0ECD 814 B
573 B 158ms
157ms XHR
application/json 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/form-complete/getMapping?formId=wymcNktFMIhtz4zMJ4Cn

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

08dbb435439815752ce09bfc9581b9085db9c9a66095bf5062b1c5c8adc08031

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
via: 1.1 google
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.orca.security
access-control-allow-credentials: true
cf-ray: 679dda143c0f2bad-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
etag: W/"32e-56y0x/xolG6sqdVLNPZOnEQpq9g"

GET
H2 200 78657 Show response
api.omappapi.com/v2/embed/ 9 KB
3 KB 193ms
121ms XHR
application/json 13.224.96.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/78657?d=orca.security
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-55.zrh50.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 2aeb3b324941917165414ab3fc00805dd9a9d155605f4d15ac6632c4c188d95b

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: gzip
x-cache-config: 0 0
x-amz-cf-pop: ZRH50-C1
x-cache-status: HIT
x-cache: Miss from cloudfront
access-control-allow-headers: X-CSRF-Token
x-optinmonster-account: 88433
x-user-agent: standard--
last-modified: Tue, 03 Aug 2021 11:45:35 GMT
server: Pagely Gateway/1.5.1
etag: W/"34a7b940604a261644d2ef0ae5433d2d"
vary: Accept-Encoding, User-Agent
content-type: application/json
via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
access-control-expose-headers: X-OptinMonster-Account, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-origin: *
x-amz-cf-id: _RWVk20g7qI3pDbDLKNjM2_ohiAAcDcHSUMMqamTY22Unu6EeLzCGw==
expires: Thu, 05 Aug 2021 06:03:17 GMT

GET
H3-29 200 collect
www.google-analytics.com/ Frame 0ECD 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=346438421&t=pageview&_s=1&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1656837360.1628143716&tid=UA-141329870-1&_gid=1400043426.1628143716&gtm=2wg840MTM87SL&z=1493811528

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 18:31:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 41807
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 3A92 41 KB
21 KB 26ms
26ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=normal&cb=lzc6x7rz4pcw

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

dd68184af1336529ef84298ff8f150878f428880db4ffa04039b438de8269ac6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-q0ZUN7KTIUYJ6G11X6jlrA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=normal&cb=lzc6x7rz4pcw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://go.orca.security/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 05 Aug 2021 06:08:36 GMT
content-security-policy: script-src 'report-sample' 'nonce-q0ZUN7KTIUYJ6G11X6jlrA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 21569
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame A237 342 KB
133 KB 15ms
6ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://go.orca.security
Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 04:42:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5145
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136251
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Aug 2022 04:42:51 GMT

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame 3A92 52 KB
52 KB 16ms
14ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=normal&cb=lzc6x7rz4pcw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:25:52 GMT
vary: Accept-Encoding
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
x-content-type-options: nosniff
age: 52964
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52867
x-xss-protection: 0
expires: Thu, 04 Aug 2022 15:25:52 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame 3A92 342 KB
133 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 04:42:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5145
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136251
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Aug 2022 04:42:51 GMT

GET attributionSnippet.js
ddzuuyx7zj81k.cloudfront.net/1.0.0/ Frame 8833 0
0

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/api2/ Frame F6EE 39 KB
20 KB 29ms
29ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=normal&cb=e7u858sbhai5

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0b4429c3ad6eebd90d4df2ce04205bb4089f191b657dae8268b51a09733fc41f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7gK4lNw5MbYqhhbTTpobbw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=normal&cb=e7u858sbhai5
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://go.orca.security/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 05 Aug 2021 06:08:36 GMT
content-security-policy: script-src 'report-sample' 'nonce-7gK4lNw5MbYqhhbTTpobbw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 20437
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET attributionSnippet.js
ddzuuyx7zj81k.cloudfront.net/1.0.0/ Frame A237 0
0

GET
DATA 200
OK truncated
/ Frame 3A92 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3A92 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 3A92 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 23:34:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 196471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Mon, 09 Aug 2021 23:34:05 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 3A92 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 21:27:21 GMT
x-content-type-options: nosniff
age: 204075
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Aug 2022 21:27:21 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame 0ECD 342 KB
133 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://go.orca.security
Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 04:42:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5145
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136251
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Aug 2022 04:42:51 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ Frame 8833 5 KB
2 KB 419ms
101ms Script
application/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:37 GMT
Content-Encoding: gzip
X-Pardot-Route: 4587f66dff94d6e76a668284fbf3dba1
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified: Wed, 04 Aug 2021 13:29:25 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Sat, 05 Aug 2023 06:08:37 GMT

GET
H3-29 200 webworker.js
www.google.com/recaptcha/api2/ Frame 3A92 102 B
130 B 15ms
14ms Other
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

849ad50d8f39d01c26fb4a2441e1d8a36d4bb3798c5025a457d1a21fec0c1185

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=normal&cb=lzc6x7rz4pcw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110
x-xss-protection: 1; mode=block
expires: Thu, 05 Aug 2021 06:08:36 GMT

GET
H2 200 infinigrow.js Show response
dss6ntp5q2r0o.cloudfront.net/2.9.0/ 74 KB
25 KB 60ms
15ms Script
application/javascript 2600:9000:2204:4c00:10:7994:d200:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dss6ntp5q2r0o.cloudfront.net/2.9.0/infinigrow.js
Requested by: Host: ddzuuyx7zj81k.cloudfront.net
URL: https://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:4c00:10:7994:d200:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a6d75aad5c009d0bdf36d4c1d68d90e2848460fce782adb137819228842eefe0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 20:36:43 GMT
content-encoding: gzip
last-modified: Sun, 24 Jun 2018 15:14:02 GMT
server: AmazonS3
age: 34314
etag: W/"2f70fa2239343e20deb5c199873fbed1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 9bd09ac7aca1ea8ca6c788136a9ce480.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS50-C1
x-amz-cf-id: 1H8cSEAzehJd6kwECn2a0GV0AGwIDDt6EXw689_a7ZNjTrjTGWF9eQ==

GET
H2 200 webfont.js Show response
a.omappapi.com/app/js/webfont/1.5.18/ 16 KB
7 KB 37ms
37ms Script
application/javascript 185.59.220.194
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.59.220.194 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-713.bunnyinfra.net
Software: BunnyCDN-DE1-713 /
Resource Hash: ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: br
cdn-edgestorageid: 723
perma-cache: HIT
cdn-storageserver: DE-169
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-07-24 11:22:24
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 17:38:16 GMT
server: BunnyCDN-DE1-713
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control: public, max-age=31919000
cdn-requestid: f20c2060db61261e5a210be46542972b
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 moment.min.js Show response
a.omappapi.com/app/js/moment.js/2.24.0/ 52 KB
19 KB 39ms
38ms Script
application/javascript 185.59.220.194
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/moment.js/2.24.0/moment.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.59.220.194 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-713.bunnyinfra.net
Software: BunnyCDN-DE1-713 /
Resource Hash: e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: br
cdn-edgestorageid: 632
perma-cache: HIT
cdn-storageserver: DE-51
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-06-08 21:34:49
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 17:38:19 GMT
server: BunnyCDN-DE1-713
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control: public, max-age=31919000
cdn-requestid: f56654f7977c4b478a4a1985ff298d68
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 f705569335081612217557-0103-OrcaSecurity-WebsiteCard-1.png
a.omappapi.com/users/16cbaba9fcb1/images/ 27 KB
27 KB 35ms
35ms Image
image/webp 185.59.220.194
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.omappapi.com/users/16cbaba9fcb1/images/f705569335081612217557-0103-OrcaSecurity-WebsiteCard-1.png
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.59.220.194 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-713.bunnyinfra.net
Software: BunnyCDN-DE1-713 /
Resource Hash: d5e6f422bf9513df9dd847931b0783e78f2cc6d7a3f189450b9c932b40c584d7

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
cdn-edgestorageid: 632
perma-cache: HIT
cdn-storageserver: DE-51
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-06-08 21:21:59
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-length: 27446
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 18:29:20 GMT
server: BunnyCDN-DE1-713
cdn-requestpullcode: 200
content-type: image/webp
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control: public, max-age=31919000
cdn-requestid: bb65f92f28442ec6d734315ae6ae47de
accept-ranges: bytes
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame F6EE 52 KB
52 KB 8ms
6ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:25:52 GMT
vary: Accept-Encoding
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
x-content-type-options: nosniff
age: 52964
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52867
x-xss-protection: 0
expires: Thu, 04 Aug 2022 15:25:52 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame F6EE 342 KB
133 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 04:42:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5145
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136251
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Aug 2022 04:42:51 GMT

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 6BEB 40 KB
20 KB 23ms
23ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=normal&cb=wsnbmduonvae

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a070944be519725405513e0fa5155ae65cca9235f7b5a9f008c67f5f283f63cb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-pMwW0xBJ1r48kqy9CHYUcA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=normal&cb=wsnbmduonvae
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://go.orca.security/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 05 Aug 2021 06:08:36 GMT
content-security-policy: script-src 'report-sample' 'nonce-pMwW0xBJ1r48kqy9CHYUcA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 20725
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 bframe Show response
www.google.com/recaptcha/api2/ Frame A91D 7 KB
1 KB 16ms
16ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=eog28bmjmxx4

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0cad11670fcb499502940b07cba041fb02148ca2a6445cbb5499e24f07f8a4f5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-S6wkL1KDpDkIaPzCl1B+KA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=eog28bmjmxx4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://go.orca.security/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 05 Aug 2021 06:08:36 GMT
content-security-policy: script-src 'report-sample' 'nonce-S6wkL1KDpDkIaPzCl1B+KA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1112
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 moment-timezone-with-data-2012-2022.min.js Show response
a.omappapi.com/app/js/moment-timezone/0.5.23/ 32 KB
11 KB 24ms
24ms Script
application/javascript 185.59.220.194
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/moment-timezone/0.5.23/moment-timezone-with-data-2012-2022.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.59.220.194 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-713.bunnyinfra.net
Software: BunnyCDN-DE1-713 /
Resource Hash: 23190e1539469cc8b5faccb038b260ccda2cc62672c70efa1900a51a8e3d1be5

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: br
cdn-edgestorageid: 632
perma-cache: HIT
cdn-storageserver: DE-51
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-06-08 21:33:16
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 17:38:22 GMT
server: BunnyCDN-DE1-713
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control: public, max-age=31919000
cdn-requestid: 405bec09002bef30cb685dd890364e73
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

OPTIONS
H/1.1 200
OK tp2
sp.infinigrow.com/com.snowplowanalytics.snowplow/ Frame 0
0 1089ms
195ms Preflight 52.89.105.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sp.infinigrow.com/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Server: 52.89.105.17 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-89-105-17.us-west-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://orca.security
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://orca.security
Date: Thu, 05 Aug 2021 06:08:37 GMT
Server: akka-http/10.0.9
Content-Length: 0
Connection: keep-alive

POST
H/1.1 200
OK tp2 Show response
sp.infinigrow.com/com.snowplowanalytics.snowplow/ 2 B
460 B 1029ms
184ms XHR
text/plain 52.89.105.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sp.infinigrow.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: dss6ntp5q2r0o.cloudfront.net
URL: https://dss6ntp5q2r0o.cloudfront.net/2.9.0/infinigrow.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.89.105.17 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-89-105-17.us-west-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Date: Thu, 05 Aug 2021 06:08:38 GMT
Server: akka-http/10.0.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin: https://orca.security
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/plain; charset=UTF-8
Content-Length: 2

GET attributionSnippet.js
ddzuuyx7zj81k.cloudfront.net/1.0.0/ Frame 0ECD 0
0

GET
DATA 200
OK truncated
/ Frame F6EE 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame F6EE 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame F6EE 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 23:34:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 196471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Mon, 09 Aug 2021 23:34:05 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F6EE 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 21:27:21 GMT
x-content-type-options: nosniff
age: 204075
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Aug 2022 21:27:21 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ Frame A237 5 KB
2 KB 354ms
100ms Script
application/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:37 GMT
Content-Encoding: gzip
X-Pardot-Route: 4587f66dff94d6e76a668284fbf3dba1
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified: Wed, 04 Aug 2021 13:29:25 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Sat, 05 Aug 2023 06:08:37 GMT

GET
H3-29 200 webworker.js
www.google.com/recaptcha/api2/ Frame F6EE 102 B
130 B 15ms
15ms Other
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

849ad50d8f39d01c26fb4a2441e1d8a36d4bb3798c5025a457d1a21fec0c1185

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=normal&cb=e7u858sbhai5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110
x-xss-protection: 1; mode=block
expires: Thu, 05 Aug 2021 06:08:36 GMT

GET
H/1.1 200
OK messenger Show response
app.qualified.com/w/1/gndr1NireXGRNRuC/ Frame 6271 3 KB
2 KB 312ms
107ms Document
text/html 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=gndr1NireXGRNRuC

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-100-25-249-86.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b36cc47061c8756a1c1087471c94427e3218c5fbc431123c6bbcfcd8ffcbbb4b

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: app.qualified.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Content-Security-Policy
Content-Type: text/html; charset=utf-8
Date: Thu, 05 Aug 2021 06:08:37 GMT
Etag: W/"b36cc47061c8756a1c1087471c94427e"
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 spaces-router (020d7643da32)
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 71ac1b10-82e2-c61f-e570-fe1211a8a4a2
X-Runtime: 0.008869
X-Xss-Protection: 1; mode=block
Content-Length: 1110

GET
H/1.0 200
OK dc.js Show response
go.orca.security/dcjs/898611/14/ 46 B
637 B 203ms
202ms Script
text/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/dcjs/898611/14/dc.js
Requested by: Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=gndr1NireXGRNRuC
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 7bba17b490076798f613f9b01da8d6a2eb79808ae687d3e56543ba95fff3b16c

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 06:08:37 GMT
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp: 16/0/10
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 46
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame A91D 52 KB
52 KB 7ms
7ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=eog28bmjmxx4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:25:52 GMT
vary: Accept-Encoding
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
x-content-type-options: nosniff
age: 52965
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52867
x-xss-protection: 0
expires: Thu, 04 Aug 2022 15:25:52 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame A91D 342 KB
133 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=eog28bmjmxx4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 04:42:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5146
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136251
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Aug 2022 04:42:51 GMT

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame 6BEB 52 KB
52 KB 10ms
9ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:25:52 GMT
vary: Accept-Encoding
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
x-content-type-options: nosniff
age: 52965
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52867
x-xss-protection: 0
expires: Thu, 04 Aug 2022 15:25:52 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame 6BEB 342 KB
133 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 04:42:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5146
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136251
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Aug 2022 04:42:51 GMT

GET
H3-29 200 bframe Show response
www.google.com/recaptcha/api2/ Frame D1C9 7 KB
1 KB 18ms
18ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=ab7vj0cs3tpl

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0bc0726cf09336c203b3ce378379053588c3fc808408d261e0474e145b9be35d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HYz3VaXSoYK01HkXfXLkgg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=ab7vj0cs3tpl
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://go.orca.security/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 05 Aug 2021 06:08:37 GMT
content-security-policy: script-src 'report-sample' 'nonce-HYz3VaXSoYK01HkXfXLkgg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1113
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ Frame 0ECD 5 KB
2 KB 219ms
102ms Script
application/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:37 GMT
Content-Encoding: gzip
X-Pardot-Route: 4587f66dff94d6e76a668284fbf3dba1
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified: Wed, 04 Aug 2021 13:29:25 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Sat, 05 Aug 2023 06:08:37 GMT

GET
H3-29 200 webworker.js
www.google.com/recaptcha/api2/ Frame 6BEB 102 B
130 B 14ms
14ms Other
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

849ad50d8f39d01c26fb4a2441e1d8a36d4bb3798c5025a457d1a21fec0c1185

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&size=normal&cb=wsnbmduonvae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110
x-xss-protection: 1; mode=block
expires: Thu, 05 Aug 2021 06:08:37 GMT

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame D1C9 52 KB
52 KB 8ms
7ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=ab7vj0cs3tpl

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:25:52 GMT
vary: Accept-Encoding
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
x-content-type-options: nosniff
age: 52965
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52867
x-xss-protection: 0
expires: Thu, 04 Aug 2022 15:25:52 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame D1C9 342 KB
133 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=ab7vj0cs3tpl

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 04:42:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5146
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136251
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Aug 2022 04:42:51 GMT

GET
H3-29 200 bframe Show response
www.google.com/recaptcha/api2/ Frame A88B 7 KB
1 KB 20ms
20ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=n7i05qw00bl1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

89a3cfd1486f52401d366e1f16fba943ba7cb34b6866b21b8c5e63b842ed8827

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kMhdT+aUKyojRPpwBU5v+Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=n7i05qw00bl1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://go.orca.security/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 05 Aug 2021 06:08:37 GMT
content-security-policy: script-src 'report-sample' 'nonce-kMhdT+aUKyojRPpwBU5v+Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1113
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ Frame 8833 3 KB
3 KB 270ms
205ms Script
text/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=585125476&visitor_id_sign=356d0b4f82d1f1ad6873a7cc8fdcb53952d8811572de0b92f6598e8fa91f281b75d44262f84b3a5c190c64e882278a7ae90f4c19&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&referrer=https%3A%2F%2Forca.security%2F

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-2-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

6f6cb6cd3e33ad533a32d67458aa1397ed9a949108823bacb0567c8d9e1e6fe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 06:08:37 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp: 16/114/92
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1446
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame A88B 52 KB
52 KB 6ms
6ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=n7i05qw00bl1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:25:52 GMT
vary: Accept-Encoding
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
x-content-type-options: nosniff
age: 52965
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52867
x-xss-protection: 0
expires: Thu, 04 Aug 2022 15:25:52 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/ Frame A88B 342 KB
133 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/ecapuzyywmdXQ5gJHS3JQiXe/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=ecapuzyywmdXQ5gJHS3JQiXe&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=n7i05qw00bl1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 04:42:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5146
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136251
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 00:05:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Aug 2022 04:42:51 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 7 KB
723 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6fa14c7b40a31f3345c4371c7fc74452ae9232af5627c31b633752a1b0cb3665

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 06:08:37 GMT
server: ESF
date: Thu, 05 Aug 2021 06:08:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Aug 2021 06:08:37 GMT

GET
H/1.1 200
OK Inter-Regular-cd3c302ecefb19f92003ef258645c37c.woff2
app.qualified.com/packs/media/fonts/inter/ Frame 6271 115 KB
115 KB 98ms
98ms Font
font/woff2 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/media/fonts/inter/Inter-Regular-cd3c302ecefb19f92003ef258645c37c.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: bf1ffcb96984568b22f7a9029dd980abb5a4a47700f588a16b8ace0f7412977e

Request headers

Origin: https://app.qualified.com
Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:37 GMT
Via: 1.1 spaces-router (020d7643da32)
Last-Modified: Thu, 05 Aug 2021 00:25:33 GMT
Server: nginx
Etag: "610b2ffd-1ca00"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Content-Length: 117248
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK Inter-SemiBold-c1b3bf01f912184899dbb6fbb4029910.woff2
app.qualified.com/packs/media/fonts/inter/ Frame 6271 123 KB
123 KB 331ms
102ms Font
font/woff2 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/media/fonts/inter/Inter-SemiBold-c1b3bf01f912184899dbb6fbb4029910.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 41e5c059963bd8f9bc4097f78535c3d722f4d73e75c46b2df5cc74bf864af150

Request headers

Origin: https://app.qualified.com
Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:37 GMT
Via: 1.1 spaces-router (020d7643da32)
Last-Modified: Thu, 05 Aug 2021 00:25:33 GMT
Server: nginx
Etag: "610b2ffd-1eacc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Content-Length: 125644
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ Frame A237 3 KB
3 KB 216ms
216ms Script
text/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=585125476&visitor_id_sign=356d0b4f82d1f1ad6873a7cc8fdcb53952d8811572de0b92f6598e8fa91f281b75d44262f84b3a5c190c64e882278a7ae90f4c19&pi_opt_in=&campaign_id=17085&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsl&referrer=https%3A%2F%2Forca.security%2F

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-2-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

8356c16c4ffc73d3691aa538f1dd072f5ac0aced4b82a1faa8243c281075d68c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 06:08:37 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp: 16/106/9
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1447
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK 2-d29c8f89.chunk.css
app.qualified.com/packs/css/ Frame 6271 20 KB
4 KB 278ms
101ms Stylesheet
text/css 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/css/2-d29c8f89.chunk.css
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 889910bd602fe775e79f9b7e78d50040c61d9494b90ebc97800b3ae7976cbb49

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:37 GMT
Content-Encoding: gzip
Last-Modified: Thu, 05 Aug 2021 00:23:19 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Via: 1.1 spaces-router (020d7643da32)
Cache-Control: max-age=315360000, public
Content-Length: 3894
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK messenger-d46acbed.chunk.css
app.qualified.com/packs/css/widget/sandboxed/ Frame 6271 5 KB
1 KB 305ms
101ms Stylesheet
text/css 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/css/widget/sandboxed/messenger-d46acbed.chunk.css
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 19450de42b740616a0ae81907248584c4129e7a46c32a0c735a56d1572b5b380

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:37 GMT
Content-Encoding: gzip
Last-Modified: Thu, 05 Aug 2021 00:23:19 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Via: 1.1 spaces-router (020d7643da32)
Cache-Control: max-age=315360000, public
Content-Length: 1115
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK messenger~runtime-dafe21483d2a4a7bd206.js Show response
app.qualified.com/packs/js/widget/sandboxed/ Frame 6271 1 KB
1 KB 305ms
101ms Script
application/javascript 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/js/widget/sandboxed/messenger~runtime-dafe21483d2a4a7bd206.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: c0836e0ca85c352993c12e75d531b1394a2be0b679828a749c1922b9f66032a9

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:37 GMT
Content-Encoding: gzip
Last-Modified: Thu, 05 Aug 2021 00:23:19 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 spaces-router (020d7643da32)
Cache-Control: max-age=315360000, public
Content-Length: 728
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 2-75b6a4d557c1383b9aa9.chunk.js Show response
app.qualified.com/packs/js/widget-sandboxed-chunks/ Frame 6271 1 MB
314 KB 308ms
102ms Script
application/javascript 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/js/widget-sandboxed-chunks/2-75b6a4d557c1383b9aa9.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b3da8d4d6ce548b08ca53762d9e5f7162a073b1f07756ba8aded1c9929f9b015

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:37 GMT
Content-Encoding: gzip
Last-Modified: Thu, 05 Aug 2021 00:23:19 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 spaces-router (020d7643da32)
Cache-Control: max-age=315360000, public
Content-Length: 321665
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK messenger-d353be159858e9bef374.chunk.js Show response
app.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/ Frame 6271 398 KB
88 KB 101ms
101ms Script
application/javascript 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/messenger-d353be159858e9bef374.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 5959d25dbb957e369dcb1e33493d3aaaf1caff462a7e1141ef561be867eb77ca

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:37 GMT
Content-Encoding: gzip
Last-Modified: Thu, 05 Aug 2021 00:23:19 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 spaces-router (020d7643da32)
Cache-Control: max-age=315360000, public
Content-Length: 89471
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v18/ 23 KB
23 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v18/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 18:40:08 GMT
x-content-type-options: nosniff
age: 127709
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 18:18:32 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 18:40:08 GMT

GET
H3-29 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v21/ 14 KB
14 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v21/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 18:36:37 GMT
x-content-type-options: nosniff
age: 127920
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 18:10:00 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 18:36:37 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v21/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v21/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 18:36:37 GMT
x-content-type-options: nosniff
age: 127920
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15112
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 18:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 18:36:37 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN8rsOUuhp.woff2
fonts.gstatic.com/s/opensans/v21/ 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v21/mem5YaGs126MiZpBA-UN8rsOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47300f73d115d5d1586ff7b01cc7319166b160bdad6e54a54ad02ac9312f6426

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 18:36:37 GMT
x-content-type-options: nosniff
age: 127920
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15188
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 18:10:37 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 18:36:37 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ Frame 0ECD 3 KB
3 KB 224ms
223ms Script
text/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-2-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

6f6cb6cd3e33ad533a32d67458aa1397ed9a949108823bacb0567c8d9e1e6fe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 06:08:37 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp: 17/7/94
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1446
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
go.orca.security/ Frame 8833 50 B
1 KB 195ms
195ms Script
text/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&pi_form=true&visitor_id=585125476&visitor_id_sign=356d0b4f82d1f1ad6873a7cc8fdcb53952d8811572de0b92f6598e8fa91f281b75d44262f84b3a5c190c64e882278a7ae90f4c19&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https://go.orca.security/l/898611/2020-12-11/2vsj&referrer=https://orca.security/
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=585125476&visitor_id_sign=356d0b4f82d1f1ad6873a7cc8fdcb53952d8811572de0b92f6598e8fa91f281b75d44262f84b3a5c190c64e882278a7ae90f4c19&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&referrer=https%3A%2F%2Forca.security%2F
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 06:08:37 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp: 17/5/148
Vary: User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET embed_shepherd-v1.js
fast.wistia.com/static/ Frame 8833 0
0

GET
H/1.0 200
OK analytics Show response
go.orca.security/ Frame A237 50 B
1 KB 205ms
204ms Script
text/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&pi_form=true&visitor_id=585125476&visitor_id_sign=356d0b4f82d1f1ad6873a7cc8fdcb53952d8811572de0b92f6598e8fa91f281b75d44262f84b3a5c190c64e882278a7ae90f4c19&pi_opt_in=&campaign_id=17085&account_id=899611&title=&url=https://go.orca.security/l/898611/2020-12-11/2vsl&referrer=https://orca.security/
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=585125476&visitor_id_sign=356d0b4f82d1f1ad6873a7cc8fdcb53952d8811572de0b92f6598e8fa91f281b75d44262f84b3a5c190c64e882278a7ae90f4c19&pi_opt_in=&campaign_id=17085&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsl&referrer=https%3A%2F%2Forca.security%2F
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 06:08:37 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp: 16/18/123
Vary: User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET embed_shepherd-v1.js
fast.wistia.com/static/ Frame A237 0
0

GET
H/1.0 200
OK analytics Show response
go.orca.security/ Frame 0ECD 50 B
1 KB 185ms
185ms Script
text/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&pi_form=true&visitor_id=585125476&visitor_id_sign=356d0b4f82d1f1ad6873a7cc8fdcb53952d8811572de0b92f6598e8fa91f281b75d44262f84b3a5c190c64e882278a7ae90f4c19&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https://go.orca.security/l/898611/2020-12-11/2vsj&referrer=https://orca.security/
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=585125476&visitor_id_sign=356d0b4f82d1f1ad6873a7cc8fdcb53952d8811572de0b92f6598e8fa91f281b75d44262f84b3a5c190c64e882278a7ae90f4c19&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&referrer=https%3A%2F%2Forca.security%2F
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 06:08:37 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp: 16/86/210
Vary: User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET embed_shepherd-v1.js
fast.wistia.com/static/ Frame 0ECD 0
0

POST
H/1.1 200
OK page_views Show response
app.qualified.com/w/1/gndr1NireXGRNRuC/ 258 B
1 KB 132ms
131ms XHR
application/json 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/gndr1NireXGRNRuC/page_views?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=gndr1NireXGRNRuC

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-100-25-249-86.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548369aa283ae3a266fcc5e3eb9d8685812f95eeeb73743815f32bc547904cec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json; charset=UTF-8

Response headers

Date: Thu, 05 Aug 2021 06:08:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 7200
Vary: Accept-Encoding, Origin
Content-Length: 245
X-Xss-Protection: 1; mode=block
X-Request-Id: ec617e66-d6f7-e35f-9451-70a2aaa47798
X-Runtime: 0.029274
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"548369aa283ae3a266fcc5e3eb9d8685"
X-Download-Options: noopen
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Methods: POST, PUT, OPTIONS
Content-Type: application/json; charset=utf-8
Via: 1.1 spaces-router (020d7643da32)
Access-Control-Expose-Headers
Cache-Control: max-age=0, private, must-revalidate

OPTIONS
H/1.1 200
OK page_views
app.qualified.com/w/1/gndr1NireXGRNRuC/ Frame 0
0 306ms
102ms Preflight 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/page_views?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
Protocol: HTTP/1.1
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://orca.security
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST, PUT, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Access-Control-Max-Age: 7200
Date: Thu, 05 Aug 2021 06:08:42 GMT
Server: nginx
Via: 1.1 spaces-router (020d7643da32)
Content-Length: 0

GET
H/1.1 200
OK dfa0177315aaa1d549f6577e0bd4aeae2a785064bf3526b9a7f04e1f1ea02549.png
qualified-production.s3.amazonaws.com/uploads/ Frame 6271 9 KB
9 KB 436ms
120ms Image
image/png 52.217.104.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qualified-production.s3.amazonaws.com/uploads/dfa0177315aaa1d549f6577e0bd4aeae2a785064bf3526b9a7f04e1f1ea02549.png
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.104.76 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: c32c76acb25416888ee90eeea169ae67353121265191b3cb8d83a783db2b9018

Request headers

Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:44 GMT
Last-Modified: Sat, 27 Feb 2021 02:55:06 GMT
Server: AmazonS3
x-amz-request-id: 0ZKVCY6JEZY4SN12
ETag: "5d9107836bf7571cd3c3954b98e35d59"
Content-Type: image/png
Cache-Control: Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Length: 8943
x-amz-id-2: zAWmfqJP3ftv+tBplNWDeV3BfQ+tV9dIMGYcPVbFuQgKM7iJ6ZYJOlI5j1TgZlrI0yjlAyH/saA=

GET
H/1.1 200
OK dfa0177315aaa1d549f6577e0bd4aeae2a785064bf3526b9a7f04e1f1ea02549.png
qualified-production.s3.amazonaws.com/uploads/ Frame 6271 9 KB
9 KB 113ms
112ms Image
image/png 52.217.104.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qualified-production.s3.amazonaws.com/uploads/dfa0177315aaa1d549f6577e0bd4aeae2a785064bf3526b9a7f04e1f1ea02549.png
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=d44caeb2-1883-4d9b-bd56-fa50b973bb68
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.104.76 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: c32c76acb25416888ee90eeea169ae67353121265191b3cb8d83a783db2b9018

Request headers

Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:45 GMT
Last-Modified: Sat, 27 Feb 2021 02:55:06 GMT
Server: AmazonS3
x-amz-request-id: Q3456PF7FHWFV7MG
ETag: "5d9107836bf7571cd3c3954b98e35d59"
Content-Type: image/png
Cache-Control: Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Length: 8943
x-amz-id-2: PuSuLQMku5h6V2zYZyux7vsy/ywtzHmtefaFWmTF2bSyEmWhi7Z+bORYiMSXodOQvfd+H1SZXuo=

GET
H/1.1 206
Partial Content 7bfc614b2b8cf39efbfb3b15da61c94a.mp3
app.qualified.com/packs/ 6 KB
6 KB 104ms
103ms Media
audio/mpeg 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/7bfc614b2b8cf39efbfb3b15da61c94a.mp3
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3814cdd9f44b721f9c1cb111462e040b4a885d07cb143ee37b680d871cbfa94e

Request headers

Referer: https://orca.security/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

Date: Thu, 05 Aug 2021 06:08:45 GMT
Via: 1.1 spaces-router (020d7643da32)
Last-Modified: Thu, 05 Aug 2021 00:23:19 GMT
Server: nginx
Content-Type: audio/mpeg
Content-Range: bytes 0-5869/5870
Cache-Control: max-age=315360000, public
Content-Length: 5870
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 103ms
102ms Script
application/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Aug 2021 06:08:45 GMT
Content-Encoding: gzip
X-Pardot-Route: 4587f66dff94d6e76a668284fbf3dba1
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified: Wed, 04 Aug 2021 13:29:25 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Sat, 05 Aug 2023 06:08:45 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
806 B 40ms
23ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=5544741&ct=blog-post&rcu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F&pu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&t=Malware+in+the+Cloud%3A+Challenges+and+Best+Practices+-+Orca+Security&cts=1628143725560&vi=f1eb80418afb5a99bf96f172b1ec1090&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:45 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: e60a1f10-f88c-4cc1-9553-61af38c88772
cf-ray: 679dda4ce92d2484-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xLCvnmYWxdzveQmun2gk56t%2FruWvNdKEgZK5v%2Bjxybd4l8ourtmaLA48V3Rql3I9rS6W3qXvnGevStuIuYHUCiLEY0GV0uA63FBY%2BCQhqHnYK8HwkLLO9gAni%2F0e2eqeeh1wXK%2B%2BzvHVFvq6%2B%2BZT"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
352 B 42ms
26ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=03772d1e-aef0-4e74-a117-9f4ee3b9e51c&fci=30fa5d13-6366-4d5b-86fb-24b2dc38aabd&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=5544741&ct=blog-post&rcu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F&pu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&t=Malware+in+the+Cloud%3A+Challenges+and+Best+Practices+-+Orca+Security&cts=1628143725567&vi=f1eb80418afb5a99bf96f172b1ec1090&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:45 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 4cffbd01-50cc-4b99-bf9b-aee1cdcb0b60
cf-ray: 679dda4ce9302484-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xCJhteVmJOKNtESKrxHnhgdraMeJETf5qR0AvfABvTzkAcKau9GUqpMosmT6rhoaZcU5otNm8XVfXcU7DV4lSD1l3yYVJQ361Dx4yg%2BhpcnYu4dLDsvJ8YAJTWi5FsogBeT597Ye2fHAmV8FaEh4"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 204 a
www.googletagmanager.com/ 0
128 B 14ms
14ms Image
image/gif 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=OPT-PWBBWC3&cv=1&t=ol&g=61&p=gtm&l=324&q=1458&f=41&e=15&i=119&d=-770&c=175&hc=0&sr=0.050000&ps=0.04684716920518062&cb=785346598

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Aug 2021 06:08:45 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 3 KB
3 KB 283ms
283ms Script
text/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&referrer=

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-2-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

d57a6b798ef6297567cdd14b7752920b06cd2807a44b61c13bc54f83f56ecea5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 06:08:45 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp: 16/37/127
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1447
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
go.orca.security/ 50 B
1 KB 177ms
177ms Script
text/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&visitor_id=585125658&visitor_id_sign=44c6bb0c2df23b0d2a4bbfa6bf3f8ac704e4f1c9c0857af2842139326d2f7a26e581b793a7dc4e992e1bab2826b5d154609965a9&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud:%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&referrer=
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Aug 2021 06:08:45 GMT
X-Pardot-Route: c2c10298b36224142948b084fe4d7b30
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp: 16/91/22
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 embed_shepherd-v1.js Show response
fast.wistia.com/static/ 572 KB
104 KB 22ms
7ms Script
application/javascript 2a04:4e42:3::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/static/embed_shepherd-v1.js

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&referrer=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9e588c1c9f9aaf018b98c44009b7a1ce46264e0ca0fa5c6b4c6d464af2b6d54a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 06:08:45 GMT
content-encoding: br
vary: Accept-Encoding
age: 2618
x-cache: HIT, HIT
content-length: 106273
x-served-by: cache-dca12921-DCA, cache-fra19141-FRA
access-control-allow-origin: *
x-browser-version: 89
last-modified: Wed, 04 Aug 2021 15:31:04 GMT
x-timer: S1628143726.961601,VS0,VE0
etag: "610ab2b8-19f21"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2, 27

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: insiderdata360online.com
URL: https://insiderdata360online.com/service/platform.js?ran=0.2958641413375831

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: ddzuuyx7zj81k.cloudfront.net
URL: http://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js

Domain: ddzuuyx7zj81k.cloudfront.net
URL: http://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js

Domain: ddzuuyx7zj81k.cloudfront.net
URL: http://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js

Domain: fast.wistia.com
URL: http://fast.wistia.com/static/embed_shepherd-v1.js

Domain: fast.wistia.com
URL: http://fast.wistia.com/static/embed_shepherd-v1.js

Domain: fast.wistia.com
URL: http://fast.wistia.com/static/embed_shepherd-v1.js

Verdicts & Comments Add Verdict or Comment

256 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.orca.security/	1970-01-19 20:15:45	Name: __hssc Value: 132551249.1.1628143725558
.orca.security/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.orca.security/	1970-01-20 05:37:19	Name: hubspotutk Value: f1eb80418afb5a99bf96f172b1ec1090
.orca.security/	1970-01-20 05:37:19	Name: __hstc Value: 132551249.f1eb80418afb5a99bf96f172b1ec1090.1628143725558.1628143725558.1628143725558.1
.orca.security/	1970-01-23 11:51:43	Name: __q_state_gndr1NireXGRNRuC Value: eyJtZXNzZW5nZXJFeHBhbmRlZCI6ZmFsc2UsImNvb2tpZURvbWFpbiI6Im9yY2Euc2VjdXJpdHkiLCJwcm9tcHREaXNtaXNzZWQiOmZhbHNlLCJjb252ZXJzYXRpb25JZCI6OTMyNDUwNTd9

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://orca.security/resources/wp-includes/js/jquery/jquery-migrate.min.js(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	log	URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE(Line 100) Message: Anchor Ready
console-api	log	URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE(Line 165) Message: [object Object]
console-api	warning	URL: https://orca.security/resources/wp-includes/js/jquery/jquery.min.js(Line 2) Message: jQuery.Deferred exception: Cannot read property 'getItem' of null TypeError: Cannot read property 'getItem' of null at _default.get (https://orca.security/resources/wp-content/plugins/elementor/assets/js/frontend.min.js:2:56236) at _default.setViewsAndSessions (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js:2:89347) at new _default (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js:2:89098) at Function.<anonymous> (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js:2:5491) at Function.each (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:3026) at ElementorProFrontend.initModules (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js:2:5456) at ElementorProFrontend.onElementorFrontendInit (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js:2:5712) at dispatch (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:43090) at v.handle (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:41074) at Object.trigger (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:71513) undefined
console-api	error	URL: https://ws-assets.zoominfo.com/formcomplete.js(Line 1) Message: [ZoomInfo FormComplete] - Form form[id='pardot-form'] was not found in the document. Make sure the form element is loaded before the FormComplete script and that it is mapped correctly at the FormComplete Management page.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
ajax.googleapis.com
analytics.twitter.com
api.omappapi.com
app.qualified.com
cdnjs.cloudflare.com
connect.facebook.net
ddzuuyx7zj81k.cloudfront.net
dss6ntp5q2r0o.cloudfront.net
fast.wistia.com
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
go.orca.security
googleads.g.doubleclick.net
insiderdata360online.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsforms.net
js.qualified.com
links.readitquik.us
maxcdn.bootstrapcdn.com
orca.security
pi.pardot.com
px.ads.linkedin.com
px4.ads.linkedin.com
qualified-production.s3.amazonaws.com
script.hotjar.com
services.infinigrow.com
snap.licdn.com
sp.infinigrow.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
track.hubspot.com
tracking.g2crowd.com
vars.hotjar.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.clickcease.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
ddzuuyx7zj81k.cloudfront.net
fast.wistia.com
insiderdata360online.com
www.googleadservices.com
100.25.249.86
104.244.42.195
104.244.42.197
108.174.10.14
13.224.96.100
13.224.96.104
13.224.96.22
13.224.96.55
13.224.96.91
142.250.185.98
151.101.12.157
162.159.135.42
18.142.0.45
185.59.220.194
2600:9000:2190:ea00:8:8d2f:9e00:21
2600:9000:2204:4c00:10:7994:d200:21
2606:4700:20::ac43:4470
2606:4700::6810:135e
2606:4700::6810:5705
2606:4700::6810:650c
2606:4700::6810:a852
2606:4700::6811:46b0
2606:4700::6811:b649
2606:4700::6811:d4cc
2606:4700::6812:15bf
2606:4700::6812:1bbe
2606:4700::6812:bcf
2606:4700::6813:9a53
2620:119:50e3:101::6cae:b45
2620:1ec:21::14
2a00:1450:4001:80f::2003
2a00:1450:4001:812::2003
2a00:1450:4001:813::2004
2a00:1450:4001:828::2008
2a00:1450:4001:828::200e
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a00:1450:400c:c07::9d
2a02:26f0:6c00:2bb::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:3::622
52.21.178.134
52.217.104.76
52.89.105.17
54.226.239.18
00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908
05eee7dd84da8f541a1dfebd89d2a67e8b2322fced4845f991769c1df2d096ab
08dbb435439815752ce09bfc9581b9085db9c9a66095bf5062b1c5c8adc08031
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0a938256d2de59b044f8ca7c7aa0c788ed2ffa9a48bf0e3930a5830c4298f509
0aaa4cf927b0e3631cffbe62f6786810aa65348483cd950e49f634a0881b16b4
0b4429c3ad6eebd90d4df2ce04205bb4089f191b657dae8268b51a09733fc41f
0bc0726cf09336c203b3ce378379053588c3fc808408d261e0474e145b9be35d
0cad11670fcb499502940b07cba041fb02148ca2a6445cbb5499e24f07f8a4f5
0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13a16fa0e2ba101a24f92ce030067384bf8a08838e8988796626af25a2712ad2
15cabbfbc427cf3a6e897a426fa4cfc26d7171ae72763fcccc3d066338f15bf7
17f076500dca787c42b1dd6238ce50a0752771eafd040e8512c713a7ec947c65
182cab990c2118fcdb18feab5115335e4eb4bc0b38bb30a36c4e73c92b080ea4
19450de42b740616a0ae81907248584c4129e7a46c32a0c735a56d1572b5b380
1a33b00a04c9fc9b04282a6ed5e20fdef28fcb08cbcd7712057cacf7c6edd669
1ada5259a5ac61a7d68315f7efa6b98d61d2d0478df0545869c880afeaa67dcd
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1c0f298c1006cdf62756f1b7e1dcc9cd946eb6528c4671b3f2dfb892ff76ba5b
1e5aeaa58ab4c2345953f77e07fbc20578326076a259ed702eea64e077fde675
1ef0899dadf11eccd489e8aca5ef79eaf9c1caa00f9f1d4d8ad45ff1ed375ccf
1fca93a07ea41f4c06f69e767c8defabe3dd38df306e41f6a4a98518112c5f09
205988b80eeedc442aa4ba78fd4bda5b1b139415f3dc88043fc73adcd71cbae2
20ffeeb1b6274d88ea1a05f79a414e6bb12189c7516514c75067d081dcd47819
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
23190e1539469cc8b5faccb038b260ccda2cc62672c70efa1900a51a8e3d1be5
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
285c3c6ca39b53ee2e65d425a7b26d8d9415a8e15c323aa1d73f3b79496400fc
2989e0b9e836cb9de3274d641ec6a58c2052f039e790ddd59b22303930bfdeeb
2aeb3b324941917165414ab3fc00805dd9a9d155605f4d15ac6632c4c188d95b
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde
336032e8b6a0e53594ef6fd0333f2c8f791accdd85de58bfbbbcd134347672af
34b499c3bed76acb12665df0c8b65d14bac3ee6161e420a9403bd694be549e78
368daab67b1a5b2b2802edbbac79a2aa4ba992a2ebf9c67b98ad784d8004018c
3814cdd9f44b721f9c1cb111462e040b4a885d07cb143ee37b680d871cbfa94e
3afe1773cbb9677bed9327f8f81058a02d8b593b22eb24a40658539bd8a5ead8
3b8445ffccb8367866ab9a95af5439a7faffcb30a67e7902324192a6059b056a
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3e0e5bde2976de971453ff399dd44a574f999ff6cca7c6dec94991b07e94d477
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3f9c38934fc41ee2a85f1a6e1ad59e96f7f1e73b9b4e653394708715d5ab32c5
41e5c059963bd8f9bc4097f78535c3d722f4d73e75c46b2df5cc74bf864af150
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
44da12b1630d2ef003f2375847617620d5f4f7fae60a473b801cf55f15e6f9d7
46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd
47300f73d115d5d1586ff7b01cc7319166b160bdad6e54a54ad02ac9312f6426
4a7ee62eb33f3bbb66c2151e5cac6bf4904e28302efc36128f3e3ccae6fde580
50bbb02baec0ea54be304a070a2c6d815f65ee593c04f0fd81f81ee4dc0133e2
52adbaf8b7004e3e0ef2b06be5492748eeef0bdfbc2d91b4aa3aa7ddd7028703
548369aa283ae3a266fcc5e3eb9d8685812f95eeeb73743815f32bc547904cec
54c9560cb0117d8d1f955aefe0f88b843517964e118512d8f1a224a8a9b662f4
5959d25dbb957e369dcb1e33493d3aaaf1caff462a7e1141ef561be867eb77ca
598e0da49a0d44ca888818a794151e0be9e5a5801d78e53430f451a40d67e661
5b650b79e0be51cb31213cfe3a6576941044fd10b367ee0d0c73a05580e9fcf3
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c15402dcdd0b03490883b62681c0d676af10894c7ce55218650d0f3827c6f0f
5da80845be0b787ddf4abd8c116be05e185e3e928c2773d65abb55903e362175
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
60aad8b6f919b3ac201f9441562712b6b4071e6e2928577910f31ca424ffa397
64380f313f85c6feb17b558f02b5b3d145bbf934a969e012302caac445a1922f
654a6d6808dfc4e817d8d70eebebd98f0add214485983e60a53111de95db8bdc
661e00570c65c29528d9ce6ee19e5e9939986716c293def67b07f8b6a191b018
6ab62a4ad842886cbbb19d267d745bf8c54f0b218f828e730c49640070a8a11a
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271
6ea89c32d32523058b169bb16b29b3db768f110270eaa9ee459a40d590358fc9
6f57f8ab879288c31393c0234a10d05b7b8955999a0192d4b17d4bf6c4769a18
6f6cb6cd3e33ad533a32d67458aa1397ed9a949108823bacb0567c8d9e1e6fe8
6fa14c7b40a31f3345c4371c7fc74452ae9232af5627c31b633752a1b0cb3665
71008cf308a9bb2a3a3ddaa973f816c0d3a11db5cc9e7bdd5498089423019b3e
71a920e8af6069911a728a6768baf9c58e8f2dcc99599985f36f2110466457a0
71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba
7369eb7217705e08010dbd6c0ed5433f75e66391ff6f365372381b658b1f1da9
7428c33bbf1f01ba9161ed486e9d6a3400782fbd4b6629b3e33a7004924e02fd
744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c
74706fc3a0764eb273029a2ca83422dd8663978130573095d48f7ed260f28671
751d5192326ddefce3e87157f7c9355217cdad7b4a969b5dd3161b4453671389
7742176d36a9ea889f4db0a843e62f522ba690a8d514e91dd5aa09eccf7340ce
785c1179e9138a30fccbcd502d81ad2920049a12fd3d83fae433052e9be4c62f
7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
7bba17b490076798f613f9b01da8d6a2eb79808ae687d3e56543ba95fff3b16c
7f2c118d33b7a0cc1824d4a0f6cbeba99b36fd7471dba921c4e74396a8d1667a
7f9dec7f9dab0753e8ef7f30914bce6e3881799d4b3f3971b31b1d11495ffaae
7fc2adee3e43f35ce8e32c26f8d8cc18c647e98f5d82106937a981db839897d5
8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e
8191aac24052007a5eb3dff74bbcde3d14bd1b9eac048a8b781c08e144089f25
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8356c16c4ffc73d3691aa538f1dd072f5ac0aced4b82a1faa8243c281075d68c
84053d1e000e4ec2e919fc747c16eb16856745bd7cdd0279ff6be2062f365650
849ad50d8f39d01c26fb4a2441e1d8a36d4bb3798c5025a457d1a21fec0c1185
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86e8ec692b64a9bde2291aa1a5f06009bd66b1660584769d704e3ed84b0a875d
8725ca355115b2fd4651581ad44a4115ec562fc3ad951c72b7da7f9c8e73051f
889910bd602fe775e79f9b7e78d50040c61d9494b90ebc97800b3ae7976cbb49
897ebbdf379aeb2c751275f083d298f15b094902c6bd6a66405ffb0604c64124
89a3cfd1486f52401d366e1f16fba943ba7cb34b6866b21b8c5e63b842ed8827
8b1378138bba66a489a96aa319ed93174ae2e9740c4e0dc6846c5f06d2193fb4
9019bd99bb2b109f32b62d0439c01e6c9e828bfd160c1e254a5a0d1c7229a4fe
91dbec0f4e07b605763f34157768eae027d683004a5200638e1153600927c575
96456ea83a2a92121ff46321c0f0ca85237a5fbb1cc6391a7303057226b91529
97cf1307c16a437b77b5f7f5c9bc0b985d0745a14be5a279019aca5a3432e264
9b528d20480c531315ae34b2941b0f98e9727df6e7e8d057e599174df79c0dbd
9e588c1c9f9aaf018b98c44009b7a1ce46264e0ca0fa5c6b4c6d464af2b6d54a
a070944be519725405513e0fa5155ae65cca9235f7b5a9f008c67f5f283f63cb
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
a41d60f8ac48aafcddd891ddebb318735c5684c4d8c8971f2a236233f89fc3be
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473
a53ea60fbea6cb1775430998564d5f295aba7d3bfe548a0ba79aa2a049aba839
a6d75aad5c009d0bdf36d4c1d68d90e2848460fce782adb137819228842eefe0
a9703acf1b9ace4e69669e5472063f067cfaf6eba3dff61ec47b95db163a3158
a984c620b66fd1ff8082247cd7d7d57a4267c7d46049bde2326dc1309bcdcdce
a9e4a21d7a0dd665ebfe69752a801f9034ee7f4d7e5930cb267b6c48aa3bee31
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15
af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325
afea7d7933d3140b754902ec8d48c7cc0db26b22f5912655b2fb1c1b07429478
b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b36cc47061c8756a1c1087471c94427e3218c5fbc431123c6bbcfcd8ffcbbb4b
b3da8d4d6ce548b08ca53762d9e5f7162a073b1f07756ba8aded1c9929f9b015
b5641645c15c48b3ff5ce52e718563e1d04d18492e552eb126862768327e2855
b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820
b91bca177cd45dfc501b5e808b9c46c643596282dd69202f192d3a515678e9e3
b980f62a2d545d64f24e6f96902c8fbf5da0018569c369bc18f9e5b5fcf099ed
bb0772532e523b486ea3419e8de8a9a40a0f632bf85ddf21f0d8753427972280
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc71c403dc6113c8597e111a99d6a6a197dd2f2355402f8392ca4812dca57d3d
bcca65cc24a8fa93b8c1c9b3fdab3c155b5a6c5e6013d1b0aa4e4447c8eec77c
be29174d2fe6ed8aad6c27420ce60f754419d072bfb1603ffa20626463295a57
bf1ffcb96984568b22f7a9029dd980abb5a4a47700f588a16b8ace0f7412977e
c0836e0ca85c352993c12e75d531b1394a2be0b679828a749c1922b9f66032a9
c2e8b4fba49f90cfca5a43371c09879aed7447e0ba2ed4abd75b81448776c4f7
c32c76acb25416888ee90eeea169ae67353121265191b3cb8d83a783db2b9018
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c3f972393cbaeb692394b14498f8f9526c5a75480fe6fed1a5d14e83109e0cf4
c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b
c51831a289a042fb47236cc90db37a4d2cdd827d8ba95120de2cb55826e68664
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
c76c6456972a640a9057ae6e6ce9099722910ac60e2f31e514a1bf0066d9d64d
cc33742f4eab551d4e76af8a2da85c3d2304d8252171d16a3e56207c0c073e93
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
ceaa8c47e55f50794d42966a696f0f35149ffd1560c46eecbca911d6b48d9371
cfca36025004c1f9a54e8bca2961cd7c2c7d030b9f098b2f8d044e25944b1fdf
d39e13725b21bae85d8ec5a33e089d49b52ea78390dabf5e426751414499d0f1
d57a6b798ef6297567cdd14b7752920b06cd2807a44b61c13bc54f83f56ecea5
d5e6f422bf9513df9dd847931b0783e78f2cc6d7a3f189450b9c932b40c584d7
d68519a3166f1d5cf914c9e2c228ce1415ecbe40c8630d7d5ce8675fdafb5902
d7c1382f2a55b9cfed948b2a888fe6169dd173219e33ef7ce057ccb002fa93cf
d882dbd828af87ed3434862bf608a2dee6d347817ae547421c9b2051ce29a905
d8e1bb6afaee4a9709470e6bc6712a4288aab63eff4a430e75935d0095648bb6
d9b993464d1fb9e951a4e9c76d4d560b208604c73fa87c0a61091b5af0ddecec
d9fd9e2d2293c369f4aa2abe2dcdee1ff7135ceb33f12cdfab98a348bf9ac455
da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
dd68184af1336529ef84298ff8f150878f428880db4ffa04039b438de8269ac6
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
df9e7523b26f19bbbf9242495b0ff59da0f8c8469b0015096f5a79d8ec165484
e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964
e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999
e36eaa6e7cebbd4138dfb008ee3d53ab8195f45953b0f4f27d0d8156ab059021
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e51cef74e27fe2fbf08417acdaeccb250743a28dc7b82d16ba26560981041e0d
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2b6a048828ba900123bc05b019ded3252e9b21260d7402fc9d11a321fb3dc1
f07ba5ad1ac0a01ef6b948f1a2223b2eff4e40f40da24614151b98939b6a5ef1
f25bf2d1b5903b70c1c7bdd0164cd286a3854b4e963d2a00382bcb91faee853a
f7e6e40531454a93362ca8a1c5a4e7a33cbfa76371bfee888b88933332f5c5cd
f8d00356859998784bda26e1d14f2d981515921b96ded50d5d6f6f0e75bac15c
f9335a3578fbb78eba8922527950b8773e21ebc2d28e6f72ce9d223094bfdbdc
fbd60db88b56b91e2c6ea79a36224ec46d01be9b58cf87db5176c86681f9270a
fda3035030d3843c2751dc0da65fb802230ec00a4008aeed83ddddc7b97cbc93
fe2ac5219992a3608a5c9e2bc4759fac8fb2189b88d7a674d395ff6c435da536
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

orca.security Open in urlscan Pro 162.159.135.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

248 Requests

96 %HTTPS

63 %IPv6

37 Domains

50 Subdomains

46 IPs

5 Countries

5814 kBTransfer

15414 kBSize

5 Cookies

17 Outgoing links

Page URL History

Redirected requests

248 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

orca.security Open in urlscan Pro
162.159.135.42 Public Scan

Screenshot
Live screenshot

Full Image

248
Requests

96 %
HTTPS

63 %
IPv6

37
Domains

50
Subdomains

46
IPs

5
Countries

5814 kB
Transfer

15414 kB
Size

5
Cookies

248 HTTP transactions
9 data transactions