orca.security Open in urlscan Pro
162.159.135.42 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://links.readitquik.us/els/v2/_4bwFk9A70sX/cmRNU3ozb2xtTkMwTUR3aWYvWDIwZmVpSHhRSnZZYm1OK010NlB4alFXZCs5Y2pYRHE1OWpTalNU...
Effective URL:
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Submission: On August 19 via api (August 19th 2021, 9:23:40 pm UTC) from US

Summary HTTP 246 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 45 IPs in 5 countries across 36 domains to perform 246 HTTP transactions. The main IP is 162.159.135.42, located in and belongs to CLOUDFLARENET, US. The main domain is orca.security.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 22nd 2021. Valid for: a year.

This is the only time orca.security was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	18.142.0.45 18.142.0.45	16509 (AMAZON-02) (AMAZON-02)
85	162.159.135.42 162.159.135.42	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6811:b849	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:d3cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6810:650c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:a852	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
14	52.202.69.186 52.202.69.186	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6810:5505	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:219... 2600:9000:2190:2c00:8:8d2f:9e00:21	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:296::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6812:1abe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.224.96.124 13.224.96.124	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::681a:c3b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	100.25.249.86 100.25.249.86	14618 (AMAZON-AES) (AMAZON-AES)
2 2	2620:119:50e3... 2620:119:50e3:101::6cae:b45	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2	13.224.196.103 13.224.196.103	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
14	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:400c:c04::9d	15169 (GOOGLE) (GOOGLE)
1	13.224.96.67 13.224.96.67	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:43b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
5	89.187.169.47 89.187.169.47	60068 (CDN77 ^_^) (CDN77 ^_^)
1	13.224.96.92 13.224.96.92	16509 (AMAZON-02) (AMAZON-02)
1	13.224.96.34 13.224.96.34	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:210... 2600:9000:2104:6a00:10:7994:d200:21	16509 (AMAZON-02) (AMAZON-02)
8	35.174.78.146 35.174.78.146	14618 (AMAZON-AES) (AMAZON-AES)
2	52.89.105.17 52.89.105.17	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:3::622 2a04:4e42:3::622	54113 (FASTLY) (FASTLY)
246	45

1 18.142.0.45 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-142-0-45.ap-southeast-1.compute.amazonaws.com

links.readitquik.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

85 162.159.135.42 (None, )

ASN13335 (CLOUDFLARENET, US)

orca.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:b849 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d3cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 52.202.69.186 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-1-ue1.aws.pardot.com

go.orca.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5505 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:2c00:8:8d2f:9e00:21 (United States)

ASN16509 (AMAZON-02, US)

ddzuuyx7zj81k.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:296::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1abe (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-124.zrh50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:c3b (United States)

ASN13335 (CLOUDFLARENET, US)

www.clickcease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 100.25.249.86 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-25-249-86.compute-1.amazonaws.com

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e3:101::6cae:b45 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.196.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-196-103.fra2.r.cloudfront.net

services.infinigrow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-67.zrh50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:43b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 89.187.169.47 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-47.cdn77.com

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-92.zrh50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-34.zrh50.r.cloudfront.net

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2104:6a00:10:7994:d200:21 (United States)

ASN16509 (AMAZON-02, US)

dss6ntp5q2r0o.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.174.78.146 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-5-ue1.aws.pardot.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.89.105.17 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-89-105-17.us-west-2.compute.amazonaws.com

sp.infinigrow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::622 (United States)

ASN54113 (FASTLY, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
99	orca.security orca.security go.orca.security	2 MB
31	gstatic.com fonts.gstatic.com www.gstatic.com	3 MB
14	google.com www.google.com	68 KB
11	qualified.com js.qualified.com app.qualified.com	716 KB
10	googleapis.com fonts.googleapis.com ajax.googleapis.com	194 KB
9	google-analytics.com www.google-analytics.com	115 KB
8	pardot.com pi.pardot.com	20 KB
7	zoominfo.com ws.zoominfo.com ws-assets.zoominfo.com	122 KB
6	omappapi.com a.omappapi.com api.omappapi.com	125 KB
4	infinigrow.com services.infinigrow.com sp.infinigrow.com	1 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	2 KB
4	googletagmanager.com www.googletagmanager.com	180 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	63 KB
3	hsforms.net js.hsforms.net	295 KB
2	hubspot.com track.hubspot.com	1 KB
2	facebook.com www.facebook.com	164 B
2	google.de www.google.de	217 B
2	doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net	1 KB
2	facebook.net connect.facebook.net	97 KB
2	cloudfront.net ddzuuyx7zj81k.cloudfront.net dss6ntp5q2r0o.cloudfront.net	28 KB
1	wistia.com fast.wistia.com Failed	104 KB
1	twitter.com analytics.twitter.com	658 B
1	hs-banner.com js.hs-banner.com	16 KB
1	hs-analytics.net js.hs-analytics.net	20 KB
1	t.co t.co	454 B
1	clickcease.com www.clickcease.com	25 KB
1	g2crowd.com tracking.g2crowd.com	1 KB
1	googleadservices.com www.googleadservices.com	14 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	licdn.com snap.licdn.com	2 KB
1	hsforms.com forms.hsforms.com	4 KB
1	cloudflare.com cdnjs.cloudflare.com	29 KB
1	hs-scripts.com js.hs-scripts.com	878 B
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	22 KB
1	readitquik.us 1 redirects links.readitquik.us	262 B
0	insiderdata360online.com Failed insiderdata360online.com Failed
246	36

	Domain	Requested by
85	orca.security	orca.security
17	www.gstatic.com	www.google.com www.gstatic.com
14	www.google.com	orca.security go.orca.security www.gstatic.com
14	go.orca.security	orca.security go.orca.security js.qualified.com pi.pardot.com
14	fonts.gstatic.com	fonts.googleapis.com www.google.com
10	app.qualified.com	js.qualified.com app.qualified.com
9	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com go.orca.security
8	pi.pardot.com	go.orca.security pi.pardot.com orca.security
8	fonts.googleapis.com	orca.security go.orca.security a.omappapi.com
5	a.omappapi.com	www.googletagmanager.com a.omappapi.com orca.security
4	ws.zoominfo.com	orca.security ws-assets.zoominfo.com
4	www.googletagmanager.com	orca.security go.orca.security
3	ws-assets.zoominfo.com	orca.security go.orca.security
3	js.hsforms.net	orca.security js.hsforms.net
2	track.hubspot.com
2	sp.infinigrow.com	dss6ntp5q2r0o.cloudfront.net
2	ajax.googleapis.com	go.orca.security
2	www.facebook.com	orca.security connect.facebook.net
2	www.google.de	orca.security
2	services.infinigrow.com	ddzuuyx7zj81k.cloudfront.net
2	px.ads.linkedin.com	2 redirects
2	connect.facebook.net	orca.security connect.facebook.net
1	fast.wistia.com	pi.pardot.com
1	dss6ntp5q2r0o.cloudfront.net	ddzuuyx7zj81k.cloudfront.net
1	api.omappapi.com	a.omappapi.com
1	vars.hotjar.com	static.hotjar.com
1	analytics.twitter.com	static.ads-twitter.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	script.hotjar.com	static.hotjar.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	t.co	orca.security
1	googleads.g.doubleclick.net	www.googleadservices.com
1	px4.ads.linkedin.com	orca.security
1	www.linkedin.com	1 redirects
1	js.qualified.com	www.googletagmanager.com
1	www.clickcease.com	orca.security
1	static.hotjar.com	orca.security
1	tracking.g2crowd.com	orca.security
1	www.googleadservices.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	ddzuuyx7zj81k.cloudfront.net	orca.security
1	forms.hsforms.com	js.hsforms.net
1	cdnjs.cloudflare.com	orca.security
1	js.hs-scripts.com	orca.security
1	maxcdn.bootstrapcdn.com	orca.security
1	links.readitquik.us	1 redirects
0	insiderdata360online.com Failed	orca.security
246	49

This site contains links to these domains. Also see Links.

Domain
orcasecurity.zendesk.com
app.orcasecurity.io
www.datacenterknowledge.com
securityintelligence.com
aws.amazon.com
www.businessinsider.com
beta.darkreading.com
twitter.com
www.linkedin.com
www.youtube.com
www.g2.com
support.orca.security
www.facebook.com

Subject Issuer	Validity	Valid
orca.security Cloudflare Inc ECC CA-3	`2021-07-22` - `2022-07-21`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2021-06-04` - `2022-06-03`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
go.orca.security R3	`2021-08-10` - `2021-11-08`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
*.g2crowd.com Sectigo ECC Domain Validation Secure Server CA	`2020-08-30` - `2021-09-28`	a year	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
js.qualified.com R3	`2021-06-24` - `2021-09-22`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
services.infinigrow.com Amazon	`2021-07-26` - `2022-08-24`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
a.omappapi.com R3	`2021-07-28` - `2021-10-26`	3 months	crt.sh
api.opmnstr.com Amazon	`2021-03-11` - `2022-04-09`	a year	crt.sh
pi.pardot.com DigiCert SHA2 Secure Server CA	`2020-12-05` - `2021-12-04`	a year	crt.sh
sp.infinigrow.com Amazon	`2021-03-25` - `2022-04-23`	a year	crt.sh
app.qualified.com R3	`2021-06-24` - `2021-09-22`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2021-06-26` - `2022-06-25`	a year	crt.sh
fast.wistia.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh

This page contains 13 frames:

Primary Page: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Frame ID: C5F59F985279C07F4C85ECFE095EE09A
Requests: 160 HTTP requests in this frame

Frame: https://go.orca.security/l/898611/2020-12-11/2vsl
Frame ID: DB0A2E2ADB1D89638BB08F17ACA01673
Requests: 14 HTTP requests in this frame

Frame: https://go.orca.security/l/898611/2020-12-11/2vsj
Frame ID: 68381CE70F5AC0C95D3A7490357A5B8D
Requests: 20 HTTP requests in this frame

Frame: https://go.orca.security/l/898611/2020-12-11/2vsj
Frame ID: FF02D89E42C7704E3B01F9ABF6318380
Requests: 18 HTTP requests in this frame

Frame: https://js.hsforms.net/forms/v2.js
Frame ID: ABA84BB1DD7B9CB9EDCA3134E048A2F2
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&size=normal&cb=sdebzh9keldm
Frame ID: 47359F531D01011E521410D5119AD6BC
Requests: 8 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Frame ID: 50444529C7D5F760B9107CA812C560EA
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&size=normal&cb=fzde2xmmcq53
Frame ID: 209FCB929BD4ABB5A6AF056AE75FE54A
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&size=normal&cb=ei5z27wyufj3
Frame ID: 95DB02C82CC7380205AEC8EA75897FDB
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=u9x0uqx4o07k
Frame ID: 303457E8111791291759C75020CCFC25
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=exulxto0dxwj
Frame ID: DC75CD46B27AA0AE496B86113F950A20
Requests: 3 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
Frame ID: ED338C37027402E9CD4940862E39EAE1
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=fizr76xek7qa
Frame ID: F42FC14AAAC58CC4D10CE0B643526119
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Malware in the Cloud: Challenges and Best Practices - Orca Security

Page URL History Show full URLs

http://links.readitquik.us/els/v2/_4bwFk9A70sX/cmRNU3ozb2xtTkMwTUR3aWYvWDIwZmVpSHhRSnZZYm1OK010NlB4alFX... HTTP 302
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

246
Requests

96 %
HTTPS

64 %
IPv6

36
Domains

49
Subdomains

45
IPs

5
Countries

7768 kB
Transfer

15957 kB
Size

4
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://orcasecurity.zendesk.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://app.orcasecurity.io/login
Title: Login

Search URL Search Domain Scan URL

URL: https://www.datacenterknowledge.com/security/report-cloud-security-breaches-surpass-prem-ones-first-time
Title: sharpening their efforts

Search URL Search Domain Scan URL

URL: https://securityintelligence.com/news/over-half-malware-delivered-via-cloud-applications/
Title: compromising cloud applications and assets

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/compliance/shared-responsibility-model/
Title: shared responsibility model

Search URL Search Domain Scan URL

URL: https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12
Title: SolarWinds customers were compromised

Search URL Search Domain Scan URL

URL: https://beta.darkreading.com/omdia/kaseya-hacked-via-authentication-bypass?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Title: customers of Kesaya

Search URL Search Domain Scan URL

URL: https://twitter.com/OrcaSec
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/orca-security/
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/orcasecurity
Title:

Search URL Search Domain Scan URL

URL: https://www.g2.com/products/orca-security/reviews
Title:

Search URL Search Domain Scan URL

URL: https://app.orcasecurity.io/
Title: Login

Search URL Search Domain Scan URL

URL: http://support.orca.security/resources/
Title: Support

Search URL Search Domain Scan URL

URL: http://www.facebook.com/Orca-Security-551725845231220
Title: Facebook-f

Search URL Search Domain Scan URL

URL: http://twitter.com/OrcaSec
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/35573984
Title: Linkedin-in

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCgCyH7xISzQGbpzfnIaWy_w
Title: Youtube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://links.readitquik.us/els/v2/_4bwFk9A70sX/cmRNU3ozb2xtTkMwTUR3aWYvWDIwZmVpSHhRSnZZYm1OK010NlB4alFXZCs5Y2pYRHE1OWpTalNUalZwWnNlZ3JNSGVZZmJIRUtYb09oM2U2SldsWVFuWjQwSitYcHNJd1hMUVgzUGhVYVU9S0/ HTTP 302
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 123

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1629408193645&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1286465%26time%3D1629408193645%26url%3Dhttps%253A%252F%252Forca.security%252Fresources%252Fblog%252Fcloud-malware-challenges-best-practices%252F%253Fsiteid%253DRIQSITE%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1629408193645&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1629408193645&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true&e_ipv6=AQLNTwNsscp5jQAAAXtgS-4EetMk3tc_t68o44AbPIVcKK7XtbZDr2fFVVC5uLPQ674dN2oj

246 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
orca.security/resources/blog/cloud-malware-challenges-best-practices/
Redirect Chain

http://links.readitquik.us/els/v2/_4bwFk9A70sX/cmRNU3ozb2xtTkMwTUR3aWYvWDIwZmVpSHhRSnZZYm1OK010NlB4alFXZCs5Y2pYRHE1OWpTalNUalZwWnNlZ3JNSGVZZmJIRUtYb09oM2U2SldsWVFuWjQwSitYcHNJd1hMUVgzUGhVYVU9S0/
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

634 KB
95 KB

1199ms
1133ms

Document
text/html

162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db1ba52d021fb58e76bf046347fff38fb59089ee85a9695d7f091309147e1523

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: orca.security
:scheme: https
:path: /resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:12 GMT
content-type: text/html; charset=UTF-8
cf-ray: 6816710b2d8253aa-LHR
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://orca.security/resources/wp-json/>; rel="https://api.w.org/", <https://orca.security/resources/wp-json/wp/v2/posts/4106>; rel="alternate"; type="application/json", <https://orca.security/resources/?p=4106>; rel=shortlink
set-cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757; path=/
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
ki-edge: v=16.2
pragma: no-cache
x-content-type-options: nosniff
x-edge-location-klb: 1
x-kinsta-cache: BYPASS
x-pingback: https://orca.security/resources/xmlrpc.php
server: cloudflare
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

location: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
content-language: en-US
content-length: 0
date: Thu, 19 Aug 2021 21:23:11 GMT
x-envoy-upstream-service-time: 5
server: istio-envoy

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 141 KB
22 KB 58ms
38ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://orca.security
Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 10234858
cdn-cachedat: 2021-04-23 12:06:36
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: aa8dfdbb3012b19901a804376c336a28
cf-ray: 6816711258ed435d-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
729 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 20:46:58 GMT
server: ESF
date: Thu, 19 Aug 2021 21:23:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 Aug 2021 21:23:12 GMT

GET
H3-29 200 style.min.css
orca.security/resources/wp-content/themes/astra/assets/css/minified/ 71 KB
12 KB 687ms
657ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/astra/assets/css/minified/style.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef2b6a048828ba900123bc05b019ded3252e9b21260d7402fc9d11a321fb3dc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/astra/assets/css/minified/style.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:47:23 GMT
server: cloudflare
etag: W/"60f18deb-11b63"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671127e0ad218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 2 KB
552 B 24ms
22ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C&display=fallback&ver=3.6.4

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d39e13725b21bae85d8ec5a33e089d49b52ea78390dabf5e426751414499d0f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 21:23:12 GMT
server: ESF
date: Thu, 19 Aug 2021 21:23:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 Aug 2021 21:23:12 GMT

GET
H3-29 200 style.min.css
orca.security/resources/wp-includes/css/dist/block-library/ 57 KB
9 KB 622ms
618ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/css/dist/block-library/style.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-e33b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132e92d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.css
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/css/ 69 KB
10 KB 622ms
618ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50bbb02baec0ea54be304a070a2c6d815f65ee593c04f0fd81f81ee4dc0133e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-11413"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132e94d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 flatpickr.min.css
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 16 KB
3 KB 673ms
667ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

661e00570c65c29528d9ce6ee19e5e9939986716c293def67b07f8b6a191b018

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-3e52"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132e97d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 select2.min.css
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/ 15 KB
2 KB 649ms
641ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-3a75"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132e98d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 elementor-icons.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/eicons/css/ 17 KB
4 KB 649ms
641ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e36eaa6e7cebbd4138dfb008ee3d53ab8195f45953b0f4f27d0d8156ab059021

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:34 GMT
server: cloudflare
etag: W/"60f0ad6e-4350"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132e99d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 animations.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/animations/ 18 KB
3 KB 649ms
641ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/animations/animations.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/animations/animations.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:37 GMT
server: cloudflare
etag: W/"60f0ad35-4824"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132e9ad218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend-legacy.min.css
orca.security/resources/wp-content/plugins/elementor/assets/css/ 4 KB
918 B 674ms
666ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e5aeaa58ab4c2345953f77e07fbc20578326076a259ed702eea64e077fde675

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:07 GMT
server: cloudflare
etag: W/"60f0acdb-f0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132e9bd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.css
orca.security/resources/wp-content/plugins/elementor/assets/css/ 115 KB
17 KB 673ms
665ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/css/frontend.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f9c38934fc41ee2a85f1a6e1ad59e96f7f1e73b9b4e653394708715d5ab32c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/css/frontend.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:08 GMT
server: cloudflare
etag: W/"60f0acdc-1cc44"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132e9ed218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-1480.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 1 KB
770 B 649ms
641ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-1480.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84053d1e000e4ec2e919fc747c16eb16856745bd7cdd0279ff6be2062f365650

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-1480.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:54 GMT
server: cloudflare
etag: W/"60f18fea-467"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132ea0d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.css
orca.security/resources/wp-content/plugins/elementor-pro/assets/css/ 237 KB
27 KB 649ms
641ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/css/frontend.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ceaa8c47e55f50794d42966a696f0f35149ffd1560c46eecbca911d6b48d9371

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/css/frontend.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:19 GMT
server: cloudflare
etag: W/"60f0aa17-3b299"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132ea2d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 all.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 58 KB
13 KB 673ms
665ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:37 GMT
server: cloudflare
etag: W/"60f0ad71-e7d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132ea4d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 v4-shims.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 26 KB
5 KB 673ms
666ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fda3035030d3843c2751dc0da65fb802230ec00a4008aeed83ddddc7b97cbc93

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:39 GMT
server: cloudflare
etag: W/"60f0ad73-684e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132ea6d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 global.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 36 KB
3 KB 674ms
666ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/global.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71a920e8af6069911a728a6768baf9c58e8f2dcc99599985f36f2110466457a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/global.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:55 GMT
server: cloudflare
etag: W/"60f18feb-9179"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132ea8d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-403.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 6 KB
1 KB 649ms
641ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-403.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3f972393cbaeb692394b14498f8f9526c5a75480fe6fed1a5d14e83109e0cf4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-403.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 14:26:30 GMT
server: cloudflare
etag: W/"60f19716-190a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132eaad218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-22.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 8 KB
1 KB 649ms
641ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-22.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f07ba5ad1ac0a01ef6b948f1a2223b2eff4e40f40da24614151b98939b6a5ef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-22.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:55 GMT
server: cloudflare
etag: W/"60f18feb-1eb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132eabd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-1240.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 2 KB
816 B 673ms
666ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-1240.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9b993464d1fb9e951a4e9c76d4d560b208604c73fa87c0a61091b5af0ddecec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-1240.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 14:38:20 GMT
server: cloudflare
etag: W/"60f199dc-8ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132eacd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-319.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 5 KB
1 KB 674ms
666ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-319.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8725ca355115b2fd4651581ad44a4115ec562fc3ad951c72b7da7f9c8e73051f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-319.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:55 GMT
server: cloudflare
etag: W/"60f18feb-12e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132eadd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-76.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 2 KB
903 B 674ms
667ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-76.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

285c3c6ca39b53ee2e65d425a7b26d8d9415a8e15c323aa1d73f3b79496400fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-76.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Wed, 28 Jul 2021 19:17:25 GMT
server: cloudflare
etag: W/"6101ad45-8f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132eaed218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 sassy-social-share-public.css
orca.security/resources/wp-content/plugins/sassy-social-share/public/css/ 34 KB
10 KB 674ms
667ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

182cab990c2118fcdb18feab5115335e4eb4bc0b38bb30a36c4e73c92b080ea4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:10:04 GMT
server: cloudflare
etag: W/"60f0259c-87d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132eafd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 sassy-social-share-svg.css
orca.security/resources/wp-content/plugins/sassy-social-share/admin/css/ 109 KB
35 KB 648ms
641ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/sassy-social-share/admin/css/sassy-social-share-svg.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7369eb7217705e08010dbd6c0ed5433f75e66391ff6f365372381b658b1f1da9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/sassy-social-share/admin/css/sassy-social-share-svg.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:10:08 GMT
server: cloudflare
etag: W/"60f025a0-1b41d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132eb0d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css2
fonts.googleapis.com/ 7 KB
661 B 22ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat%3Awght%40300%3B400%3B500%3B700&display=swap&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5c0fa704524cebac28ecc9aa8a2ad43d4d2d5e48980fdeec93253d6d9c61e98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 21:23:12 GMT
server: ESF
date: Thu, 19 Aug 2021 21:23:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 Aug 2021 21:23:12 GMT

GET
H3-29 200 slick.css
orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/ 2 KB
946 B 692ms
686ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:48 GMT
server: cloudflare
etag: W/"60f0276c-6f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132eb1d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 slick-theme.css
orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/ 3 KB
1 KB 693ms
686ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick-theme.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick-theme.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:48 GMT
server: cloudflare
etag: W/"60f0276c-c49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132eb3d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 bootstrap.min.css
orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/css/ 141 KB
21 KB 694ms
688ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/css/bootstrap.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/css/bootstrap.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:38 GMT
server: cloudflare
etag: W/"60f02762-235ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132eb4d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 style.css
orca.security/resources/wp-content/themes/incubator-child/ 13 KB
3 KB 694ms
688ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/style.css?version&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64380f313f85c6feb17b558f02b5b3d145bbf934a969e012302caac445a1922f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/style.css?version&ver=1.33
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sun, 18 Jul 2021 00:38:51 GMT
server: cloudflare
etag: W/"60f3781b-32df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132eb6d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 main.css
orca.security/resources/wp-content/themes/incubator-child/ 118 KB
15 KB 694ms
688ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5da80845be0b787ddf4abd8c116be05e185e3e928c2773d65abb55903e362175

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/main.css?version&ver=1.33
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sun, 18 Jul 2021 00:37:59 GMT
server: cloudflare
etag: W/"60f377e7-1d634"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132eb8d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 24 KB
1 KB 20ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.7.2

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7742176d36a9ea889f4db0a843e62f522ba690a8d514e91dd5aa09eccf7340ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 20:47:19 GMT
server: ESF
date: Thu, 19 Aug 2021 21:23:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 Aug 2021 21:23:12 GMT

GET
H3-29 200 fontawesome.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 57 KB
13 KB 695ms
689ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8d00356859998784bda26e1d14f2d981515921b96ded50d5d6f6f0e75bac15c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:38 GMT
server: cloudflare
etag: W/"60f0ad72-e238"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132ebad218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 solid.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 669 B
689 B 695ms
689ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ada5259a5ac61a7d68315f7efa6b98d61d2d0478df0545869c880afeaa67dcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:39 GMT
server: cloudflare
etag: W/"60f0ad73-29d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132ebdd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 brands.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 675 B
687 B 695ms
690ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71008cf308a9bb2a3a3ddaa973f816c0d3a11db5cc9e7bdd5498089423019b3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:37 GMT
server: cloudflare
etag: W/"60f0ad71-2a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132ebed218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.min.js Show response
orca.security/resources/wp-includes/js/jquery/ 87 KB
31 KB 695ms
690ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/jquery/jquery.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/jquery/jquery.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-15d98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132ebfd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery-migrate.min.js Show response
orca.security/resources/wp-includes/js/jquery/ 11 KB
4 KB 695ms
690ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/jquery/jquery-migrate.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132ec0d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 flatpickr.min.js Show response
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 47 KB
14 KB 695ms
690ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe2ac5219992a3608a5c9e2bc4759fac8fb2189b88d7a674d395ff6c435da536

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-bd86"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132ec1d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 select2.min.js Show response
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/ 69 KB
20 KB 695ms
690ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-114c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132ec2d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 gtm4wp-form-move-tracker.js Show response
orca.security/resources/wp-content/plugins/duracelltomi-google-tag-manager/js/ 1 KB
724 B 697ms
692ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc71c403dc6113c8597e111a99d6a6a197dd2f2355402f8392ca4812dca57d3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:06:30 GMT
server: cloudflare
etag: W/"60f024c6-5cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132ec3d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 v4-shims.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/js/ 15 KB
5 KB 697ms
692ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97cf1307c16a437b77b5f7f5c9bc0b985d0745a14be5a279019aca5a3432e264

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:43 GMT
server: cloudflare
etag: W/"60f0ad77-3acf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671132ec4d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css2
fonts.googleapis.com/ 7 KB
543 B 18ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 21:15:12 GMT
server: ESF
date: Thu, 19 Aug 2021 21:23:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 Aug 2021 21:23:12 GMT

GET
H3-29 200 logo-white.svg
orca.security/static-inc/images/ 6 KB
3 KB 218ms
213ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/logo-white.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b1378138bba66a489a96aa319ed93174ae2e9740c4e0dc6846c5f06d2193fb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/logo-white.svg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:05 GMT
server: cloudflare
etag: W/"60f12119-179c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190afdd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 logo.svg
orca.security/static-inc/images/ 6 KB
3 KB 663ms
658ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/logo.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05eee7dd84da8f541a1dfebd89d2a67e8b2322fced4845f991769c1df2d096ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/logo.svg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:05 GMT
server: cloudflare
etag: W/"60f12119-17b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190afed218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 icon-nav-side-scanning.svg
orca.security/static-inc/images/ 917 B
874 B 633ms
628ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-side-scanning.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44da12b1630d2ef003f2375847617620d5f4f7fae60a473b801cf55f15e6f9d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-side-scanning.svg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:05 GMT
server: cloudflare
etag: W/"60f12119-395"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190affd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 icon-nav-context-aware-security.svg
orca.security/static-inc/images/ 1 KB
911 B 637ms
632ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-context-aware-security.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7c1382f2a55b9cfed948b2a888fe6169dd173219e33ef7ce057ccb002fa93cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-context-aware-security.svg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:04 GMT
server: cloudflare
etag: W/"60f12118-5bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190b00d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 icon-nav-built-in-compliance.svg
orca.security/static-inc/images/ 985 B
893 B 637ms
632ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-built-in-compliance.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfca36025004c1f9a54e8bca2961cd7c2c7d030b9f098b2f8d044e25944b1fdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-built-in-compliance.svg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:04 GMT
server: cloudflare
etag: W/"60f12118-3d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190b02d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 icon-nav-customization.svg
orca.security/static-inc/images/ 2 KB
910 B 652ms
647ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-customization.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15cabbfbc427cf3a6e897a426fa4cfc26d7171ae72763fcccc3d066338f15bf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-customization.svg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:04 GMT
server: cloudflare
etag: W/"60f12118-609"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190b03d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 nav-join-the-program.jpg
orca.security/static-inc/images/ 93 KB
94 KB 213ms
208ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/nav-join-the-program.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d68519a3166f1d5cf914c9e2c228ce1415ecbe40c8630d7d5ce8675fdafb5902

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/nav-join-the-program.jpg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 95526
last-modified: Fri, 16 Jul 2021 15:27:41 GMT
server: cloudflare
etag: "60f1a56d-17526"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 681671190b04d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 nav-join-our-team.jpg
orca.security/static-inc/images/ 147 KB
148 KB 234ms
229ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/nav-join-our-team.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

598e0da49a0d44ca888818a794151e0be9e5a5801d78e53430f451a40d67e661

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/nav-join-our-team.jpg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 150742
last-modified: Fri, 16 Jul 2021 15:27:36 GMT
server: cloudflare
etag: "60f1a568-24cd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 681671190b05d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 nav-download-now.jpg
orca.security/static-inc/images/ 68 KB
68 KB 644ms
639ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/nav-download-now.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96456ea83a2a92121ff46321c0f0ca85237a5fbb1cc6391a7303057226b91529

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/nav-download-now.jpg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 69166
last-modified: Fri, 16 Jul 2021 15:27:36 GMT
server: cloudflare
etag: "60f1a568-10e2e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 681671190b06d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 authorphoto-150x150.jpeg
orca.security/resources/wp-content/uploads/sites/2/ 4 KB
4 KB 234ms
229ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/authorphoto-150x150.jpeg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3afe1773cbb9677bed9327f8f81058a02d8b593b22eb24a40658539bd8a5ead8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/authorphoto-150x150.jpeg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4082
last-modified: Thu, 15 Jul 2021 12:16:52 GMT
server: cloudflare
etag: "60f02734-ff2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 681671190b07d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 footer_badge_aws.svg
orca.security/wp-content/uploads/2021/08/ 45 KB
17 KB 658ms
653ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/08/footer_badge_aws.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8191aac24052007a5eb3dff74bbcde3d14bd1b9eac048a8b781c08e144089f25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/08/footer_badge_aws.svg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 07:11:27 GMT
server: cloudflare
etag: W/"6108ec1f-b499"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190b09d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 footer_badge_iso.svg
orca.security/wp-content/uploads/2021/08/ 33 KB
14 KB 646ms
641ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/08/footer_badge_iso.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c51831a289a042fb47236cc90db37a4d2cdd827d8ba95120de2cb55826e68664

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/08/footer_badge_iso.svg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 07:11:25 GMT
server: cloudflare
etag: W/"6108ec1d-850c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190b0ad218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 footer_badge_soc.svg
orca.security/wp-content/uploads/2021/08/ 50 KB
21 KB 659ms
654ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/08/footer_badge_soc.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e51cef74e27fe2fbf08417acdaeccb250743a28dc7b82d16ba26560981041e0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/08/footer_badge_soc.svg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 07:11:24 GMT
server: cloudflare
etag: W/"6108ec1c-c80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190b0bd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 logo.svg
orca.security/wp-content/uploads/2021/04/ 6 KB
3 KB 243ms
238ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/04/logo.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74706fc3a0764eb273029a2ca83422dd8663978130573095d48f7ed260f28671

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/04/logo.svg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 10:47:52 GMT
server: cloudflare
etag: W/"60f163d8-1709"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190b0dd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 570 KB
145 KB 42ms
25ms Script
application/javascript 2606:4700::6811:b849
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b849 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ef211d6fa0461f16d96f3595269a5d22b9713b949f6ef8190ac2a4c8eba18cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
via: 1.1 5a45573ebecfd555d93af04bbbcf0557.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 188
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 19 Aug 2021 09:49:06 UTC
server: cloudflare
etag: W/"be56a7fb2928f028c1a25b1bc9151236"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wY%2FaOES5v5T1ZxqHkxVk0TTILOg1LRR8QKDm2fBgSw5kh65WiS4W4mC1OlLykNDANLywSxpSZ4Z3kYDCxLt8Q6zkBGWx5XPq%2BjWdq%2BszZ97pVIppRNUp7jW%2F9eeWAn%2FKMrdN3vVTnp%2BjAVfa"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: kUB00ulVPwZoTL8c9HGFXrdSE8AcDtpg
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD66-C2
cf-ray: 6816711828fa05f5-FRA
x-amz-cf-id: NYz8YYnl75bQ333Km0euBDrXPluXHiAlk10Yd5NJxJ67EMaAVSj8aA==
x-hs-target-asset: FormsNext/static-5.359/bundles/project_with_deps.js

GET
H3-29 200 style.min.js Show response
orca.security/resources/wp-content/themes/astra/assets/js/minified/ 10 KB
3 KB 602ms
602ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/astra/assets/js/minified/style.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ef0899dadf11eccd489e8aca5ef79eaf9c1caa00f9f1d4d8ad45ff1ed375ccf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/astra/assets/js/minified/style.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:47:23 GMT
server: cloudflare
etag: W/"60f18deb-28d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671187a6bd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.js Show response
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/js/ 9 KB
3 KB 185ms
185ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

205988b80eeedc442aa4ba78fd4bda5b1b139415f3dc88043fc73adcd71cbae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-236e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 68167118dabdd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 dynamic-conditions-public.js Show response
orca.security/resources/wp-content/plugins/dynamicconditions/Public/js/ 2 KB
1 KB 212ms
206ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

751d5192326ddefce3e87157f7c9355217cdad7b4a969b5dd3161b4453671389

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:00:00 GMT
server: cloudflare
etag: W/"60f11250-8f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190ad9d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 5544741.js Show response
js.hs-scripts.com/ 988 B
878 B 175ms
147ms Script
application/javascript 2606:4700::6811:d3cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/5544741.js?integration=WordPress
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:d3cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7da8c2186e6dbaf934d64bb1ddb21c10b79ad1355b381868842e7e18aff29283

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
x-hubspot-correlation-id: 5fa08b50-e7b6-4192-9cdb-e0fa973b762f
x-trace: 2B28814CAB421BCA91E1B480B47C4E10277289D445000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://orca.security
access-control-max-age: 3600
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 681671192a4a4e86-FRA
expires: Thu, 19 Aug 2021 21:24:13 GMT

GET
H3-29 200 sassy-social-share-public.js Show response
orca.security/resources/wp-content/plugins/sassy-social-share/public/js/ 43 KB
11 KB 623ms
616ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afea7d7933d3140b754902ec8d48c7cc0db26b22f5912655b2fb1c1b07429478

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:10:04 GMT
server: cloudflare
etag: W/"60f0259c-ab59"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190adad218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 orca.js Show response
orca.security/resources/wp-content/themes/incubator-child/ 4 KB
2 KB 623ms
617ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/orca.js?version&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9e4a21d7a0dd665ebfe69752a801f9034ee7f4d7e5930cb267b6c48aa3bee31

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/orca.js?version&ver=1.33
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:24 GMT
server: cloudflare
etag: W/"60f02754-10fd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190adbd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 TweenMax.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.14.2/ 99 KB
29 KB 22ms
12ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.14.2/TweenMax.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9019bd99bb2b109f32b62d0439c01e6c9e828bfd160c1e254a5a0d1c7229a4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5434573
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 29505
cf-request-id: 0abdf800e200004a9104a3b000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-18d17"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Y49esxe0G6pUoL2xRoTKEj670SMDV2wPsUA2DKIK5SgLuNCbjXWoxY6e%2B6gC5p8Mt4ZzDWWJI6%2FjCmfIyBGPABZFoyginxXbrNVrb2Iu8c4UsX17ZbRgE8IkpIUpLRpzLVnPGOAp7%2Bn2fLbru%2B%2FFhke"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6816711908cc1f2d-FRA
expires: Tue, 09 Aug 2022 21:23:13 GMT

GET
H3-29 200 ScrollMagic.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/ 17 KB
6 KB 203ms
197ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/ScrollMagic.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/ScrollMagic.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:30 GMT
server: cloudflare
etag: W/"60f0275a-4416"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190adcd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 animation.gsap.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 1 KB
1 KB 205ms
198ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.gsap.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbd60db88b56b91e2c6ea79a36224ec46d01be9b58cf87db5176c86681f9270a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.gsap.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:32 GMT
server: cloudflare
etag: W/"60f0275c-508"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190aded218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 animation.velocity.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 1 KB
1 KB 621ms
614ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.velocity.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20ffeeb1b6274d88ea1a05f79a414e6bb12189c7516514c75067d081dcd47819

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.velocity.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:32 GMT
server: cloudflare
etag: W/"60f0275c-5b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190adfd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 debug.addIndicators.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 7 KB
3 KB 223ms
216ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/debug.addIndicators.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c15402dcdd0b03490883b62681c0d676af10894c7ce55218650d0f3827c6f0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/debug.addIndicators.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:30 GMT
server: cloudflare
etag: W/"60f0275a-1bb8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190ae0d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.ScrollMagic.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 495 B
690 B 206ms
199ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/jquery.ScrollMagic.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcca65cc24a8fa93b8c1c9b3fdab3c155b5a6c5e6013d1b0aa4e4447c8eec77c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/jquery.ScrollMagic.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:32 GMT
server: cloudflare
etag: W/"60f0275c-1ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190ae1d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 bootstrap.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/js/ 48 KB
13 KB 216ms
209ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/js/bootstrap.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/js/bootstrap.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:36 GMT
server: cloudflare
etag: W/"60f02760-bf30"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190ae2d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 iframeResizer.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/ 2 KB
2 KB 219ms
212ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/iframeResizer.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60aad8b6f919b3ac201f9441562712b6b4071e6e2928577910f31ca424ffa397

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/iframeResizer.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:26 GMT
server: cloudflare
etag: W/"60f02756-881"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190ae4d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 match-height.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/ 3 KB
2 KB 210ms
204ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/match-height.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c76c6456972a640a9057ae6e6ce9099722910ac60e2f31e514a1bf0066d9d64d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/match-height.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:26 GMT
server: cloudflare
etag: W/"60f02756-d55"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190ae6d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.waypoints.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/waypoints/lib/ 9 KB
3 KB 219ms
212ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/waypoints/lib/jquery.waypoints.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

368daab67b1a5b2b2802edbbac79a2aa4ba992a2ebf9c67b98ad784d8004018c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/waypoints/lib/jquery.waypoints.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:50 GMT
server: cloudflare
etag: W/"60f0276e-2344"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190ae7d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 slick.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/ 87 KB
16 KB 625ms
618ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0aaa4cf927b0e3631cffbe62f6786810aa65348483cd950e49f634a0881b16b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:48 GMT
server: cloudflare
etag: W/"60f0276c-15b7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190ae8d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 wp-embed.min.js Show response
orca.security/resources/wp-includes/js/ 1 KB
1 KB 226ms
220ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/wp-embed.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/wp-embed.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-592"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190ae9d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 webpack-pro.runtime.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/js/ 5 KB
3 KB 211ms
205ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52adbaf8b7004e3e0ef2b06be5492748eeef0bdfbc2d91b4aa3aa7ddd7028703

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:44 GMT
server: cloudflare
etag: W/"60f0aa30-1556"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190aead218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 webpack.runtime.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 644ms
637ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5641645c15c48b3ff5ce52e718563e1d04d18492e552eb126862768327e2855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:25 GMT
server: cloudflare
etag: W/"60f0aced-12a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190aebd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend-modules.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 63 KB
22 KB 228ms
221ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/frontend-modules.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8e1bb6afaee4a9709470e6bc6712a4288aab63eff4a430e75935d0095648bb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/frontend-modules.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:21 GMT
server: cloudflare
etag: W/"60f0ace9-fd92"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190aecd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.sticky.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/lib/sticky/ 6 KB
2 KB 660ms
654ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:36:28 GMT
server: cloudflare
etag: W/"60f0aa5c-19c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190aedd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/js/ 58 KB
16 KB 654ms
647ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

785c1179e9138a30fccbcd502d81ad2920049a12fd3d83fae433052e9be4c62f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:36 GMT
server: cloudflare
etag: W/"60f0aa28-e60d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190aefd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 waypoints.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 637ms
631ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:53 GMT
server: cloudflare
etag: W/"60f0ad45-2fa6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190af0d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 core.min.js Show response
orca.security/resources/wp-includes/js/jquery/ui/ 20 KB
7 KB 629ms
623ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/jquery/ui/core.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/jquery/ui/core.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-5133"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190af1d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 swiper.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/swiper/ 136 KB
36 KB 645ms
639ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:51 GMT
server: cloudflare
etag: W/"60f0ad43-21f91"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190af3d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 share-link.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/share-link/ 3 KB
1 KB 216ms
210ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a7ee62eb33f3bbb66c2151e5cac6bf4904e28302efc36128f3e3ccae6fde580

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:49 GMT
server: cloudflare
etag: W/"60f0ad41-a12"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190af4d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 dialog.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/dialog/ 11 KB
4 KB 633ms
627ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2989e0b9e836cb9de3274d641ec6a58c2052f039e790ddd59b22303930bfdeeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:39 GMT
server: cloudflare
etag: W/"60f0ad37-2a6f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190af6d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 66 KB
20 KB 211ms
205ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/frontend.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17f076500dca787c42b1dd6238ce50a0752771eafd040e8512c713a7ec947c65

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/frontend.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:21 GMT
server: cloudflare
etag: W/"60f0ace9-1086a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190af7d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 preloaded-elements-handlers.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/js/ 160 KB
39 KB 654ms
648ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

897ebbdf379aeb2c751275f083d298f15b094902c6bd6a66405ffb0604c64124

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:41 GMT
server: cloudflare
etag: W/"60f0aa2d-27e8a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190af8d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 preloaded-modules.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 57 KB
17 KB 637ms
631ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d882dbd828af87ed3434862bf608a2dee6d347817ae547421c9b2051ce29a905

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:23 GMT
server: cloudflare
etag: W/"60f0aceb-e2e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190afad218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 scripts.min.js Show response
orca.security/static-inc/js/ 374 KB
100 KB 651ms
646ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/static-inc/js/scripts.min.js?ver=1.0

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9703acf1b9ace4e69669e5472063f067cfaf6eba3dff61ec47b95db163a3158

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/js/scripts.min.js?ver=1.0
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:17:23 GMT
server: cloudflare
etag: W/"60f12473-5d9e1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671190afcd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 169 KB
60 KB 30ms
25ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7ed371ce600209a847c61a6c15d24968a554b6ecb66065c552f6fc998c041ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61127
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 19 Aug 2021 21:23:13 GMT

GET
H2 200 KoeEOMZRk0HPEBurl41R Show response
ws.zoominfo.com/pixel/ 0
490 B 199ms
171ms Script
text/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/KoeEOMZRk0HPEBurl41R

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 68167119291ddfc7-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
content-length: 0

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 122 KB
40 KB 87ms
53ms Script
application/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 654
x-guploader-uploadid: ADPycdtFH5FjRhc32pGuwoYS0hbcMDsPfYYalRdG_XhSIFzzgtIJLOfdqWDNYG_HFsERFBSe_o5pE-uc4m_J-Phy5m_QkAztmg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Wed, 14 Jul 2021 10:39:08 GMT
server: cloudflare
etag: W/"1e1e37b752fd19a94113b3725ef35506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EP8N2g==, md5=Hh43t1L9GalBE7NyXvNVBg==
x-goog-generation: 1626259148350866
cache-control: public, max-age=3600
x-goog-stored-content-length: 124580
cf-ray: 681671193b8505f1-FRA
expires: Thu, 19 Aug 2021 22:12:19 GMT

GET
DATA 200
OK truncated
/ 219 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34b499c3bed76acb12665df0c8b65d14bac3ee6161e420a9403bd694be549e78

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 682 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c2e8b4fba49f90cfca5a43371c09879aed7447e0ba2ed4abd75b81448776c4f7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 425 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 54c9560cb0117d8d1f955aefe0f88b843517964e118512d8f1a224a8a9b662f4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 302 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b980f62a2d545d64f24e6f96902c8fbf5da0018569c369bc18f9e5b5fcf099ed

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H3-29 200 rings-small.png
orca.security/resources/wp-content/themes/incubator-child/images/ 13 KB
13 KB 613ms
613ms Image
image/png 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/images/rings-small.png

Requested by

Host: orca.security
URL: https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f57f8ab879288c31393c0234a10d05b7b8955999a0192d4b17d4bf6c4769a18

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/images/rings-small.png
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 13301
last-modified: Thu, 15 Jul 2021 12:17:26 GMT
server: cloudflare
etag: "60f02756-33f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 681671192b13d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ 20 KB
20 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat%3Awght%40300%3B400%3B500%3B700&display=swap&ver=1.33

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 00:38:53 GMT
x-content-type-options: nosniff
age: 247460
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20040
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:44 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 00:38:53 GMT

GET
H2 200 xn7gYHE41ni1AdIRggexSg.woff2
fonts.gstatic.com/s/manrope/v4/ 22 KB
22 KB 10ms
8ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/manrope/v4/xn7gYHE41ni1AdIRggexSg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a41d60f8ac48aafcddd891ddebb318735c5684c4d8c8971f2a236233f89fc3be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 16 Aug 2021 18:31:27 GMT
x-content-type-options: nosniff
age: 269506
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22788
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 21:57:26 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Aug 2022 18:31:27 GMT

GET
H3-29 200 orca.ttf
orca.security/fonts/ 2 KB
2 KB 628ms
627ms Font
application/x-font-ttf 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/fonts/orca.ttf?vhq0nq

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb0772532e523b486ea3419e8de8a9a40a0f632bf85ddf21f0d8753427972280

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://orca.security
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
:path: /fonts/orca.ttf?vhq0nq
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://orca.security
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:28:50 GMT
server: cloudflare
etag: W/"60f12722-940"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 681671193b1ad218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 fa-solid-900.woff2
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 78 KB
79 KB 214ms
213ms Font
application/font-woff2 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2

Requested by

Host: orca.security
URL: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://orca.security
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: orca.security
referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://orca.security
Referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 80300
last-modified: Thu, 15 Jul 2021 21:49:47 GMT
server: cloudflare
etag: "60f0ad7b-139ac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 681671193b1cd218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 fa-brands-400.woff2
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 77 KB
77 KB 627ms
626ms Font
application/font-woff2 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2

Requested by

Host: orca.security
URL: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://orca.security
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: orca.security
referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://orca.security
Referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 78460
last-modified: Thu, 15 Jul 2021 21:49:45 GMT
server: cloudflare
etag: "60f0ad79-1327c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 681671193b1ed218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 06:52:18 GMT
x-content-type-options: nosniff
age: 225055
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 06:52:18 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v27/ 17 KB
17 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.7.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 04:27:12 GMT
x-content-type-options: nosniff
age: 233761
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17304
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 04:27:12 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 03:00:34 GMT
x-content-type-options: nosniff
age: 238959
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 03:00:34 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 16 KB
16 KB 19ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 01:12:52 GMT
x-content-type-options: nosniff
age: 245421
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 01:12:52 GMT

GET
H3-29 200 KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2
fonts.gstatic.com/s/roboto/v27/ 17 KB
17 KB 14ms
8ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a938256d2de59b044f8ca7c7aa0c788ed2ffa9a48bf0e3930a5830c4298f509

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 01:12:58 GMT
x-content-type-options: nosniff
age: 245415
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17380
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:45 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 01:12:58 GMT

GET
H3-29 200 ORC03296_Graphic-Request_Malware-Blog_1200x628_R3V2.jpg
orca.security/resources/wp-content/uploads/sites/2/ 419 KB
420 KB 614ms
613ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/ORC03296_Graphic-Request_Malware-Blog_1200x628_R3V2.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be29174d2fe6ed8aad6c27420ce60f754419d072bfb1603ffa20626463295a57

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/ORC03296_Graphic-Request_Malware-Blog_1200x628_R3V2.jpg
pragma: no-cache
cookie: PHPSESSID=60df5f840a9b0664deaaf6b167ac1757
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 429292
last-modified: Thu, 15 Jul 2021 12:15:52 GMT
server: cloudflare
etag: "60f026f8-68cec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 68167119bbb4d218-MAN
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.0 200
OK Cookie set 2vsl Show response
go.orca.security/l/898611/2020-12-11/ Frame DB0A 6 KB
3 KB 765ms
434ms Document
text/html 52.202.69.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-1-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 3b8445ffccb8367866ab9a95af5439a7faffcb30a67e7902324192a6059b056a

Request headers

Host: go.orca.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Date: Thu, 19 Aug 2021 21:23:13 GMT
Set-Cookie: pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id898611=609917230; expires=Sun, 17-Aug-2031 21:23:14 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id898611-hash=ea779a65ab03a0ed188bd14fad010410257af7e851064a54595f63e777e2e2811bb678b804dcf27e66486ca9add75fe81cce71f1; expires=Sun, 17-Aug-2031 21:23:14 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pardot-Rsp: 16/50/255
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 2231
Content-Type: text/html; charset=utf-8
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
Server: PardotServer
X-Pardot-LB: 4208770abb36eec2b2f3a1c951758cc1
Connection: keep-alive

GET
H/1.0 200
OK Cookie set 2vsj Show response
go.orca.security/l/898611/2020-12-11/ Frame 6838 28 KB
9 KB 595ms
254ms Document
text/html 52.202.69.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-1-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 1eda50fcc641bd8a7844d4f8e26acd9e2bab6c524f61701774d12a741420af93

Request headers

Host: go.orca.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Date: Thu, 19 Aug 2021 21:23:13 GMT
Set-Cookie: pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id898611=609917224; expires=Sun, 17-Aug-2031 21:23:14 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id898611-hash=38f2ce4464d445ed716bbdfcfdaac9fe807b72cdf34ddf5cc4aa072f8493b85226320768bd1fc63316bed92f940a0701f05add09; expires=Sun, 17-Aug-2031 21:23:14 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pardot-Rsp: 16/80/68
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 7986
Content-Type: text/html; charset=utf-8
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
Server: PardotServer
X-Pardot-LB: 4208770abb36eec2b2f3a1c951758cc1
Connection: keep-alive

GET
H/1.0 200
OK Cookie set 2vsj Show response
go.orca.security/l/898611/2020-12-11/ Frame FF02 28 KB
9 KB 601ms
289ms Document
text/html 52.202.69.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-1-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 1eda50fcc641bd8a7844d4f8e26acd9e2bab6c524f61701774d12a741420af93

Request headers

Host: go.orca.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Date: Thu, 19 Aug 2021 21:23:13 GMT
Set-Cookie: pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id898611=609917226; expires=Sun, 17-Aug-2031 21:23:14 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id898611-hash=153c025592971fcea0335ec6c9d003ec8fe74a490823f2a7aeb39113732ff85f48ea3313ed76f4c2c5fd7ef3e843459e60bd967c; expires=Sun, 17-Aug-2031 21:23:14 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pardot-Rsp: 16/50/255
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 7986
Content-Type: text/html; charset=utf-8
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
Server: PardotServer
X-Pardot-LB: 4208770abb36eec2b2f3a1c951758cc1
Connection: keep-alive

GET
H2 403 getMapping Show response
ws.zoominfo.com/form-complete/ 26 B
182 B 137ms
137ms XHR
application/json 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/form-complete/getMapping?formId=wymcNktFMIhtz4zMJ4Cn

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

d9fd9e2d2293c369f4aa2abe2dcdee1ff7135ceb33f12cdfab98a348bf9ac455

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
via: 1.1 google
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://orca.security
access-control-allow-credentials: true
cf-ray: 6816711a0a42dfc7-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
etag: W/"1a-6NuuSjmV14w26uMjJ2AMk7q0aZk"

GET
H2 200 03772d1e-aef0-4e74-a117-9f4ee3b9e51c Show response
forms.hsforms.com/embed/v3/form/5544741/ 12 KB
4 KB 145ms
128ms Script
application/javascript 2606:4700::6810:5505
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/5544741/03772d1e-aef0-4e74-a117-9f4ee3b9e51c?callback=hs_reqwest_0&hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5505 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

646da9413561f83e247e0e2e02a54bb0bd2398635c330a1f00c56f21c1230dc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 110b9e9e-fec3-4806-8fe5-93944a89a9e0
cf-ray: 6816711a4cae4ab0-FRA
content-disposition: attachment; filename=no-rfd.txt
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
x-trace: 2BCF43D2C2EFBF9C5B9208620724AF78524A5682C9000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 attributionSnippet.js Show response
ddzuuyx7zj81k.cloudfront.net/1.0.0/ 6 KB
2 KB 54ms
12ms Script
application/javascript 2600:9000:2190:2c00:8:8d2f:9e00:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:2c00:8:8d2f:9e00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7fc2adee3e43f35ce8e32c26f8d8cc18c647e98f5d82106937a981db839897d5

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 13:57:22 GMT
content-encoding: gzip
last-modified: Mon, 07 Dec 2020 13:24:02 GMT
server: AmazonS3
age: 26752
etag: W/"095ed9e012f89a607e757ca1e6ae6cec"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: byeHX812S_yqEUlWJThDSpvTDsdImXfO
via: 1.1 110750d14d1d900cd5c76d0ac872f5dd.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript
x-amz-cf-id: jgcDbNtlUd8bA8OqXAuxqZcYLrpbX554Z0VTuhxcT1xLWseMk758XA==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 6ms
6ms Script
application/x-javascript 2a02:26f0:6c00:296::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:296::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:13 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Aug 2021 21:34:05 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=41044
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 9ms
5ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 572
date: Thu, 19 Aug 2021 21:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 19 Aug 2021 23:13:41 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 32ms
7ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a53ea60fbea6cb1775430998564d5f295aba7d3bfe548a0ba79aa2a049aba839

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
via: 1.1 varnish
last-modified: Mon, 12 Jul 2021 21:25:31 GMT
age: 65796
etag: "65cf0c0ceb852397f0d1e6732cd3c533+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1958
x-timer: S1629408194.665987,VS0,VE0
x-served-by: cache-fra19150-FRA

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 32ms
29ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

1c3bd00be556bf95f92a2ab1119b8b26544a1997ab0c09f86490bc32339ad32e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13981
x-xss-protection: 0
server: cafe
etag: 6132654052448080839
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 19 Aug 2021 21:23:13 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
25 KB 8ms
6ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

525f091870c1282bb4823f9e64192983f1652a3bbc84c97ca5e6c4f063ca6e82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25940
x-xss-protection: 0
pragma: public
x-fb-debug: 3iT05iw5hu6XIDb5u27VbhMFy3pTMir4v3ymlFY5Eq2jjL/hFY9UPuR+R76OL+d2DY1FpQ+luhGw/Io6kHpdcQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Thu, 19 Aug 2021 21:23:13 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 3724.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 164ms
139ms Script
text/javascript 2606:4700::6812:1abe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/3724.js?p=https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE&e=

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1abe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: b9018003-5c50-48c3-a481-b3aaa6126aae
x-runtime: 0.010589
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-ray: 6816711a6b2605e4-FRA

GET
H2 200 hotjar-1785482.js Show response
static.hotjar.com/c/ 7 KB
3 KB 131ms
66ms Script
application/javascript 13.224.96.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1785482.js?sv=6

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-96-124.zrh50.r.cloudfront.net

Software

Resource Hash

b36d9d6fef1a7b6ae3c8991a1499820d269584886012fad91a027c886449b58c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: ZRH50-C1
etag: W/043190dbaecc456eaa1c4ff8413e1327
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-id: NK0-KwUQD8Ock7UF2nx9IRcR69JGLoTEae8w64GUeIfGSJWN39LJnA==
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)

GET
H2 200 stat.js Show response
www.clickcease.com/monitor/ 68 KB
25 KB 42ms
17ms Script
application/javascript 2606:4700:20::681a:c3b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.clickcease.com/monitor/stat.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c3b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9335a3578fbb78eba8922527950b8773e21ebc2d28e6f72ce9d223094bfdbdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 377879
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
strict-transport-security: max-age=31536000
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 14 Mar 2021 09:24:44 GMT
server: cloudflare
x-frame-options: sameorigin
etag: W/"10eb4-5bd7bb41f7cc3-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1728000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b6OCjFCMOCjmQLA3AhItZBkvkYCcWpI9s1JzseuaCloOUdaHgH1wxtCQ9GFA7yrGjxlwev7pi5nebSfREDOS87UedV%2BQ2XunrjxcUvyWka5ZMBcVnRVj%2FXKgb4qfr9gJSXe8TO3bjoy%2FYtAa4%2FTbZmA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding,User-Agent
cache-control: max-age=2678400
access-control-allow-credentials: true
cf-ray: 6816711a6c2f4a55-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,C$
expires: Tue, 14 Sep 2021 12:25:14 GMT

GET
H/1.1 200
OK qualified.js Show response
js.qualified.com/ 222 KB
66 KB 382ms
124ms Script
text/javascript 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=gndr1NireXGRNRuC

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-100-25-249-86.compute-1.amazonaws.com

Software

nginx /

Resource Hash

d582dd27f7adf7839ada382ea283b0517cf25b8914cf079bdd2a98586a580ece

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Xss-Protection: 1; mode=block
X-Request-Id: 86352fc7-3616-dcd5-f062-02ef941037e3
X-Runtime: 0.012473
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"d582dd27f7adf7839ada382ea283b051"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Via: 1.1 spaces-router (7c9e4e4509a6)
Cache-Control: max-age=0, private, must-revalidate

GET platform.js
insiderdata360online.com/service/ 0
0

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1629408193645&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1286465%26time%3D1629408193645%26url%3Dhttps%253A%252F%252Forca.security%252Freso...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1629408193645&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSy...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1629408193645&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liS...

0
63 B

141ms
141ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1629408193645&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true&e_ipv6=AQLNTwNsscp5jQAAAXtgS-4EetMk3tc_t68o44AbPIVcKK7XtbZDr2fFVVC5uLPQ674dN2oj
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: gn9Pnx7SnBawVES4iisAAA==

Redirect headers

date: Thu, 19 Aug 2021 21:23:14 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1629408193645&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true&e_ipv6=AQLNTwNsscp5jQAAAXtgS-4EetMk3tc_t68o44AbPIVcKK7XtbZDr2fFVVC5uLPQ674dN2oj
x-li-proto: http/2
x-li-pop: prod-eda6
content-length: 0
x-li-uuid: 7EC8lx7SnBZAhqRrwCoAAA==

GET
H3-29 200 208134170283065 Show response
connect.facebook.net/signals/config/ 253 KB
72 KB 51ms
50ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/208134170283065?v=2.9.44&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e0e5bde2976de971453ff399dd44a574f999ff6cca7c6dec94991b07e94d477

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: HHeoczz5LTL9Llf4BVdn778YjnWoqm/DQuAJ5mwoDEdhLVHVP32FuEuI5/EyNB9c5JdSeo/AR1EUu6ZZf/0GAQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 19 Aug 2021 21:23:13 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 js Show response
www.google-analytics.com/gtm/ 97 KB
38 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=OPT-PWBBWC3&t=gtm4&cid=757081943.1629408194

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

73a99bd74ebe2d720d9cde762ad886f8a687ae3c69a7e64039e1a18501015be7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39210
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 19 Aug 2021 21:23:13 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/653025264/ 2 KB
1 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/653025264/?random=1629408193698&cv=9&fst=1629408193698&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8i0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&tiba=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db9b544d358f7e5016f5a1fe3756b61f197029a829e72f78b03d7c0048dab048

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1078
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 setcookie2 Show response
services.infinigrow.com/ 15 B
847 B 518ms
479ms Fetch
application/json 13.224.196.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://services.infinigrow.com/setcookie2
Requested by: Host: ddzuuyx7zj81k.cloudfront.net
URL: https://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.196.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-196-103.fra2.r.cloudfront.net
Software: /
Resource Hash: a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amzn-requestid: 1e845c50-e89a-4a9c-b3d4-4672a7cf18aa
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: https://orca.security
x-amzn-trace-id: Root=1-611ecbc2-3c9aed3e7173fe4b615084f0;Sampled=0
access-control-allow-credentials: true
x-amz-apigw-id: EVTGcG-gvHcF_8A=
content-length: 15
x-amz-cf-id: JHiADgPNh5KW50LpdGr3YoURRa092hqTrPk1wQRdh3W8HHqMGGLdzQ==

OPTIONS
H2 204 setcookie2
services.infinigrow.com/ Frame 0
0 552ms
489ms Preflight 13.224.196.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://services.infinigrow.com/setcookie2
Protocol: H2
Server: 13.224.196.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-196-103.fra2.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://orca.security
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
x-amzn-requestid: e95a63a7-aa76-429f-96c2-7de3d68cc8db
access-control-allow-origin: https://orca.security
access-control-allow-headers: Origin,Content-Length,Content-Type
x-amz-apigw-id: EVTGXHKAPHcFQXw=
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD
x-amzn-trace-id: Root=1-611ecbc2-37d0c76e0ae369a31e0897ff;Sampled=0
access-control-max-age: 43200
access-control-allow-credentials: true
x-cache: Miss from cloudfront
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: Wm3pN4sVHz1hOcfAgN_CcPNaIh9Wt6mV32SbPn-FN7I7uosTUMrznA==

GET
H2 200 adsct
t.co/i/ 43 B
454 B 155ms
124ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.1&p_id=Twitter&p_user_id=0&txn_id=o4qyy&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 19 Aug 2021 21:23:13 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: aede4bc6c4191da351b229b797252d23a43c4fd8c73e0c7f7582766dc0606c7b
x-transaction: f203d7eaffa59422
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/653025264/ 42 B
327 B 17ms
16ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/653025264/?random=1629408193698&cv=9&fst=1629406800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8i0&sendb=1&frm=0&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&tiba=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&async=1&fmt=3&is_vtc=1&random=3903966929&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 21:23:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/653025264/ 42 B
154 B 19ms
19ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/653025264/?random=1629408193698&cv=9&fst=1629406800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8i0&sendb=1&frm=0&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&tiba=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&async=1&fmt=3&is_vtc=1&random=3903966929&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 21:23:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1051343144&t=pageview&_s=1&dl=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&ul=en-us&de=UTF-8&dt=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEADQAAAAC~&jid=1982834944&gjid=698028005&cid=757081943.1629408194&tid=UA-141329870-1&_gid=131190749.1629408194&_r=1&gtm=2wg8i0MFH8KTP&z=425611770

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 21:23:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://orca.security
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
147 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=208134170283065&ev=PageView&dl=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&rl=&if=false&ts=1629408193741&sw=1600&sh=1200&v=2.9.44&r=stable&ec=0&o=30&fbp=fb.1.1629408193741.684532177&it=1629408193661&coo=false&rqm=GET

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:13 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Thu, 19 Aug 2021 21:23:13 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
86 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c04::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-141329870-1&cid=757081943.1629408194&jid=1982834944&gjid=698028005&_gid=131190749.1629408194&_u=aGDAAEACQAAAAC~&z=2103310149

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 19 Aug 2021 21:23:13 GMT
content-type: text/plain
access-control-allow-origin: https://orca.security
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 26ms
26ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-141329870-1&cid=757081943.1629408194&jid=1982834944&_u=aGDAAEACQAAAAC~&z=2109792849

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 21:23:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.de/ads/ 42 B
63 B 26ms
25ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-141329870-1&cid=757081943.1629408194&jid=1982834944&_u=aGDAAEACQAAAAC~&z=2109792849

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 21:23:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.e763089bec9f2503d752.js Show response
script.hotjar.com/ 221 KB
59 KB 88ms
29ms Script
application/javascript 13.224.96.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.e763089bec9f2503d752.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1785482.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-96-67.zrh50.r.cloudfront.net

Software

Resource Hash

b8e39dad2211fe2aafd3c487471c94934a5230aeb00608f59b80c880ce777440

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 10:32:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 125468
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59555
access-control-allow-origin: *
last-modified: Wed, 18 Aug 2021 10:31:58 GMT
etag: "59b0bd2bf71a6ea4a84151c51b91fba8"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: xkrvEtbEEN0JQSeesU3kGaid-A00XuMYI79rr6gn72d4eHaic4emvw==

GET
H2 200 5544741.js Show response
js.hs-analytics.net/analytics/1629408000000/ 62 KB
20 KB 157ms
142ms Script
text/javascript 2606:4700::6811:43b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1629408000000/5544741.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5544741.js?integration=WordPress
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:43b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6ce41aa5b6c062eeaf822aae94f23727248c17d2cd4b6b54fc54c085b58802d

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 4J6S2KFSGKR4FKEF
x-amz-server-side-encryption: AES256
cf-ray: 6816711c6da44ed4-FRA
x-amz-id-2: u1q7r1ej0fR6O2p5BEPGxjLcpCY6F7PDh0JJegC6Pvr+NTU+XQd5135sA05zw1Esg6Kt+t1pHJQ=
last-modified: Mon, 09 Aug 2021 15:31:15 GMT
server: cloudflare
etag: W/"49e223d584d85c82f84625ba7d934d70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Thu, 19 Aug 2021 21:28:14 GMT

GET
H2 200 5544741.js Show response
js.hs-banner.com/ 60 KB
16 KB 444ms
428ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/5544741.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5544741.js?integration=WordPress
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33394c646382ba94e14dc6b22ab6880823a76357069c263886602255c118a21f

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 9935SNDZRAH92G6Z
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: lSo+LbtKD90v4MGzX5at9yUkJu3Ebgv8uWA4agG475wyt9jq7KoXrKR1+62Flj4x6HcZ/6dOgTE=
timing-allow-origin: *
last-modified: Mon, 09 Aug 2021 15:31:13 GMT
server: cloudflare
etag: W/"ca0a4c7d462e3bbc21a7cf269d870342"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: O9NXuCLAPdZgoBNy_IhB_nSd8_uWQdSC
access-control-allow-origin: https://orca.security
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 6816711c69504db8-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Thu, 19 Aug 2021 21:28:14 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ Frame 6838 94 KB
94 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:03:31 GMT
x-content-type-options: nosniff
age: 1183
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96381
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 Aug 2022 21:03:31 GMT

GET
H3-29 200 css2
fonts.googleapis.com/ Frame 6838 7 KB
543 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 21:20:03 GMT
server: ESF
date: Thu, 19 Aug 2021 21:23:14 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 Aug 2021 21:23:14 GMT

GET
H/1.1 200
OK form.css
go.orca.security/css/ Frame 6838 31 KB
8 KB 108ms
107ms Stylesheet
text/css 52.202.69.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/css/form.css?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-1-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:14 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: 4208770abb36eec2b2f3a1c951758cc1
Last-Modified: Thu, 19 Aug 2021 05:15:56 GMT
Server: PardotServer
ETag: "7be2-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 7660
Expires: Sat, 19 Aug 2023 21:23:14 GMT

GET
H/1.1 200
OK piUtils.js Show response
go.orca.security/js/ Frame 6838 341 KB
99 KB 146ms
113ms Script
application/javascript 52.202.69.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/js/piUtils.js?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-1-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:14 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: 4208770abb36eec2b2f3a1c951758cc1
Last-Modified: Thu, 19 Aug 2021 05:15:56 GMT
Server: PardotServer
ETag: "55586-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Sat, 19 Aug 2023 21:23:14 GMT

GET
H3-29 200 api.js Show response
www.google.com/recaptcha/ Frame 6838 850 B
576 B 16ms
15ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d6ffde0bc44344c9007373cfd28cad502d8ab3dffb0f7c02fd72f68d309386b1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Thu, 19 Aug 2021 21:23:14 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame 6838 105 KB
40 KB 36ms
22ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3136eeb50d7b04ae825cc66558be83106385205a61e949ee35e52ee8864aefc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40922
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 19 Aug 2021 21:23:14 GMT

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ Frame 6838 122 KB
40 KB 61ms
61ms Script
application/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 655
x-guploader-uploadid: ADPycdtFH5FjRhc32pGuwoYS0hbcMDsPfYYalRdG_XhSIFzzgtIJLOfdqWDNYG_HFsERFBSe_o5pE-uc4m_J-Phy5m_QkAztmg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Wed, 14 Jul 2021 10:39:08 GMT
server: cloudflare
etag: W/"1e1e37b752fd19a94113b3725ef35506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EP8N2g==, md5=Hh43t1L9GalBE7NyXvNVBg==
x-goog-generation: 1626259148350866
cache-control: public, max-age=3600
x-goog-stored-content-length: 124580
cf-ray: 6816711e6c9b05f1-FRA
expires: Thu, 19 Aug 2021 22:12:19 GMT

GET
H3-29 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ Frame FF02 94 KB
94 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:03:31 GMT
x-content-type-options: nosniff
age: 1183
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96381
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 Aug 2022 21:03:31 GMT

GET
H3-29 200 css2
fonts.googleapis.com/ Frame FF02 7 KB
543 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 21:23:14 GMT
server: ESF
date: Thu, 19 Aug 2021 21:23:14 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 Aug 2021 21:23:14 GMT

GET
H/1.1 200
OK form.css
go.orca.security/css/ Frame FF02 31 KB
8 KB 180ms
108ms Stylesheet
text/css 52.202.69.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/css/form.css?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-1-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:14 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: 4208770abb36eec2b2f3a1c951758cc1
Last-Modified: Thu, 19 Aug 2021 05:15:56 GMT
Server: PardotServer
ETag: "7be2-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 7660
Expires: Sat, 19 Aug 2023 21:23:14 GMT

GET
H/1.1 200
OK piUtils.js Show response
go.orca.security/js/ Frame FF02 341 KB
99 KB 327ms
200ms Script
application/javascript 52.202.69.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/js/piUtils.js?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-1-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:14 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: 4208770abb36eec2b2f3a1c951758cc1
Last-Modified: Thu, 19 Aug 2021 05:15:56 GMT
Server: PardotServer
ETag: "55586-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Sat, 19 Aug 2023 21:23:14 GMT

GET
H3-29 200 api.js Show response
www.google.com/recaptcha/ Frame FF02 850 B
576 B 15ms
15ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d6ffde0bc44344c9007373cfd28cad502d8ab3dffb0f7c02fd72f68d309386b1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Thu, 19 Aug 2021 21:23:14 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame FF02 105 KB
40 KB 36ms
35ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6cdce92d47a53dae6209c07efbc3c88514892989e0d5f802c52dbf589caea72c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40933
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 19 Aug 2021 21:23:14 GMT

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ Frame FF02 122 KB
40 KB 61ms
61ms Script
application/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 655
x-guploader-uploadid: ADPycdtFH5FjRhc32pGuwoYS0hbcMDsPfYYalRdG_XhSIFzzgtIJLOfdqWDNYG_HFsERFBSe_o5pE-uc4m_J-Phy5m_QkAztmg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Wed, 14 Jul 2021 10:39:08 GMT
server: cloudflare
etag: W/"1e1e37b752fd19a94113b3725ef35506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EP8N2g==, md5=Hh43t1L9GalBE7NyXvNVBg==
x-goog-generation: 1626259148350866
cache-control: public, max-age=3600
x-goog-stored-content-length: 124580
cf-ray: 6816711f3e1705f1-FRA
expires: Thu, 19 Aug 2021 22:12:19 GMT

POST
H3-29 200 /
www.facebook.com/tr/ 0
17 B 13ms
6ms Ping
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryKAVgtroHgynOgOar

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Thu, 19 Aug 2021 21:23:14 GMT
content-type: text/plain
access-control-allow-origin: https://orca.security
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame 6838 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 573
date: Thu, 19 Aug 2021 21:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 19 Aug 2021 23:13:41 GMT

GET conversion_async.js
www.googleadservices.com/pagead/ Frame 6838 0
0

GET
H/1.1 200
OK form.css
go.orca.security/css/ Frame DB0A 31 KB
8 KB 130ms
102ms Stylesheet
text/css 52.202.69.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/css/form.css?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-1-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:14 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: 4208770abb36eec2b2f3a1c951758cc1
Last-Modified: Thu, 19 Aug 2021 05:15:56 GMT
Server: PardotServer
ETag: "7be2-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 7660
Expires: Sat, 19 Aug 2023 21:23:14 GMT

GET
H/1.1 200
OK piUtils.js Show response
go.orca.security/js/ Frame DB0A 341 KB
99 KB 163ms
114ms Script
application/javascript 52.202.69.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/js/piUtils.js?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-1-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:14 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: 4208770abb36eec2b2f3a1c951758cc1
Last-Modified: Thu, 19 Aug 2021 05:15:56 GMT
Server: PardotServer
ETag: "55586-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Sat, 19 Aug 2023 21:23:14 GMT

GET
H3-29 200 api.js Show response
www.google.com/recaptcha/ Frame DB0A 850 B
576 B 15ms
15ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d6ffde0bc44344c9007373cfd28cad502d8ab3dffb0f7c02fd72f68d309386b1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Thu, 19 Aug 2021 21:23:14 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame DB0A 105 KB
40 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dcd776a73b566cd88837272b189a3831d209a7c250d9c2faf45e16d127f8ba69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40921
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 19 Aug 2021 21:23:14 GMT

GET
H2 200 getMapping Show response
ws.zoominfo.com/form-complete/ Frame 6838 814 B
644 B 457ms
456ms XHR
application/json 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/form-complete/getMapping?formId=wymcNktFMIhtz4zMJ4Cn

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

08dbb435439815752ce09bfc9581b9085db9c9a66095bf5062b1c5c8adc08031

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
via: 1.1 google
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.orca.security
access-control-allow-credentials: true
cf-ray: 6816711f0a2ddfc7-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
etag: W/"32e-56y0x/xolG6sqdVLNPZOnEQpq9g"

GET
H3-29 200 collect
www.google-analytics.com/ Frame 6838 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=1088497227&t=pageview&_s=1&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=248x94&je=0&_u=QACAAEAB~&jid=&gjid=&cid=757081943.1629408194&tid=UA-141329870-1&_gid=131190749.1629408194&gtm=2wg8i0MTM87SL&z=543147470

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 16:44:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 16736
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame FF02 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 573
date: Thu, 19 Aug 2021 21:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 19 Aug 2021 23:13:41 GMT

GET conversion_async.js
www.googleadservices.com/pagead/ Frame FF02 0
0

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame DB0A 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 573
date: Thu, 19 Aug 2021 21:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 19 Aug 2021 23:13:41 GMT

GET conversion_async.js
www.googleadservices.com/pagead/ Frame DB0A 0
0

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame 6838 340 KB
340 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b168b017f9db602024341f3e4fce6b102b26e59a60f2ee8f6083b86f83e58c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://go.orca.security
Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 19:22:32 GMT
x-content-type-options: nosniff
age: 7242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 348244
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 19:22:32 GMT

GET
H3-29 200 xn7gYHE41ni1AdIRggexSg.woff2
fonts.gstatic.com/s/manrope/v4/ Frame 6838 22 KB
22 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/manrope/v4/xn7gYHE41ni1AdIRggexSg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a41d60f8ac48aafcddd891ddebb318735c5684c4d8c8971f2a236233f89fc3be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://go.orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 16 Aug 2021 18:31:27 GMT
x-content-type-options: nosniff
age: 269507
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22788
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 21:57:26 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Aug 2022 18:31:27 GMT

GET
DATA 200
OK truncated
/ Frame 6838 268 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a33b00a04c9fc9b04282a6ed5e20fdef28fcb08cbcd7712057cacf7c6edd669

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
658 B 160ms
128ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.1&p_id=Twitter&p_user_id=0&txn_id=o4qyy&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 19 Aug 2021 21:23:14 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 90a296beffd46b3180a6b3879af06e5dac2b247007ab6817a57b7a50a349d9c0
x-transaction: a37dfd53d864a791
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3-29 200 v2.js Show response
js.hsforms.net/forms/ Frame ABA8 570 KB
145 KB 48ms
30ms Script
application/javascript 2606:4700::6811:b849
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b849 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ef211d6fa0461f16d96f3595269a5d22b9713b949f6ef8190ac2a4c8eba18cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
via: 1.1 5a45573ebecfd555d93af04bbbcf0557.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 189
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 19 Aug 2021 09:49:06 UTC
server: cloudflare
etag: W/"be56a7fb2928f028c1a25b1bc9151236"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UF%2Bt57CEJwrJI1ayzC32LdgNRZAVd%2FufN0jOHr2VZp0nlgwL3U1sIqPuH7sRfR%2B2jWLIIuhcfYMhq58sg2ymeVMEceEKKgAPZcV1VIYJGPCo28QDeX8m7fW7Cbpk146QPob2C8OxkFI43CPt"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: kUB00ulVPwZoTL8c9HGFXrdSE8AcDtpg
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD66-C2
cf-ray: 6816711ffd3b176a-FRA
x-amz-cf-id: NYz8YYnl75bQ333Km0euBDrXPluXHiAlk10Yd5NJxJ67EMaAVSj8aA==
x-hs-target-asset: FormsNext/static-5.359/bundles/project_with_deps.js

GET attributionSnippet.js
ddzuuyx7zj81k.cloudfront.net/1.0.0/ Frame 6838 0
0

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 205 KB
58 KB 89ms
23ms Script
application/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: c130f23d961ae1da752e6ffd3609246dfa3a3ff557075fdbc04def8df57fc621

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-169
cdn-cachedat: 08/16/2021 20:42:20
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Mon, 16 Aug 2021 18:42:20 GMT
cdn-proxyver: 1.0
cdn-fileserver: 181
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 469ce1badeebc923bc732356aa30b53d
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3-29 200 collect
www.google-analytics.com/ Frame DB0A 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=816194721&t=pageview&_s=1&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsl&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1213x155&je=0&_u=QACAAEAB~&jid=&gjid=&cid=757081943.1629408194&tid=UA-141329870-1&_gid=131190749.1629408194&gtm=2wg8i0MTM87SL&z=1755488268

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 16:44:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 16736
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getMapping Show response
ws.zoominfo.com/form-complete/ Frame FF02 814 B
596 B 675ms
675ms XHR
application/json 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/form-complete/getMapping?formId=wymcNktFMIhtz4zMJ4Cn

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

08dbb435439815752ce09bfc9581b9085db9c9a66095bf5062b1c5c8adc08031

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
via: 1.1 google
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.orca.security
access-control-allow-credentials: true
cf-ray: 681671202c08dfc7-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
etag: W/"32e-56y0x/xolG6sqdVLNPZOnEQpq9g"

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 4735 40 KB
20 KB 27ms
27ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&size=normal&cb=sdebzh9keldm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5659ba8e7a8bde325092d51062e659ff5ab335177866b3b3e6223838b4dec794

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ffvUQMJdHLayhqgWAhefiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&size=normal&cb=sdebzh9keldm
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://go.orca.security/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 19 Aug 2021 21:23:14 GMT
content-security-policy: script-src 'report-sample' 'nonce-ffvUQMJdHLayhqgWAhefiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 20957
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 5044 2 KB
1 KB 93ms
29ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1785482.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: pbZwSYH-HwFqRE0Amc75oBuJDnzpZ9mSxHHQXR9BIu9A_qEiCkGYfw==
age: 2840804

GET
H3-29 200 collect
www.google-analytics.com/ Frame FF02 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=456465709&t=pageview&_s=1&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=&je=0&_u=QACAAEAB~&jid=&gjid=&cid=757081943.1629408194&tid=UA-141329870-1&_gid=131190749.1629408194&gtm=2wg8i0MTM87SL&z=440160286

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Aug 2021 16:44:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 16736
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 sproket.png
js.hsforms.net/ Frame ABA8 3 KB
4 KB 16ms
15ms Image
image/png 2606:4700::6811:b849
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://js.hsforms.net/sproket.png

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b849 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cecf0475d5d2db81d7d1535a89f570b89e290f27b0867923f074b81155cf5da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
via: 1.1 3cfda748f98e74eec52beba1aa788f80.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 432
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/png
x-amz-replication-status: COMPLETED
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3462
last-modified: Thu, 19 Aug 2021 09:49:06 UTC
server: cloudflare
etag: "86101ad666d2280d01e62b9846d6db82"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rRcJYgv91xoJzExq%2FtVzAJF26JEmrT78aGPh0JTRgNaSrf6ZJJnPWbtAI740u0WSxZFvV1m3TMIqfJPuCBu7pcaYTrbF5cZfrFo78dj75PWx2VSvPV7D0myzpbkrIbeQNHeKg9lQHg%2BJkKel"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 2vT4r.mBp7pI7n8rBhVjFAfM9RvB3Ibx
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD66-C2
accept-ranges: bytes
cf-ray: 68167120be78176a-FRA
x-amz-cf-id: K0TcX0SMmtStsuXZSrPFeKD-OVP4EDGgDqQOPBQs-gTrKdcwGi6TVQ==
x-hs-target-asset: FormsNext/static-5.359/img/sproket.png

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame DB0A 340 KB
340 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b168b017f9db602024341f3e4fce6b102b26e59a60f2ee8f6083b86f83e58c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://go.orca.security
Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 19:22:32 GMT
x-content-type-options: nosniff
age: 7242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 348244
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 19:22:32 GMT

GET attributionSnippet.js
ddzuuyx7zj81k.cloudfront.net/1.0.0/ Frame DB0A 0
0

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame FF02 340 KB
340 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b168b017f9db602024341f3e4fce6b102b26e59a60f2ee8f6083b86f83e58c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://go.orca.security
Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 19:22:32 GMT
x-content-type-options: nosniff
age: 7242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 348244
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 19:22:32 GMT

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame 4735 52 KB
25 KB 21ms
7ms Stylesheet
text/css 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&size=normal&cb=sdebzh9keldm

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:03:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1165
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25732
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 21:03:49 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame 4735 340 KB
340 KB 20ms
7ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b168b017f9db602024341f3e4fce6b102b26e59a60f2ee8f6083b86f83e58c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 19:22:32 GMT
x-content-type-options: nosniff
age: 7242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 348244
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 19:22:32 GMT

GET
H2 200 78657 Show response
api.omappapi.com/v2/embed/ 9 KB
3 KB 188ms
121ms XHR
application/json 13.224.96.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/78657?d=orca.security
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-34.zrh50.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 94f9190bff270944affe1050bc67f4b0c98f7193e7022eb9e94ba03f075061ac

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-cache-config: 0 0
x-amz-cf-pop: ZRH50-C1
x-cache-status: HIT
x-cache: Miss from cloudfront
access-control-allow-headers: X-CSRF-Token
x-optinmonster-account: 88433
x-user-agent: standard--
last-modified: Mon, 09 Aug 2021 11:35:50 GMT
server: Pagely Gateway/1.5.1
etag: W/"97786f3665c112592a40fc8acacdf702"
vary: Accept-Encoding, User-Agent
content-type: application/json
via: 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront)
access-control-expose-headers: X-OptinMonster-Account, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-origin: *
x-amz-cf-id: nKK2HoMFdUe0Z8BRoMSRB5vx5DQ9y4EzIjdThCKoU1W6dZaKKAsZug==
expires: Thu, 19 Aug 2021 21:20:01 GMT

GET
H2 200 infinigrow.js Show response
dss6ntp5q2r0o.cloudfront.net/2.9.0/ 74 KB
25 KB 70ms
15ms Script
application/javascript 2600:9000:2104:6a00:10:7994:d200:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dss6ntp5q2r0o.cloudfront.net/2.9.0/infinigrow.js
Requested by: Host: ddzuuyx7zj81k.cloudfront.net
URL: https://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:6a00:10:7994:d200:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a6d75aad5c009d0bdf36d4c1d68d90e2848460fce782adb137819228842eefe0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 19:19:13 GMT
content-encoding: gzip
last-modified: Sun, 24 Jun 2018 15:14:02 GMT
server: AmazonS3
age: 7442
etag: W/"2f70fa2239343e20deb5c199873fbed1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 bda076aae92eaf83374971b76c395857.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: t0apCRHPHGS5cAkTdjR-BzuTWB4cB9nl7iJ_ezq43yT1vaRKAocjPw==

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 209F 40 KB
20 KB 25ms
25ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&size=normal&cb=fzde2xmmcq53

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ce9ce9330b918d6bf273990f3b31cd1a745c1cc26550a824835f04a0722b63ff

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rkyvuChSCbSnMTxdVxewUw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&size=normal&cb=fzde2xmmcq53
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://go.orca.security/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 19 Aug 2021 21:23:14 GMT
content-security-policy: script-src 'report-sample' 'nonce-rkyvuChSCbSnMTxdVxewUw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 20947
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 4735 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4735 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 4735 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/styles__ltr.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 16 Aug 2021 23:34:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 251349
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Mon, 23 Aug 2021 23:34:05 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 4735 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 00:42:56 GMT
x-content-type-options: nosniff
age: 247218
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 00:42:56 GMT

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 95DB 41 KB
21 KB 26ms
26ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&size=normal&cb=ei5z27wyufj3

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

db18d831eb4b8ce145dbcb644a5d797292d96eda1786bf7be8d102f2d6e1f9b7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bL/EeE5etwPXFdQbydsWdA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&size=normal&cb=ei5z27wyufj3
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://go.orca.security/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 19 Aug 2021 21:23:14 GMT
content-security-policy: script-src 'report-sample' 'nonce-bL/EeE5etwPXFdQbydsWdA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 21803
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ Frame 6838 5 KB
2 KB 401ms
102ms Script
application/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:15 GMT
Content-Encoding: gzip
X-Pardot-Route: 4587f66dff94d6e76a668284fbf3dba1
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Thu, 19 Aug 2021 05:15:57 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Sat, 19 Aug 2023 21:23:15 GMT

GET
H3-29 200 webworker.js
www.google.com/recaptcha/api2/ Frame 4735 102 B
132 B 15ms
14ms Other
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

718c7e416390d518d57d2da05f6957956b1b2e2a829522f3bcc6fa46972da72c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&size=normal&cb=sdebzh9keldm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Thu, 19 Aug 2021 21:23:14 GMT

GET attributionSnippet.js
ddzuuyx7zj81k.cloudfront.net/1.0.0/ Frame FF02 0
0

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame 209F 52 KB
25 KB 6ms
6ms Stylesheet
text/css 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/styles__ltr.css

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:03:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1165
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25732
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 21:03:49 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame 209F 340 KB
340 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b168b017f9db602024341f3e4fce6b102b26e59a60f2ee8f6083b86f83e58c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 19:22:32 GMT
x-content-type-options: nosniff
age: 7242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 348244
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 19:22:32 GMT

POST
H/1.1 200
OK tp2 Show response
sp.infinigrow.com/com.snowplowanalytics.snowplow/ 2 B
460 B 1030ms
183ms XHR
text/plain 52.89.105.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sp.infinigrow.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: dss6ntp5q2r0o.cloudfront.net
URL: https://dss6ntp5q2r0o.cloudfront.net/2.9.0/infinigrow.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.89.105.17 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-89-105-17.us-west-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Date: Thu, 19 Aug 2021 21:23:16 GMT
Server: akka-http/10.0.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin: https://orca.security
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/plain; charset=UTF-8
Content-Length: 2

OPTIONS
H/1.1 200
OK tp2
sp.infinigrow.com/com.snowplowanalytics.snowplow/ Frame 0
0 1059ms
188ms Preflight 52.89.105.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sp.infinigrow.com/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Server: 52.89.105.17 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-89-105-17.us-west-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://orca.security
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://orca.security
Date: Thu, 19 Aug 2021 21:23:15 GMT
Server: akka-http/10.0.9
Content-Length: 0
Connection: keep-alive

GET
H3-29 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 3034 7 KB
1 KB 17ms
17ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=u9x0uqx4o07k

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bf5e842285ce8602276bf2220440ee98e9fc418e550f992905703c349092b2cc

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-BpzOV9tD+ZVEaPyN88vqTw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=u9x0uqx4o07k
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://go.orca.security/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 19 Aug 2021 21:23:14 GMT
content-security-policy: script-src 'report-sample' 'nonce-BpzOV9tD+ZVEaPyN88vqTw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1111
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame 95DB 52 KB
25 KB 6ms
6ms Stylesheet
text/css 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/styles__ltr.css

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:03:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1165
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25732
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 21:03:49 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame 95DB 340 KB
340 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b168b017f9db602024341f3e4fce6b102b26e59a60f2ee8f6083b86f83e58c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 19:22:32 GMT
x-content-type-options: nosniff
age: 7242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 348244
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 19:22:32 GMT

GET
H2 200 webfont.js Show response
a.omappapi.com/app/js/webfont/1.5.18/ 16 KB
7 KB 23ms
23ms Script
application/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-51
cdn-cachedat: 08/11/2021 05:08:04
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 17:38:16 GMT
cdn-proxyver: 1.0
cdn-fileserver: 162
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: b42c26175e85f629812987b2da46c1c5
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 moment.min.js Show response
a.omappapi.com/app/js/moment.js/2.24.0/ 52 KB
19 KB 24ms
24ms Script
application/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/moment.js/2.24.0/moment.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-51
cdn-cachedat: 08/11/2021 07:45:39
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 17:38:19 GMT
cdn-proxyver: 1.0
cdn-fileserver: 89
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 8239723c2dcae5634a4075b485c73272
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 f705569335081612217557-0103-OrcaSecurity-WebsiteCard-1.png
a.omappapi.com/users/16cbaba9fcb1/images/ 27 KB
28 KB 27ms
27ms Image
image/webp 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.omappapi.com/users/16cbaba9fcb1/images/f705569335081612217557-0103-OrcaSecurity-WebsiteCard-1.png
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: d5e6f422bf9513df9dd847931b0783e78f2cc6d7a3f189450b9c932b40c584d7

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-51
cdn-cachedat: 08/11/2021 10:45:01
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-length: 27446
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 18:29:20 GMT
cdn-proxyver: 1.0
cdn-fileserver: 78
content-type: image/webp
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestpullcode: 200
cdn-requestid: dd07b43906902be3f7274e47137e8afa
accept-ranges: bytes
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
DATA 200
OK truncated
/ Frame 209F 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 209F 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 209F 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/styles__ltr.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 16 Aug 2021 23:34:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 251349
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Mon, 23 Aug 2021 23:34:05 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 209F 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 00:42:56 GMT
x-content-type-options: nosniff
age: 247218
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 00:42:56 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ Frame DB0A 5 KB
2 KB 377ms
102ms Script
application/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:15 GMT
Content-Encoding: gzip
X-Pardot-Route: b39cd42d381b722267ab9de7e8c10f5d
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Thu, 19 Aug 2021 05:15:57 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Sat, 19 Aug 2023 21:23:15 GMT

GET
H3-29 200 webworker.js
www.google.com/recaptcha/api2/ Frame 209F 102 B
132 B 16ms
15ms Other
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

718c7e416390d518d57d2da05f6957956b1b2e2a829522f3bcc6fa46972da72c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&size=normal&cb=fzde2xmmcq53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Thu, 19 Aug 2021 21:23:14 GMT

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame 3034 52 KB
25 KB 6ms
6ms Stylesheet
text/css 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=u9x0uqx4o07k

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:03:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1166
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25732
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 21:03:49 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame 3034 340 KB
340 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=u9x0uqx4o07k

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b168b017f9db602024341f3e4fce6b102b26e59a60f2ee8f6083b86f83e58c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 19:22:32 GMT
x-content-type-options: nosniff
age: 7243
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 348244
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 19:22:32 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ Frame FF02 5 KB
2 KB 340ms
107ms Script
application/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:15 GMT
Content-Encoding: gzip
X-Pardot-Route: b39cd42d381b722267ab9de7e8c10f5d
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Thu, 19 Aug 2021 05:15:57 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Sat, 19 Aug 2023 21:23:15 GMT

GET
H2 200 moment-timezone-with-data-2012-2022.min.js Show response
a.omappapi.com/app/js/moment-timezone/0.5.23/ 32 KB
11 KB 24ms
24ms Script
application/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/moment-timezone/0.5.23/moment-timezone-with-data-2012-2022.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 23190e1539469cc8b5faccb038b260ccda2cc62672c70efa1900a51a8e3d1be5

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:15 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-169
cdn-cachedat: 08/08/2021 22:02:04
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 03:51:03 GMT
cdn-proxyver: 1.0
cdn-fileserver: 162
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 1479f6383443f24e1c7bfbbb1d427091
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3-29 200 webworker.js
www.google.com/recaptcha/api2/ Frame 95DB 102 B
132 B 15ms
14ms Other
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

718c7e416390d518d57d2da05f6957956b1b2e2a829522f3bcc6fa46972da72c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nby5vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&size=normal&cb=ei5z27wyufj3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Thu, 19 Aug 2021 21:23:15 GMT

GET
H3-29 200 bframe Show response
www.google.com/recaptcha/api2/ Frame DC75 7 KB
1 KB 18ms
17ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=exulxto0dxwj

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b0afa04a0a2ab0da44ea354d9a4ca1a897adc62fbbf002c47165bd14f6761142

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-98HQ6W/80l4vd1FidD8qzQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=exulxto0dxwj
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://go.orca.security/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 19 Aug 2021 21:23:15 GMT
content-security-policy: script-src 'report-sample' 'nonce-98HQ6W/80l4vd1FidD8qzQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1110
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK messenger Show response
app.qualified.com/w/1/gndr1NireXGRNRuC/ Frame ED33 3 KB
2 KB 354ms
113ms Document
text/html 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=gndr1NireXGRNRuC

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-100-25-249-86.compute-1.amazonaws.com

Software

nginx /

Resource Hash

0bf73206d4c66380b0929c3c5031b54c8ab195625a6a26f5df14e0fbd43005f1

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: app.qualified.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Content-Security-Policy
Content-Type: text/html; charset=utf-8
Date: Thu, 19 Aug 2021 21:23:15 GMT
Etag: W/"0bf73206d4c66380b0929c3c5031b54c"
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 spaces-router (7c9e4e4509a6)
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 4ce1f94e-1149-f60c-fc19-e0751424acba
X-Runtime: 0.009381
X-Xss-Protection: 1; mode=block
Content-Length: 1111

GET
H/1.0 200
OK dc.js Show response
go.orca.security/dcjs/898611/14/ 46 B
638 B 196ms
195ms Script
text/javascript 52.202.69.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/dcjs/898611/14/dc.js
Requested by: Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=gndr1NireXGRNRuC
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-1-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 7bba17b490076798f613f9b01da8d6a2eb79808ae687d3e56543ba95fff3b16c

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 Aug 2021 21:23:15 GMT
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: 4208770abb36eec2b2f3a1c951758cc1
X-Pardot-Rsp: 16/22/94
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 46
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3-29 200 bframe Show response
www.google.com/recaptcha/api2/ Frame F42F 7 KB
1 KB 18ms
17ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=fizr76xek7qa

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fe480d9633b2a3c527ce7f1fb8134da325c1032514d90b412c4abc5007c88751

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AoXdChZKJZ4CuJXltV47pA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=fizr76xek7qa
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://go.orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://go.orca.security/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 19 Aug 2021 21:23:15 GMT
content-security-policy: script-src 'report-sample' 'nonce-AoXdChZKJZ4CuJXltV47pA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1110
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame DC75 52 KB
25 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=exulxto0dxwj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:03:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1166
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25732
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 21:03:49 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame DC75 340 KB
340 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=exulxto0dxwj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b168b017f9db602024341f3e4fce6b102b26e59a60f2ee8f6083b86f83e58c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 19:22:32 GMT
x-content-type-options: nosniff
age: 7243
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 348244
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 19:22:32 GMT

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame F42F 52 KB
25 KB 6ms
6ms Stylesheet
text/css 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=fizr76xek7qa

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:03:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1166
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25732
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 21:03:49 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/ Frame F42F 340 KB
340 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Eyd0Dt8h04h7r-D86uAD1JP-/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Eyd0Dt8h04h7r-D86uAD1JP-&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=fizr76xek7qa

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b168b017f9db602024341f3e4fce6b102b26e59a60f2ee8f6083b86f83e58c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 19:22:32 GMT
x-content-type-options: nosniff
age: 7243
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 348244
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 04:14:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 19:22:32 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ Frame 6838 3 KB
3 KB 228ms
197ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=609917230&visitor_id_sign=ea779a65ab03a0ed188bd14fad010410257af7e851064a54595f63e777e2e2811bb678b804dcf27e66486ca9add75fe81cce71f1&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&referrer=https%3A%2F%2Forca.security%2F

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-5-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

d5dc117cab4509d9702d3054527a956dca7b3978179112ebb18c005c5d925282

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 Aug 2021 21:23:15 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 16/115/88
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1444
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ Frame DB0A 3 KB
3 KB 230ms
229ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=609917230&visitor_id_sign=ea779a65ab03a0ed188bd14fad010410257af7e851064a54595f63e777e2e2811bb678b804dcf27e66486ca9add75fe81cce71f1&pi_opt_in=&campaign_id=17085&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsl&referrer=https%3A%2F%2Forca.security%2F

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-5-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

87a096e675cd30b60c4c06655befe4620956a320c678a42f83eb8d16d4e0bf43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 Aug 2021 21:23:15 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 16/32/244
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1444
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ Frame FF02 3 KB
3 KB 215ms
214ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-5-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

d5dc117cab4509d9702d3054527a956dca7b3978179112ebb18c005c5d925282

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 Aug 2021 21:23:15 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 16/57/22
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1444
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 7 KB
722 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8cd0f98401a45233a36da735c171e69279757cefaefe883ed112eb1c57844a6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 21:23:15 GMT
server: ESF
date: Thu, 19 Aug 2021 21:23:15 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 Aug 2021 21:23:15 GMT

GET
H3-29 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
23 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 00:29:49 GMT
x-content-type-options: nosniff
age: 248006
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 00:29:49 GMT

GET
H3-29 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v23/ 14 KB
14 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 00:29:56 GMT
x-content-type-options: nosniff
age: 247999
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:25 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 00:29:56 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v23/ 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 00:29:56 GMT
x-content-type-options: nosniff
age: 247999
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15112
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:34 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 00:29:56 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN8rsOUuhp.woff2
fonts.gstatic.com/s/opensans/v23/ 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem5YaGs126MiZpBA-UN8rsOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47300f73d115d5d1586ff7b01cc7319166b160bdad6e54a54ad02ac9312f6426

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 00:35:32 GMT
x-content-type-options: nosniff
age: 247663
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15188
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:24:04 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 00:35:32 GMT

GET
H/1.1 200
OK Inter-Regular-cd3c302ecefb19f92003ef258645c37c.woff2
app.qualified.com/packs/media/fonts/inter/ Frame ED33 115 KB
115 KB 108ms
106ms Font
font/woff2 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/media/fonts/inter/Inter-Regular-cd3c302ecefb19f92003ef258645c37c.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: bf1ffcb96984568b22f7a9029dd980abb5a4a47700f588a16b8ace0f7412977e

Request headers

Origin: https://app.qualified.com
Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:15 GMT
Via: 1.1 spaces-router (7c9e4e4509a6)
Last-Modified: Thu, 19 Aug 2021 01:59:58 GMT
Server: nginx
Etag: "611dbb1e-1ca00"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Content-Length: 117248
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK Inter-SemiBold-c1b3bf01f912184899dbb6fbb4029910.woff2
app.qualified.com/packs/media/fonts/inter/ Frame ED33 123 KB
123 KB 302ms
99ms Font
font/woff2 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/media/fonts/inter/Inter-SemiBold-c1b3bf01f912184899dbb6fbb4029910.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 41e5c059963bd8f9bc4097f78535c3d722f4d73e75c46b2df5cc74bf864af150

Request headers

Origin: https://app.qualified.com
Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:15 GMT
Via: 1.1 spaces-router (7c9e4e4509a6)
Last-Modified: Thu, 19 Aug 2021 01:59:58 GMT
Server: nginx
Etag: "611dbb1e-1eacc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Content-Length: 125644
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 2-d29c8f89.chunk.css
app.qualified.com/packs/css/ Frame ED33 20 KB
4 KB 298ms
98ms Stylesheet
text/css 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/css/2-d29c8f89.chunk.css
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 889910bd602fe775e79f9b7e78d50040c61d9494b90ebc97800b3ae7976cbb49

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:15 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 Aug 2021 01:57:35 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Via: 1.1 spaces-router (7c9e4e4509a6)
Cache-Control: max-age=315360000, public
Content-Length: 3894
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK messenger-d46acbed.chunk.css
app.qualified.com/packs/css/widget/sandboxed/ Frame ED33 5 KB
1 KB 300ms
98ms Stylesheet
text/css 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/css/widget/sandboxed/messenger-d46acbed.chunk.css
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 19450de42b740616a0ae81907248584c4129e7a46c32a0c735a56d1572b5b380

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:15 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 Aug 2021 01:57:35 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Via: 1.1 spaces-router (7c9e4e4509a6)
Cache-Control: max-age=315360000, public
Content-Length: 1115
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK messenger~runtime-dafe21483d2a4a7bd206.js Show response
app.qualified.com/packs/js/widget/sandboxed/ Frame ED33 1 KB
1 KB 307ms
102ms Script
application/javascript 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/js/widget/sandboxed/messenger~runtime-dafe21483d2a4a7bd206.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: c0836e0ca85c352993c12e75d531b1394a2be0b679828a749c1922b9f66032a9

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:15 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 Aug 2021 01:57:35 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 spaces-router (7c9e4e4509a6)
Cache-Control: max-age=315360000, public
Content-Length: 728
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 2-75b6a4d557c1383b9aa9.chunk.js Show response
app.qualified.com/packs/js/widget-sandboxed-chunks/ Frame ED33 1 MB
314 KB 308ms
102ms Script
application/javascript 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/js/widget-sandboxed-chunks/2-75b6a4d557c1383b9aa9.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b3da8d4d6ce548b08ca53762d9e5f7162a073b1f07756ba8aded1c9929f9b015

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:15 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 Aug 2021 01:57:35 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 spaces-router (7c9e4e4509a6)
Cache-Control: max-age=315360000, public
Content-Length: 321665
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK messenger-72d812c7dd70fc2b48fb.chunk.js Show response
app.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/ Frame ED33 399 KB
88 KB 99ms
98ms Script
application/javascript 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/messenger-72d812c7dd70fc2b48fb.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 852bd6252037babce88a147ef957e66fe7d9a0d65fece3596452c2a274766569

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=146b3922-08d8-4fc4-8071-4d00a25adf69
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:15 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 Aug 2021 01:57:35 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 spaces-router (7c9e4e4509a6)
Cache-Control: max-age=315360000, public
Content-Length: 89628
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.0 200
OK analytics Show response
go.orca.security/ Frame 6838 50 B
1 KB 189ms
188ms Script
text/javascript 52.202.69.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&pi_form=true&visitor_id=609917230&visitor_id_sign=ea779a65ab03a0ed188bd14fad010410257af7e851064a54595f63e777e2e2811bb678b804dcf27e66486ca9add75fe81cce71f1&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https://go.orca.security/l/898611/2020-12-11/2vsj&referrer=https://orca.security/
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=609917230&visitor_id_sign=ea779a65ab03a0ed188bd14fad010410257af7e851064a54595f63e777e2e2811bb678b804dcf27e66486ca9add75fe81cce71f1&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&referrer=https%3A%2F%2Forca.security%2F
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-1-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 Aug 2021 21:23:15 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: 4208770abb36eec2b2f3a1c951758cc1
X-Pardot-Rsp: 16/57/22
Vary: User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET embed_shepherd-v1.js
fast.wistia.com/static/ Frame 6838 0
0

GET
H/1.0 200
OK analytics Show response
go.orca.security/ Frame DB0A 50 B
1 KB 215ms
215ms Script
text/javascript 52.202.69.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&pi_form=true&visitor_id=609917230&visitor_id_sign=ea779a65ab03a0ed188bd14fad010410257af7e851064a54595f63e777e2e2811bb678b804dcf27e66486ca9add75fe81cce71f1&pi_opt_in=&campaign_id=17085&account_id=899611&title=&url=https://go.orca.security/l/898611/2020-12-11/2vsl&referrer=https://orca.security/
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=609917230&visitor_id_sign=ea779a65ab03a0ed188bd14fad010410257af7e851064a54595f63e777e2e2811bb678b804dcf27e66486ca9add75fe81cce71f1&pi_opt_in=&campaign_id=17085&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsl&referrer=https%3A%2F%2Forca.security%2F
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-1-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 Aug 2021 21:23:15 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: 4208770abb36eec2b2f3a1c951758cc1
X-Pardot-Rsp: 16/9/152
Vary: User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET embed_shepherd-v1.js
fast.wistia.com/static/ Frame DB0A 0
0

GET
H/1.0 200
OK analytics Show response
go.orca.security/ Frame FF02 50 B
1 KB 211ms
211ms Script
text/javascript 52.202.69.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&pi_form=true&visitor_id=609917230&visitor_id_sign=ea779a65ab03a0ed188bd14fad010410257af7e851064a54595f63e777e2e2811bb678b804dcf27e66486ca9add75fe81cce71f1&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https://go.orca.security/l/898611/2020-12-11/2vsj&referrer=https://orca.security/
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=609917230&visitor_id_sign=ea779a65ab03a0ed188bd14fad010410257af7e851064a54595f63e777e2e2811bb678b804dcf27e66486ca9add75fe81cce71f1&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&referrer=https%3A%2F%2Forca.security%2F
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-1-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 Aug 2021 21:23:15 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: 4208770abb36eec2b2f3a1c951758cc1
X-Pardot-Rsp: 16/9/152
Vary: User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET embed_shepherd-v1.js
fast.wistia.com/static/ Frame FF02 0
0

OPTIONS
H/1.1 200
OK visitor_events
app.qualified.com/w/1/gndr1NireXGRNRuC/ Frame 0
0 313ms
103ms Preflight 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/visitor_events
Protocol: HTTP/1.1
Server: 100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-25-249-86.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://orca.security
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Access-Control-Max-Age: 7200
Date: Thu, 19 Aug 2021 21:23:20 GMT
Server: nginx
Via: 1.1 spaces-router (7c9e4e4509a6)
Content-Length: 0

POST
H/1.1 204
No Content visitor_events Show response
app.qualified.com/w/1/gndr1NireXGRNRuC/ 0
639 B 109ms
109ms XHR
text/plain 100.25.249.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/gndr1NireXGRNRuC/visitor_events

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=gndr1NireXGRNRuC

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

100.25.249.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-100-25-249-86.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json; charset=UTF-8

Response headers

Date: Thu, 19 Aug 2021 21:23:20 GMT
Via: 1.1 spaces-router (7c9e4e4509a6)
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Access-Control-Max-Age: 7200
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Xss-Protection: 1; mode=block
X-Request-Id: 308973db-8447-5013-5a90-5898c82a29f2
X-Runtime: 0.005226
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Vary: Origin
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: no-cache

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 105ms
105ms Script
application/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:23:23 GMT
Content-Encoding: gzip
X-Pardot-Route: 4587f66dff94d6e76a668284fbf3dba1
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Thu, 19 Aug 2021 05:15:57 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Sat, 19 Aug 2023 21:23:23 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
799 B 39ms
23ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=5544741&ct=blog-post&rcu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F&pu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&t=Malware+in+the+Cloud%3A+Challenges+and+Best+Practices+-+Orca+Security&cts=1629408203671&vi=f65396ada0d13dd72d5c7d92328998a8&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:23 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 1f3f418c-f2ba-49a9-8715-0a3642cec966
cf-ray: 68167159196e4ea4-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5lnQ7AW1ZIEYcqOmrbIyHubrNxttS5mVyp8ZgLX%2F2D66j4KZeLCkEz%2FLKj8WPskVCwg8Pxrtvp0bP5fAtFO5pUaE3Yjrf3vdKsEKoFmYnAIMlonz%2FiaV8pjoA8eYLEMBkZ4zpTJeFd4ptWqqWfmT"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
363 B 44ms
27ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=03772d1e-aef0-4e74-a117-9f4ee3b9e51c&fci=e1c333ab-c1e8-4bec-b501-cbfd8aad5b61&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=5544741&ct=blog-post&rcu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F&pu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&t=Malware+in+the+Cloud%3A+Challenges+and+Best+Practices+-+Orca+Security&cts=1629408203672&vi=f65396ada0d13dd72d5c7d92328998a8&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:23 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: b5a8ef8d-d99c-4b5e-9f38-ea9ba7304a93
cf-ray: 68167159196f4ea4-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t66mc48X5DbUpz51yO0GZ19%2Fhb9oKyLXzErCtGdSUPf4gCXzGX5AB1x%2BpY6YHlpacFx5CIzPMEuPZRQLbDmHEBna2y1hw2c%2FB%2B61CKuIakXXfCgBT9WTk3teWbOnpO9Ev8lR6Y%2Byni%2FhWg%2BTuvdK"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 3 KB
3 KB 428ms
427ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&referrer=

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-5-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

72df71c151d3350b2dd0e0194e70309ecc63cbf1a3b4ba4e2ce5c7924684bb84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 Aug 2021 21:23:23 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 17/0/7
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1444
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
go.orca.security/ 50 B
1 KB 211ms
210ms Script
text/javascript 52.202.69.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&visitor_id=609917472&visitor_id_sign=f82088b1a3c01178f696d799a310ba963836e8e0d055385cd9f427e8892b60fb0e11c74e55b14710f33ff290aedcfcc3fee7bafc&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud:%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&referrer=
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.69.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-1-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 Aug 2021 21:23:24 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: 4208770abb36eec2b2f3a1c951758cc1
X-Pardot-Rsp: 16/15/115
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 embed_shepherd-v1.js Show response
fast.wistia.com/static/ 572 KB
104 KB 31ms
7ms Script
application/javascript 2a04:4e42:3::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/static/embed_shepherd-v1.js

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&referrer=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a171b5fd108bab235e3a5fa9d7dc5e59abd512a87bfe4c3ad9fc1e60f49ffc50

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 21:23:24 GMT
content-encoding: br
vary: Accept-Encoding
age: 554
x-cache: HIT, HIT
content-length: 106301
x-served-by: cache-dca17743-DCA, cache-fra19126-FRA
access-control-allow-origin: *
x-browser-version: 89
last-modified: Thu, 12 Aug 2021 17:55:51 GMT
x-timer: S1629408204.227300,VS0,VE0
etag: "611560a7-19f3d"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 7

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: insiderdata360online.com
URL: https://insiderdata360online.com/service/platform.js?ran=0.9122825500474134

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: ddzuuyx7zj81k.cloudfront.net
URL: http://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js

Domain: ddzuuyx7zj81k.cloudfront.net
URL: http://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js

Domain: ddzuuyx7zj81k.cloudfront.net
URL: http://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js

Domain: fast.wistia.com
URL: http://fast.wistia.com/static/embed_shepherd-v1.js

Domain: fast.wistia.com
URL: http://fast.wistia.com/static/embed_shepherd-v1.js

Domain: fast.wistia.com
URL: http://fast.wistia.com/static/embed_shepherd-v1.js

Verdicts & Comments Add Verdict or Comment

256 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.orca.security/	1970-01-19 20:36:50	Name: __hssc Value: 132551249.1.1629408203669
.orca.security/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.orca.security/	1970-01-20 05:58:24	Name: hubspotutk Value: f65396ada0d13dd72d5c7d92328998a8
.orca.security/	1970-01-20 05:58:24	Name: __hstc Value: 132551249.f65396ada0d13dd72d5c7d92328998a8.1629408203669.1629408203669.1629408203669.1

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://orca.security/resources/wp-includes/js/jquery/jquery-migrate.min.js(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	log	URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE(Line 100) Message: Anchor Ready
console-api	log	URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE(Line 165) Message: [object Object]
console-api	warning	URL: https://orca.security/resources/wp-includes/js/jquery/jquery.min.js(Line 2) Message: jQuery.Deferred exception: Cannot read property 'getItem' of null TypeError: Cannot read property 'getItem' of null at _default.get (https://orca.security/resources/wp-content/plugins/elementor/assets/js/frontend.min.js:2:56236) at _default.setViewsAndSessions (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js:2:89347) at new _default (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js:2:89098) at Function.<anonymous> (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js:2:5491) at Function.each (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:3026) at ElementorProFrontend.initModules (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js:2:5456) at ElementorProFrontend.onElementorFrontendInit (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js:2:5712) at dispatch (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:43090) at v.handle (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:41074) at Object.trigger (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:71513) undefined

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
ajax.googleapis.com
analytics.twitter.com
api.omappapi.com
app.qualified.com
cdnjs.cloudflare.com
connect.facebook.net
ddzuuyx7zj81k.cloudfront.net
dss6ntp5q2r0o.cloudfront.net
fast.wistia.com
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
go.orca.security
googleads.g.doubleclick.net
insiderdata360online.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsforms.net
js.qualified.com
links.readitquik.us
maxcdn.bootstrapcdn.com
orca.security
pi.pardot.com
px.ads.linkedin.com
px4.ads.linkedin.com
script.hotjar.com
services.infinigrow.com
snap.licdn.com
sp.infinigrow.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
track.hubspot.com
tracking.g2crowd.com
vars.hotjar.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.clickcease.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
ddzuuyx7zj81k.cloudfront.net
fast.wistia.com
insiderdata360online.com
www.googleadservices.com
100.25.249.86
104.244.42.3
104.244.42.69
108.174.10.14
13.224.196.103
13.224.96.124
13.224.96.34
13.224.96.67
13.224.96.92
142.250.184.226
151.101.12.157
162.159.135.42
18.142.0.45
2600:9000:2104:6a00:10:7994:d200:21
2600:9000:2190:2c00:8:8d2f:9e00:21
2606:4700:20::681a:c3b
2606:4700::6810:135e
2606:4700::6810:5505
2606:4700::6810:650c
2606:4700::6810:a852
2606:4700::6811:43b0
2606:4700::6811:b849
2606:4700::6811:d3cc
2606:4700::6812:14bf
2606:4700::6812:1abe
2606:4700::6812:acf
2606:4700::6813:9a53
2620:119:50e3:101::6cae:b45
2620:1ec:21::14
2a00:1450:4001:802::2003
2a00:1450:4001:808::2003
2a00:1450:4001:80f::2008
2a00:1450:4001:811::2003
2a00:1450:4001:827::2004
2a00:1450:4001:827::200e
2a00:1450:4001:829::200a
2a00:1450:4001:82f::2002
2a00:1450:4001:831::200a
2a00:1450:400c:c04::9d
2a02:26f0:6c00:296::25ea
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:3::622
35.174.78.146
52.202.69.186
52.89.105.17
89.187.169.47
00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908
05eee7dd84da8f541a1dfebd89d2a67e8b2322fced4845f991769c1df2d096ab
08dbb435439815752ce09bfc9581b9085db9c9a66095bf5062b1c5c8adc08031
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0a938256d2de59b044f8ca7c7aa0c788ed2ffa9a48bf0e3930a5830c4298f509
0aaa4cf927b0e3631cffbe62f6786810aa65348483cd950e49f634a0881b16b4
0bf73206d4c66380b0929c3c5031b54c8ab195625a6a26f5df14e0fbd43005f1
0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0ef211d6fa0461f16d96f3595269a5d22b9713b949f6ef8190ac2a4c8eba18cf
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
15cabbfbc427cf3a6e897a426fa4cfc26d7171ae72763fcccc3d066338f15bf7
17f076500dca787c42b1dd6238ce50a0752771eafd040e8512c713a7ec947c65
182cab990c2118fcdb18feab5115335e4eb4bc0b38bb30a36c4e73c92b080ea4
19450de42b740616a0ae81907248584c4129e7a46c32a0c735a56d1572b5b380
1a33b00a04c9fc9b04282a6ed5e20fdef28fcb08cbcd7712057cacf7c6edd669
1ada5259a5ac61a7d68315f7efa6b98d61d2d0478df0545869c880afeaa67dcd
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1c3bd00be556bf95f92a2ab1119b8b26544a1997ab0c09f86490bc32339ad32e
1e5aeaa58ab4c2345953f77e07fbc20578326076a259ed702eea64e077fde675
1eda50fcc641bd8a7844d4f8e26acd9e2bab6c524f61701774d12a741420af93
1ef0899dadf11eccd489e8aca5ef79eaf9c1caa00f9f1d4d8ad45ff1ed375ccf
205988b80eeedc442aa4ba78fd4bda5b1b139415f3dc88043fc73adcd71cbae2
20ffeeb1b6274d88ea1a05f79a414e6bb12189c7516514c75067d081dcd47819
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
23190e1539469cc8b5faccb038b260ccda2cc62672c70efa1900a51a8e3d1be5
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
285c3c6ca39b53ee2e65d425a7b26d8d9415a8e15c323aa1d73f3b79496400fc
2989e0b9e836cb9de3274d641ec6a58c2052f039e790ddd59b22303930bfdeeb
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde
2cecf0475d5d2db81d7d1535a89f570b89e290f27b0867923f074b81155cf5da
3136eeb50d7b04ae825cc66558be83106385205a61e949ee35e52ee8864aefc7
33394c646382ba94e14dc6b22ab6880823a76357069c263886602255c118a21f
34b499c3bed76acb12665df0c8b65d14bac3ee6161e420a9403bd694be549e78
368daab67b1a5b2b2802edbbac79a2aa4ba992a2ebf9c67b98ad784d8004018c
3afe1773cbb9677bed9327f8f81058a02d8b593b22eb24a40658539bd8a5ead8
3b168b017f9db602024341f3e4fce6b102b26e59a60f2ee8f6083b86f83e58c0
3b8445ffccb8367866ab9a95af5439a7faffcb30a67e7902324192a6059b056a
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3e0e5bde2976de971453ff399dd44a574f999ff6cca7c6dec94991b07e94d477
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3f9c38934fc41ee2a85f1a6e1ad59e96f7f1e73b9b4e653394708715d5ab32c5
41e5c059963bd8f9bc4097f78535c3d722f4d73e75c46b2df5cc74bf864af150
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
44da12b1630d2ef003f2375847617620d5f4f7fae60a473b801cf55f15e6f9d7
46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd
47300f73d115d5d1586ff7b01cc7319166b160bdad6e54a54ad02ac9312f6426
4a7ee62eb33f3bbb66c2151e5cac6bf4904e28302efc36128f3e3ccae6fde580
50bbb02baec0ea54be304a070a2c6d815f65ee593c04f0fd81f81ee4dc0133e2
525f091870c1282bb4823f9e64192983f1652a3bbc84c97ca5e6c4f063ca6e82
52adbaf8b7004e3e0ef2b06be5492748eeef0bdfbc2d91b4aa3aa7ddd7028703
54c9560cb0117d8d1f955aefe0f88b843517964e118512d8f1a224a8a9b662f4
5659ba8e7a8bde325092d51062e659ff5ab335177866b3b3e6223838b4dec794
598e0da49a0d44ca888818a794151e0be9e5a5801d78e53430f451a40d67e661
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c0fa704524cebac28ecc9aa8a2ad43d4d2d5e48980fdeec93253d6d9c61e98a
5c15402dcdd0b03490883b62681c0d676af10894c7ce55218650d0f3827c6f0f
5da80845be0b787ddf4abd8c116be05e185e3e928c2773d65abb55903e362175
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
60aad8b6f919b3ac201f9441562712b6b4071e6e2928577910f31ca424ffa397
64380f313f85c6feb17b558f02b5b3d145bbf934a969e012302caac445a1922f
646da9413561f83e247e0e2e02a54bb0bd2398635c330a1f00c56f21c1230dc6
661e00570c65c29528d9ce6ee19e5e9939986716c293def67b07f8b6a191b018
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
6cdce92d47a53dae6209c07efbc3c88514892989e0d5f802c52dbf589caea72c
6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559
6f57f8ab879288c31393c0234a10d05b7b8955999a0192d4b17d4bf6c4769a18
71008cf308a9bb2a3a3ddaa973f816c0d3a11db5cc9e7bdd5498089423019b3e
718c7e416390d518d57d2da05f6957956b1b2e2a829522f3bcc6fa46972da72c
71a920e8af6069911a728a6768baf9c58e8f2dcc99599985f36f2110466457a0
71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba
72df71c151d3350b2dd0e0194e70309ecc63cbf1a3b4ba4e2ce5c7924684bb84
7369eb7217705e08010dbd6c0ed5433f75e66391ff6f365372381b658b1f1da9
73a99bd74ebe2d720d9cde762ad886f8a687ae3c69a7e64039e1a18501015be7
744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c
74706fc3a0764eb273029a2ca83422dd8663978130573095d48f7ed260f28671
751d5192326ddefce3e87157f7c9355217cdad7b4a969b5dd3161b4453671389
7742176d36a9ea889f4db0a843e62f522ba690a8d514e91dd5aa09eccf7340ce
785c1179e9138a30fccbcd502d81ad2920049a12fd3d83fae433052e9be4c62f
7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
7bba17b490076798f613f9b01da8d6a2eb79808ae687d3e56543ba95fff3b16c
7da8c2186e6dbaf934d64bb1ddb21c10b79ad1355b381868842e7e18aff29283
7ed371ce600209a847c61a6c15d24968a554b6ecb66065c552f6fc998c041ea3
7fc2adee3e43f35ce8e32c26f8d8cc18c647e98f5d82106937a981db839897d5
8191aac24052007a5eb3dff74bbcde3d14bd1b9eac048a8b781c08e144089f25
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84053d1e000e4ec2e919fc747c16eb16856745bd7cdd0279ff6be2062f365650
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
852bd6252037babce88a147ef957e66fe7d9a0d65fece3596452c2a274766569
8725ca355115b2fd4651581ad44a4115ec562fc3ad951c72b7da7f9c8e73051f
87a096e675cd30b60c4c06655befe4620956a320c678a42f83eb8d16d4e0bf43
889910bd602fe775e79f9b7e78d50040c61d9494b90ebc97800b3ae7976cbb49
897ebbdf379aeb2c751275f083d298f15b094902c6bd6a66405ffb0604c64124
8b1378138bba66a489a96aa319ed93174ae2e9740c4e0dc6846c5f06d2193fb4
8cd0f98401a45233a36da735c171e69279757cefaefe883ed112eb1c57844a6c
9019bd99bb2b109f32b62d0439c01e6c9e828bfd160c1e254a5a0d1c7229a4fe
94f9190bff270944affe1050bc67f4b0c98f7193e7022eb9e94ba03f075061ac
96456ea83a2a92121ff46321c0f0ca85237a5fbb1cc6391a7303057226b91529
97cf1307c16a437b77b5f7f5c9bc0b985d0745a14be5a279019aca5a3432e264
a171b5fd108bab235e3a5fa9d7dc5e59abd512a87bfe4c3ad9fc1e60f49ffc50
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
a41d60f8ac48aafcddd891ddebb318735c5684c4d8c8971f2a236233f89fc3be
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473
a53ea60fbea6cb1775430998564d5f295aba7d3bfe548a0ba79aa2a049aba839
a6ce41aa5b6c062eeaf822aae94f23727248c17d2cd4b6b54fc54c085b58802d
a6d75aad5c009d0bdf36d4c1d68d90e2848460fce782adb137819228842eefe0
a9703acf1b9ace4e69669e5472063f067cfaf6eba3dff61ec47b95db163a3158
a9e4a21d7a0dd665ebfe69752a801f9034ee7f4d7e5930cb267b6c48aa3bee31
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15
af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325
afea7d7933d3140b754902ec8d48c7cc0db26b22f5912655b2fb1c1b07429478
b0afa04a0a2ab0da44ea354d9a4ca1a897adc62fbbf002c47165bd14f6761142
b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b36d9d6fef1a7b6ae3c8991a1499820d269584886012fad91a027c886449b58c
b3da8d4d6ce548b08ca53762d9e5f7162a073b1f07756ba8aded1c9929f9b015
b5641645c15c48b3ff5ce52e718563e1d04d18492e552eb126862768327e2855
b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820
b8e39dad2211fe2aafd3c487471c94934a5230aeb00608f59b80c880ce777440
b980f62a2d545d64f24e6f96902c8fbf5da0018569c369bc18f9e5b5fcf099ed
bb0772532e523b486ea3419e8de8a9a40a0f632bf85ddf21f0d8753427972280
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc71c403dc6113c8597e111a99d6a6a197dd2f2355402f8392ca4812dca57d3d
bcca65cc24a8fa93b8c1c9b3fdab3c155b5a6c5e6013d1b0aa4e4447c8eec77c
be29174d2fe6ed8aad6c27420ce60f754419d072bfb1603ffa20626463295a57
bf1ffcb96984568b22f7a9029dd980abb5a4a47700f588a16b8ace0f7412977e
bf5e842285ce8602276bf2220440ee98e9fc418e550f992905703c349092b2cc
c0836e0ca85c352993c12e75d531b1394a2be0b679828a749c1922b9f66032a9
c130f23d961ae1da752e6ffd3609246dfa3a3ff557075fdbc04def8df57fc621
c2e8b4fba49f90cfca5a43371c09879aed7447e0ba2ed4abd75b81448776c4f7
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c3f972393cbaeb692394b14498f8f9526c5a75480fe6fed1a5d14e83109e0cf4
c51831a289a042fb47236cc90db37a4d2cdd827d8ba95120de2cb55826e68664
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
c76c6456972a640a9057ae6e6ce9099722910ac60e2f31e514a1bf0066d9d64d
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
ce9ce9330b918d6bf273990f3b31cd1a745c1cc26550a824835f04a0722b63ff
ceaa8c47e55f50794d42966a696f0f35149ffd1560c46eecbca911d6b48d9371
cfca36025004c1f9a54e8bca2961cd7c2c7d030b9f098b2f8d044e25944b1fdf
d39e13725b21bae85d8ec5a33e089d49b52ea78390dabf5e426751414499d0f1
d582dd27f7adf7839ada382ea283b0517cf25b8914cf079bdd2a98586a580ece
d5dc117cab4509d9702d3054527a956dca7b3978179112ebb18c005c5d925282
d5e6f422bf9513df9dd847931b0783e78f2cc6d7a3f189450b9c932b40c584d7
d68519a3166f1d5cf914c9e2c228ce1415ecbe40c8630d7d5ce8675fdafb5902
d6ffde0bc44344c9007373cfd28cad502d8ab3dffb0f7c02fd72f68d309386b1
d7c1382f2a55b9cfed948b2a888fe6169dd173219e33ef7ce057ccb002fa93cf
d882dbd828af87ed3434862bf608a2dee6d347817ae547421c9b2051ce29a905
d8e1bb6afaee4a9709470e6bc6712a4288aab63eff4a430e75935d0095648bb6
d9b993464d1fb9e951a4e9c76d4d560b208604c73fa87c0a61091b5af0ddecec
d9fd9e2d2293c369f4aa2abe2dcdee1ff7135ceb33f12cdfab98a348bf9ac455
da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7
db18d831eb4b8ce145dbcb644a5d797292d96eda1786bf7be8d102f2d6e1f9b7
db1ba52d021fb58e76bf046347fff38fb59089ee85a9695d7f091309147e1523
db9b544d358f7e5016f5a1fe3756b61f197029a829e72f78b03d7c0048dab048
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcd776a73b566cd88837272b189a3831d209a7c250d9c2faf45e16d127f8ba69
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964
e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999
e36eaa6e7cebbd4138dfb008ee3d53ab8195f45953b0f4f27d0d8156ab059021
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e51cef74e27fe2fbf08417acdaeccb250743a28dc7b82d16ba26560981041e0d
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2b6a048828ba900123bc05b019ded3252e9b21260d7402fc9d11a321fb3dc1
f07ba5ad1ac0a01ef6b948f1a2223b2eff4e40f40da24614151b98939b6a5ef1
f8d00356859998784bda26e1d14f2d981515921b96ded50d5d6f6f0e75bac15c
f9335a3578fbb78eba8922527950b8773e21ebc2d28e6f72ce9d223094bfdbdc
fbd60db88b56b91e2c6ea79a36224ec46d01be9b58cf87db5176c86681f9270a
fda3035030d3843c2751dc0da65fb802230ec00a4008aeed83ddddc7b97cbc93
fe2ac5219992a3608a5c9e2bc4759fac8fb2189b88d7a674d395ff6c435da536
fe480d9633b2a3c527ce7f1fb8134da325c1032514d90b412c4abc5007c88751
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

orca.security Open in urlscan Pro 162.159.135.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

246 Requests

96 %HTTPS

64 %IPv6

36 Domains

49 Subdomains

45 IPs

5 Countries

7768 kBTransfer

15957 kBSize

4 Cookies

17 Outgoing links

Page URL History

Redirected requests

246 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

orca.security Open in urlscan Pro
162.159.135.42 Public Scan

Screenshot
Live screenshot

Full Image

246
Requests

96 %
HTTPS

64 %
IPv6

36
Domains

49
Subdomains

45
IPs

5
Countries

7768 kB
Transfer

15957 kB
Size

4
Cookies

246 HTTP transactions
9 data transactions