urlscan.io logo urlscan.io
SecurityTrails logo

superuser.com Open in urlscan Pro
151.101.193.69  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=2ahUKEwiJ0JGU34jkAhWhoVwKHXaYDXIQFjABegQIARAB&url=h...
Effective URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Submission: On August 17 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 5 countries across 15 domains to perform 47 HTTP transactions. The main IP is 151.101.193.69, located in United States and belongs to FASTLY - Fastly, US. The main domain is superuser.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 26th 2019. Valid for: 3 months.
This is the only time superuser.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2a00:1450:400... 15169 (GOOGLE)
16 151.101.193.69 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
3 104.16.27.34 13335 (CLOUDFLAR...)
1 2a04:fa87:fff... 2635 (AUTOMATTIC)
4 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
5 216.58.207.66 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 91.228.74.152 27281 (QUANTCAST)
1 3 104.111.214.103 16625 (AKAMAI-AS)
1 2600:9000:200... 16509 (AMAZON-02)
1 91.228.74.235 27281 (QUANTCAST)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
47 16
1    2a00:1450:4001:819::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
16    151.101.193.69 (United States)

ASN54113 (FASTLY - Fastly, US)
superuser.com
cdn.sstatic.net
2    2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
3    104.16.27.34 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
i.stack.imgur.com
1    2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
www.gravatar.com
4    2a00:1450:4001:81f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagservices.com
adservice.google.com
3    2a00:1450:4001:820::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
adservice.google.de
pagead2.googlesyndication.com
5    216.58.207.66 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f2.1e100.net
securepubads.g.doubleclick.net
2    2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
1    91.228.74.152 (United Kingdom)

ASN27281 (QUANTCAST - Quantcast Corporation, US)
secure.quantserve.com
3    104.111.214.103 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-214-103.deploy.static.akamaitechnologies.com
sb.scorecardresearch.com
1    2600:9000:200c:b400:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
rules.quantcount.com
1    91.228.74.235 (United Kingdom)

ASN27281 (QUANTCAST - Quantcast Corporation, US)
pixel.quantserve.com
3    2a00:1450:4001:814::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
cdn.ampproject.org
1    2a00:1450:4001:815::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
tpc.googlesyndication.com
Domain Requested by
13 cdn.sstatic.net superuser.com
cdn.sstatic.net
5 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
www.google.com
superuser.com
3 cdn.ampproject.org securepubads.g.doubleclick.net
3 sb.scorecardresearch.com 1 redirects superuser.com
3 www.googletagservices.com superuser.com
securepubads.g.doubleclick.net
3 i.stack.imgur.com superuser.com
3 superuser.com www.google.com
ajax.googleapis.com
securepubads.g.doubleclick.net
2 pagead2.googlesyndication.com
2 www.google-analytics.com superuser.com
www.google-analytics.com
2 ajax.googleapis.com superuser.com
securepubads.g.doubleclick.net
1 tpc.googlesyndication.com securepubads.g.doubleclick.net
superuser.com
1 pixel.quantserve.com superuser.com
1 rules.quantcount.com secure.quantserve.com
1 secure.quantserve.com superuser.com
1 adservice.google.com www.googletagservices.com
1 adservice.google.de www.googletagservices.com
1 www.gravatar.com superuser.com
1 www.google.com
47 18

This site contains links to these domains. Also see Links.

Domain
stackoverflow.com
stackexchange.com
meta.superuser.com
www.stackoverflowbusiness.com
chat.stackexchange.com
stackoverflow.blog
en.wikipedia.org
whois.domaintools.com
mxtoolbox.com
cloud.google.com
support.google.com
meta.stackexchange.com
astronomy.stackexchange.com
tex.stackexchange.com
worldbuilding.stackexchange.com
math.stackexchange.com
rpg.stackexchange.com
space.stackexchange.com
academia.stackexchange.com
puzzling.stackexchange.com
boardgames.stackexchange.com
aviation.stackexchange.com
matheducators.stackexchange.com
electronics.stackexchange.com
codegolf.stackexchange.com
english.stackexchange.com
movies.stackexchange.com
writing.stackexchange.com
blender.stackexchange.com
physics.stackexchange.com
workplace.stackexchange.com
linguistics.stackexchange.com
serverfault.com
webapps.stackexchange.com
askubuntu.com
webmasters.stackexchange.com
gamedev.stackexchange.com
softwareengineering.stackexchange.com
unix.stackexchange.com
apple.stackexchange.com
wordpress.stackexchange.com
gis.stackexchange.com
android.stackexchange.com
security.stackexchange.com
dba.stackexchange.com
drupal.stackexchange.com
sharepoint.stackexchange.com
ux.stackexchange.com
mathematica.stackexchange.com
salesforce.stackexchange.com
expressionengine.stackexchange.com
pt.stackoverflow.com
networkengineering.stackexchange.com
crypto.stackexchange.com
codereview.stackexchange.com
magento.stackexchange.com
softwarerecs.stackexchange.com
dsp.stackexchange.com
emacs.stackexchange.com
raspberrypi.stackexchange.com
ru.stackoverflow.com
es.stackoverflow.com
ethereum.stackexchange.com
datascience.stackexchange.com
arduino.stackexchange.com
bitcoin.stackexchange.com
sqa.stackexchange.com
sound.stackexchange.com
windowsphone.stackexchange.com
photo.stackexchange.com
scifi.stackexchange.com
graphicdesign.stackexchange.com
music.stackexchange.com
video.stackexchange.com
cooking.stackexchange.com
diy.stackexchange.com
money.stackexchange.com
law.stackexchange.com
fitness.stackexchange.com
gardening.stackexchange.com
parenting.stackexchange.com
skeptics.stackexchange.com
judaism.stackexchange.com
travel.stackexchange.com
christianity.stackexchange.com
ell.stackexchange.com
japanese.stackexchange.com
chinese.stackexchange.com
french.stackexchange.com
german.stackexchange.com
hermeneutics.stackexchange.com
history.stackexchange.com
spanish.stackexchange.com
islam.stackexchange.com
rus.stackexchange.com
russian.stackexchange.com
gaming.stackexchange.com
bicycles.stackexchange.com
anime.stackexchange.com
mechanics.stackexchange.com
bricks.stackexchange.com
homebrew.stackexchange.com
martialarts.stackexchange.com
outdoors.stackexchange.com
poker.stackexchange.com
chess.stackexchange.com
sports.stackexchange.com
mathoverflow.net
stats.stackexchange.com
cstheory.stackexchange.com
chemistry.stackexchange.com
biology.stackexchange.com
cs.stackexchange.com
philosophy.stackexchange.com
psychology.stackexchange.com
scicomp.stackexchange.com
stackapps.com
api.stackexchange.com
data.stackexchange.com
www.facebook.com
twitter.com
linkedin.com
creativecommons.org
Subject Issuer Validity Valid
www.google.com
Google Internet Authority G3		 2019-07-29 -
2019-10-21		 3 months crt.sh
*.stackexchange.com
Let's Encrypt Authority X3		 2019-07-26 -
2019-10-24		 3 months crt.sh
*.googleapis.com
Google Internet Authority G3		 2019-07-29 -
2019-10-21		 3 months crt.sh
i.stack.imgur.com
DigiCert SHA2 Secure Server CA		 2018-10-16 -
2020-11-25		 2 years crt.sh
*.gravatar.com
COMODO RSA Domain Validation Secure Server CA		 2018-09-06 -
2020-09-05		 2 years crt.sh
*.g.doubleclick.net
Google Internet Authority G3		 2019-07-29 -
2019-10-21		 3 months crt.sh
*.google.com
Google Internet Authority G3		 2019-07-29 -
2019-10-21		 3 months crt.sh
*.google-analytics.com
Google Internet Authority G3		 2019-07-29 -
2019-10-21		 3 months crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA		 2018-10-16 -
2019-10-21		 a year crt.sh
*.scorecardresearch.com
COMODO RSA Organization Validation Secure Server CA		 2018-11-28 -
2019-12-26		 a year crt.sh
misc-sni.google.com
Google Internet Authority G3		 2019-07-29 -
2019-10-21		 3 months crt.sh
tpc.googlesyndication.com
Google Internet Authority G3		 2019-07-29 -
2019-10-21		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Frame ID: A77707FB315B2B0DC02AA23B12E61185
Requests: 36 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011907301630320/amp4ads-v0.js
Frame ID: 27C46ECDB58B74D247F7BEDCB2FFC252
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsstRJIiAgrojCRmRcWdy4RJ6SUW9v4sTzyDhwaW20Ve-ykPxZPO8tsMrPvmXzPJZ1l5M7jsOjJRPRQR7fxbwPmCLVdIG4lZQ89Mz1eXiWORhgFEKHNJafp_0DssFK8tihrwm5T0vvdAmxYvSuU2ma2vdt7TpNxhRa9FZCMtz2Vq-zpvKunz4ms-RoAy7QrulDVOoBRe8pK1-CN3gK9ud95Rh6xBVv8_GDM-Jc3kfIgMhoE7RckeHU9RfPD3FLq05IyNSOp4eoxIpuee460O8rFFzR5Pdx5sgg&sai=AMfl-YTJ6vsih3RsrNkoGbOg43lpEZmpWVBQTMFt95gLdh_pIh5b68K6s841K0DWMe6ryHNi8jifiC-vpi8hZGByRNy0En6OR-UCed_vGWUw&sig=Cg0ArKJSzAkIyNYJmzB1EAE&urlfix=1&adurl=
Frame ID: B25C63FFBCD400D25027C185CD630C4F
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=2ahUKEwiJ0JGU34jkAhWhoVwKHXaYDX... Page URL
  2. https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /gws/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /\.quantserve\.com\/quant\.js/i
Overall confidence: 100%
Detected patterns
  • html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
  • script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

47
Requests

98 %
HTTPS

60 %
IPv6

15
Domains

18
Subdomains

16
IPs

5
Countries

718 kB
Transfer

2267 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=2ahUKEwiJ0JGU34jkAhWhoVwKHXaYDXIQFjABegQIARAB&url=https%3A%2F%2Fsuperuser.com%2Fquestions%2F892437%2Fwhat-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg&usg=AOvVaw3ey19t2uGoZ5A2a_pwY_7r Page URL
  2. https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28
  • https://sb.scorecardresearch.com/b?c1=2&c2=17440561&ns__t=1566005001903&ns_c=UTF-8&cv=3.1e&c8=security%20-%20What%20do%20you%20do%20if%20you%20are%20being%20hacked%20by%20something%20coming%20from%20a%20supposedly%20legitimate%20IP%20address%20such%20as%20from%20Google%3F%20-%20Super%20User&c7=https%3A%2F%2Fsuperuser.com%2Fquestions%2F892437%2Fwhat-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg&c9=https%3A%2F%2Fwww.google.com%2F HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=17440561&ns__t=1566005001903&ns_c=UTF-8&cv=3.1e&c8=security%20-%20What%20do%20you%20do%20if%20you%20are%20being%20hacked%20by%20something%20coming%20from%20a%20supposedly%20legitimate%20IP%20address%20such%20as%20from%20Google%3F%20-%20Super%20User&c7=https%3A%2F%2Fsuperuser.com%2Fquestions%2F892437%2Fwhat-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg&c9=https%3A%2F%2Fwww.google.com%2F

47 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
url
www.google.com/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=2ahUKEwiJ0JGU34jkAhWhoVwKHXaYDXIQFjABegQIARAB&url=https%3A%2F%2Fsuperuser.com%2Fquestions%2F892437%2Fwhat-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg&usg=AOvVaw3ey19t2uGoZ5A2a_pwY_7r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
gws /
Resource Hash
7132df0c323abea13348dbf4883cab9ca35b92d021fd0de879e07175da8fa008
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=2ahUKEwiJ0JGU34jkAhWhoVwKHXaYDXIQFjABegQIARAB&url=https%3A%2F%2Fsuperuser.com%2Fquestions%2F892437%2Fwhat-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg&usg=AOvVaw3ey19t2uGoZ5A2a_pwY_7r
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
date
Sat, 17 Aug 2019 01:23:21 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
strict-transport-security
max-age=31536000
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding
br
server
gws
content-length
535
x-xss-protection
0
set-cookie
NID=188=VEtKG-i0DN0Ow1YxUExMzUqV9agaaIscOUi9zlZtwS97v5c78y4uwUisFykkuwjf8OsgqdbEurqrWVkjIuVHIESKbC5WxaH26OzkyUUPLeaKWxmW8OqA5B7YvYkJIRHcfr-csiJEP8BXuugDVCHMIdKskmMyWJnHrgkm5pw-hV4; expires=Sun, 16-Feb-2020 01:23:21 GMT; path=/; domain=.google.com; HttpOnly CONSENT=WP.27d358; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
Primary Request what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
superuser.com/questions/892437/ 		143 KB
41 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Requested by
Host: www.google.com
URL: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=2ahUKEwiJ0JGU34jkAhWhoVwKHXaYDXIQFjABegQIARAB&url=https%3A%2F%2Fsuperuser.com%2Fquestions%2F892437%2Fwhat-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg&usg=AOvVaw3ey19t2uGoZ5A2a_pwY_7r
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
7fe202cad2ed5c1a4cb27bcad2d600366a1c33c8fd7d642d72da6e3b25be2c7c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com
Strict-Transport-Security max-age=15552000
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
superuser.com
:scheme
https
:path
/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://www.google.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Referer
https://www.google.com/

Response headers

status
200
cache-control
private
content-type
text/html; charset=utf-8
content-encoding
gzip
x-frame-options
SAMEORIGIN
x-request-guid
cca70849-6472-4c80-b19f-cc3e78e28648
strict-transport-security
max-age=15552000
content-security-policy
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com
content-security-policy-report-only
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports
accept-ranges
bytes bytes
age
0 0
date
Sat, 17 Aug 2019 01:23:21 GMT
via
1.1 varnish
x-served-by
cache-ams21037-AMS
x-cache
MISS
x-cache-hits
0
x-timer
S1566005001.352288,VS0,VE93
vary
Accept-Encoding,Fastly-SSL
x-dns-prefetch-control
off
set-cookie
prov=4eb1f27b-e99e-af94-adaa-4421962ac42c; domain=.superuser.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly
content-length
40952
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 12 Aug 2019 16:35:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
377301
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
33951
x-xss-protection
0
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 11 Aug 2020 16:35:00 GMT
stub.en.js
cdn.sstatic.net/Js/ 		45 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.sstatic.net/Js/stub.en.js?v=3e2db6f04a22
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
635dd240d912075a79a32839d6435c409f6fb8ec04b07c52cd83a6f809ccea42

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
content-encoding
gzip
age
23446
x-cache
HIT
status
200
content-length
15728
x-served-by
cache-ams21037-AMS
access-control-allow-origin
stackoverflow.com
last-modified
Fri, 16 Aug 2019 18:50:54 GMT
x-timer
S1566005002.582043,VS0,VE0
vary
Accept-Encoding,Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800
accept-ranges
bytes
x-cache-hits
3039
stacks.css
cdn.sstatic.net/Shared/ 		224 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.sstatic.net/Shared/stacks.css?v=baa63b2b0ac4
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
b87000052da5d9a8286f70bffdf65991611976554df282ca02ce7cd4eebbc00a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
content-encoding
gzip
age
285278
x-cache
HIT
status
200
content-length
25466
x-served-by
cache-ams21037-AMS
access-control-allow-origin
*
last-modified
Tue, 13 Aug 2019 18:07:12 GMT
x-timer
S1566005002.581805,VS0,VE0
vary
Accept-Encoding,Accept-Encoding
content-type
text/css
via
1.1 varnish
cache-control
max-age=604800
accept-ranges
bytes
x-cache-hits
69722
primary.css
cdn.sstatic.net/Sites/superuser/ 		394 KB
66 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.sstatic.net/Sites/superuser/primary.css?v=4ddfcef680bd
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
b92466dfd407ccdafc3b0bd41d062b760db45561ae82d91308d5fcd88f6b20c0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
content-encoding
gzip
last-modified
Thu, 15 Aug 2019 15:17:19 GMT
age
122687
x-served-by
cache-ams21037-AMS
vary
Accept-Encoding,Accept-Encoding
x-cache
HIT
content-type
text/css
status
200
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1566005002.582020,VS0,VE0
content-length
67154
via
1.1 varnish
x-cache-hits
1915
anonymousHeroQuestions.svg
cdn.sstatic.net/Img/hero/ 		347 B
412 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Img/hero/anonymousHeroQuestions.svg?v=748bfb046b78
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
0a30d4caba59f2c2be55b5e2c3dd6d8f47b0b74f4fb20be2fe76822d16384062

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
via
1.1 varnish
last-modified
Tue, 13 Aug 2019 07:34:37 GMT
age
300831
x-served-by
cache-ams21037-AMS
vary
Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
status
200
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1566005002.582313,VS0,VE0
content-length
347
x-cache-hits
24403
anonymousHeroAnswers.svg
cdn.sstatic.net/Img/hero/ 		510 B
628 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Img/hero/anonymousHeroAnswers.svg?v=d5348b00eddc
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
5f5b8052ca8a15f1c2f0248f38d29dcba23b82fe0df182b595d772f80fd4a7c0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
via
1.1 varnish
last-modified
Tue, 13 Aug 2019 07:34:37 GMT
age
300831
x-served-by
cache-ams21037-AMS
vary
Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
status
200
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1566005002.582064,VS0,VE0
content-length
510
x-cache-hits
24311
anonymousHeroUpvote.svg
cdn.sstatic.net/Img/hero/ 		404 B
469 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Img/hero/anonymousHeroUpvote.svg?v=af2bb70d5d1b
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
3907562e54f3eafa77ab0e4a3a8ddaba3f5452f12ee844e569d395d53360d8ba

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
via
1.1 varnish
last-modified
Tue, 13 Aug 2019 07:34:37 GMT
age
300831
x-served-by
cache-ams21037-AMS
vary
Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
status
200
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1566005002.629116,VS0,VE0
content-length
404
x-cache-hits
24391
logo.svg
cdn.sstatic.net/Sites/superuser/img/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Sites/superuser/img/logo.svg?v=4bc8a703ebac
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
788ad8ced976b93f05f7585c450cc5af73f12baf511fa0f4aaa3756044f96254

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
content-encoding
gzip
last-modified
Mon, 12 Aug 2019 18:33:32 GMT
age
356242
x-served-by
cache-ams21037-AMS
vary
Accept-Encoding,Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
status
200
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1566005002.632976,VS0,VE0
content-length
1291
via
1.1 varnish
x-cache-hits
6064
hoWVQ.jpg
i.stack.imgur.com/ 		953 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.stack.imgur.com/hoWVQ.jpg?s=32&g=1
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.16.27.34 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
192d3ef49c53a1ed3933762a692a209c8419a947288c207dc9dc4b0d79815216

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
cf-cache-status
HIT
age
15236787
status
200
content-type
image/jpeg
content-length
953
last-modified
Sat, 02 Feb 2019 18:51:31 GMT
server
cloudflare
etag
"c6e71f8e1508663c6f99c2318c205b73"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
FRp2PVGeHn85350X7o8WBc7xX7jERhQR
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
5077d79cae5fd8f9-AMS
x-amz-storage-class
REDUCED_REDUNDANCY
expires
Tue, 14 Aug 2029 01:23:21 GMT
f7326fd554e09edf21ca727d6854e22e
www.gravatar.com/avatar/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gravatar.com/avatar/f7326fd554e09edf21ca727d6854e22e?s=32&d=identicon&r=PG
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
b00284ac4e53539f2a57419e54292ad6a0970416181a8fa52c11806d4116a8be

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nc
HIT vie 4
date
Sat, 17 Aug 2019 01:23:21 GMT
last-modified
Sun, 12 Jun 2011 07:14:28 GMT
server
nginx
source-age
4208450
status
200
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="f7326fd554e09edf21ca727d6854e22e.png"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/f7326fd554e09edf21ca727d6854e22e?s=32&d=identicon&r=PG>; rel="canonical"
content-length
1745
expires
Sat, 17 Aug 2019 01:28:21 GMT
5gbS7.png
i.stack.imgur.com/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.stack.imgur.com/5gbS7.png?s=32&g=1
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.16.27.34 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
75a571ad154e2986c757765df566f723ba821c52db4a732deb55cd37d1ccfb2e

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
cf-cache-status
HIT
age
15267528
status
200
content-type
image/png
content-length
2892
last-modified
Tue, 22 Jan 2019 20:15:47 GMT
server
cloudflare
etag
"480a69dac94bcf0ebb1cc63aee8f9ca1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
J49R78NKhMwHZDWcM3Ejm9A3WHoWbZrZ
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
5077d79cae60d8f9-AMS
x-amz-storage-class
REDUCED_REDUNDANCY
expires
Tue, 14 Aug 2029 01:23:21 GMT
anonymousHeroBackground.svg
cdn.sstatic.net/img/hero/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/img/hero/anonymousHeroBackground.svg?v=ac2b60532b92
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
f4d6ff8fdd6170f5573ef22c176f3f186115968c64fed7fe1725f7dc8bc86010

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://cdn.sstatic.net/Sites/superuser/primary.css?v=4ddfcef680bd
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
via
1.1 varnish
last-modified
Tue, 13 Aug 2019 07:34:37 GMT
age
300830
x-served-by
cache-ams21037-AMS
vary
Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
status
200
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1566005002.691331,VS0,VE0
content-length
1661
x-cache-hits
24341
sprites.svg
cdn.sstatic.net/Img/unified/ 		8 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Img/unified/sprites.svg?v=e5e58ae7df45
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
b326e87c6bf5e7526c2932a745a9c50f9f6357abd98a71fb184d8ea321ef5390

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://cdn.sstatic.net/Sites/superuser/primary.css?v=4ddfcef680bd
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
content-encoding
gzip
last-modified
Mon, 12 Aug 2019 18:33:28 GMT
age
356281
x-served-by
cache-ams21037-AMS
vary
Accept-Encoding,Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
status
200
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1566005002.693033,VS0,VE0
content-length
2882
via
1.1 varnish
x-cache-hits
66053
gpt.js
www.googletagservices.com/tag/js/ 		35 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
46a22150b8dc486a0fa9d2202b8a9b112bcfe677863948be8ce50c863e5aad67
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"252 / 793 of 1000 / last-modified: 1565982831"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
12276
x-xss-protection
0
expires
Sat, 17 Aug 2019 01:23:21 GMT
favicons-sprite16.png
cdn.sstatic.net/img/ 		71 KB
71 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/img/favicons-sprite16.png?v=ff76c9f04fa1
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
8f13c0d11b67a6768d64430789c93afef93f8c26ebd0346ae5902fb0fd2023d6

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://cdn.sstatic.net/Sites/superuser/primary.css?v=4ddfcef680bd
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
via
1.1 varnish
last-modified
Thu, 15 Aug 2019 15:15:22 GMT
age
122700
x-served-by
cache-ams21037-AMS
vary
Accept-Encoding
x-cache
HIT
content-type
image/png
status
200
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1566005002.711439,VS0,VE0
content-length
72811
x-cache-hits
21159
integrator.js
adservice.google.de/adsid/ 		109 B
476 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=superuser.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 17 Aug 2019 01:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
476 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=superuser.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 17 Aug 2019 01:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
104
x-xss-protection
0
pubads_impl_2019080801.js
securepubads.g.doubleclick.net/gpt/ 		158 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019080801.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
sffe /
Resource Hash
dbc8d0bf25102c9e472c0ad2be7c307fbbb7c0a4c5951acfdeb1790af720cd0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 08 Aug 2019 13:06:01 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
59576
x-xss-protection
0
expires
Sat, 17 Aug 2019 01:23:21 GMT
analytics.js
www.google-analytics.com/ 		43 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
cec3748d0c3da4700300d5424aaea375b03550b0ee8b3dd38e242c4022261446
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 29 Jul 2019 21:35:27 GMT
server
Golfe2
age
6411
date
Fri, 16 Aug 2019 23:36:30 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
17724
expires
Sat, 17 Aug 2019 01:36:30 GMT
quant.js
secure.quantserve.com/ 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.152 , United Kingdom, ASN27281 (QUANTCAST - Quantcast Corporation, US),
Reverse DNS
Software
QS /
Resource Hash
404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 17 Aug 2019 01:23:21 GMT
Content-Encoding
gzip
Last-Modified
Sat, 17-Aug-2019 01:23:21 GMT
Server
QS
ETag
M0-e2b9884a
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=604800
Connection
keep-alive
Content-Length
5456
Expires
Sat, 24 Aug 2019 01:23:21 GMT
beacon.js
sb.scorecardresearch.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.214.103 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-103.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
76c393f564f53c19e795307e622edc8657a603f7a816c2646385697286d11313

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 17 Aug 2019 01:23:21 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=86400
Connection
keep-alive
Content-Length
902
Expires
Sun, 18 Aug 2019 01:23:21 GMT
full-anon.en.js
cdn.sstatic.net/Js/ 		215 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.sstatic.net/Js/full-anon.en.js?v=8716137b686d
Requested by
Host: cdn.sstatic.net
URL: https://cdn.sstatic.net/Js/stub.en.js?v=3e2db6f04a22
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
9447f0a4e450de509d55498e3b41bd8bd815d6603af26ed89d3f53f6d6a182f6

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
content-encoding
gzip
age
23445
x-cache
HIT
status
200
content-length
66492
x-served-by
cache-ams21037-AMS
access-control-allow-origin
stackoverflow.com
last-modified
Fri, 16 Aug 2019 18:50:44 GMT
x-timer
S1566005002.812049,VS0,VE0
vary
Accept-Encoding,Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800
accept-ranges
bytes
x-cache-hits
2775
post-validation.en.js
cdn.sstatic.net/Js/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.sstatic.net/Js/post-validation.en.js?v=e8e88c631c5d
Requested by
Host: cdn.sstatic.net
URL: https://cdn.sstatic.net/Js/stub.en.js?v=3e2db6f04a22
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
c9c0c8e7f6bd60c3febc29a13e9e73d48beac53468c86e7ef8a91f765c45bd06

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
content-encoding
gzip
age
105885
x-cache
HIT
status
200
content-length
3775
x-served-by
cache-ams21037-AMS
access-control-allow-origin
stackoverflow.com
last-modified
Thu, 15 Aug 2019 18:06:35 GMT
x-timer
S1566005002.845634,VS0,VE0
vary
Accept-Encoding,Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800
accept-ranges
bytes
x-cache-hits
2243
51b6
superuser.com/posts/892437/ivc/ 		0
376 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://superuser.com/posts/892437/ivc/51b6?_=1566005001640
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com
Strict-Transport-Security max-age=15552000
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

strict-transport-security
max-age=15552000
via
1.1 varnish
vary
Fastly-SSL
content-security-policy-report-only
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports
x-cache
MISS
status
204
x-request-guid
0d8559e1-361e-4bd9-b6ed-bda8fb84d9b1
x-dns-prefetch-control
off
x-served-by
cache-ams21037-AMS
x-timer
S1566005002.855007,VS0,VE81
date
Sat, 17 Aug 2019 01:23:21 GMT
x-frame-options
SAMEORIGIN
content-type
text/plain
cache-control
private
content-security-policy
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com
accept-ranges
bytes
x-cache-hits
0
collect
www.google-analytics.com/r/ 		35 B
241 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/r/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 17 Aug 2019 01:23:21 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
https://superuser.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
wmd-buttons.svg
cdn.sstatic.net/Img/unified/ 		9 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Img/unified/wmd-buttons.svg?v=8b134e4f9bb0
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
3ea42626d3d36b17c1b9347d111373389b9bf36fc6daf7e8773919f6e881c4ab

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://cdn.sstatic.net/Sites/superuser/primary.css?v=4ddfcef680bd
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:21 GMT
content-encoding
gzip
last-modified
Mon, 12 Aug 2019 18:33:28 GMT
age
356280
x-served-by
cache-ams21037-AMS
vary
Accept-Encoding,Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
status
200
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1566005002.881931,VS0,VE0
content-length
1618
via
1.1 varnish
x-cache-hits
56952
rules-p-c1rF4kxgLUzNc.js
rules.quantcount.com/ 		3 B
354 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-c1rF4kxgLUzNc.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:200c:b400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:20:35 GMT
via
1.1 d2625240b33e8b85b3cbea9bb40abb10.cloudfront.net (CloudFront)
last-modified
Sat, 04 Mar 2017 20:52:55 GMT
server
AmazonS3
age
539
etag
"8a80554c91d9fca8acb82f023de02f11"
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=86400
x-amz-cf-pop
FRA2
accept-ranges
bytes
content-length
3
x-amz-cf-id
SMzIKz87Wi9biuvkkD1CuwCiCjzLpoSTrKtPFzlLlitPORAMaBh88w==
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=17440561&ns__t=1566005001903&ns_c=UTF-8&cv=3.1e&c8=security%20-%20What%20do%20you%20do%20if%20you%20are%20being%20hacked%20by%20something%20coming%20from%...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=17440561&ns__t=1566005001903&ns_c=UTF-8&cv=3.1e&c8=security%20-%20What%20do%20you%20do%20if%20you%20are%20being%20hacked%20by%20something%20coming%20from...
0
248 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=17440561&ns__t=1566005001903&ns_c=UTF-8&cv=3.1e&c8=security%20-%20What%20do%20you%20do%20if%20you%20are%20being%20hacked%20by%20something%20coming%20from%20a%20supposedly%20legitimate%20IP%20address%20such%20as%20from%20Google%3F%20-%20Super%20User&c7=https%3A%2F%2Fsuperuser.com%2Fquestions%2F892437%2Fwhat-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg&c9=https%3A%2F%2Fwww.google.com%2F
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.214.103 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-103.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 17 Aug 2019 01:23:21 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=2&c2=17440561&ns__t=1566005001903&ns_c=UTF-8&cv=3.1e&c8=security%20-%20What%20do%20you%20do%20if%20you%20are%20being%20hacked%20by%20something%20coming%20from%20a%20supposedly%20legitimate%20IP%20address%20such%20as%20from%20Google%3F%20-%20Super%20User&c7=https%3A%2F%2Fsuperuser.com%2Fquestions%2F892437%2Fwhat-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg&c9=https%3A%2F%2Fwww.google.com%2F
Pragma
no-cache
Date
Sat, 17 Aug 2019 01:23:21 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
pixel;r=380773498;rf=0;a=p-c1rF4kxgLUzNc;url=https%3A%2F%2Fsuperuser.com%2Fquestions%2F892437%2Fwhat-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg;ref=https%3A%2F%2Fww...
pixel.quantserve.com/ 		35 B
494 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=380773498;rf=0;a=p-c1rF4kxgLUzNc;url=https%3A%2F%2Fsuperuser.com%2Fquestions%2F892437%2Fwhat-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg;ref=https%3A%2F%2Fwww.google.com%2F;fpan=1;fpa=P0-1406572043-1566005001925;ns=0;ce=1;qjs=1;qv=4c19192-20180628134937;cm=;je=0;sr=1600x1200x24;enc=n;dst=1;et=1566005001924;tzo=-120;ogl=type.website%2Curl.https%3A%2F%2Fsuperuser%252Ecom%2Fquestions%2F892437%2Fwhat-do-you-do-if-you-are-being-hacked-by%2Csite_name.Super%20User%2Cimage.https%3A%2F%2Fcdn%252Esstatic%252Enet%2FSites%2Fsuperuser%2Fimg%2Fapple-touch-icon%402%252Epng%3Fv%3De869e445943%2Ctitle.What%20do%20you%20do%20if%20you%20are%20being%20hacked%20by%20something%20coming%20from%20a%20supposedly%20leg%2Cdescription.Earlier%20today%20I%20was%20prompted%20to%20use%20a%20CAPTCHA%E2%80%94because%20of%20suspicious%20search%20activ
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.235 , United Kingdom, ASN27281 (QUANTCAST - Quantcast Corporation, US),
Reverse DNS
Software
QS /
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 17 Aug 2019 01:23:22 GMT
Server
QS
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control
private, no-cache, no-store, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
Fri, 04 Aug 1978 12:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		22 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=183883680504870&correlator=3957607901725532&output=ldjh&callback=googletag.impl.pubads.callbackProxy1&impl=fifs&adsid=NT&json_a=1&eid=21062420%2C21062832%2C21063636&vrg=2019080801&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504&sc=1&sfv=1-0-35&ecs=20190817&iu_parts=248424177%2Csuperuser.com%2Clb%2Cquestion-pages%2Cmlb%2Csb&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F4%2F3%2C%2F0%2F1%2F5%2F3&prev_iu_szs=728x90%2C728x90%2C300x250%7C300x600&cust_params=Registered%3Dfalse%26ron-tag%3Dsecurity%252Choneypot%26Sidebar%3DRight&cookie_enabled=1&bc=31&abxe=1&lmt=1566005002&dt=1566005002033&dlt=1566005001463&idt=538&frm=20&biw=1585&bih=1200&oid=3&adxs=-12245933%2C-12245933%2C-12245933&adys=-12245933%2C-12245933%2C-12245933&adks=1503356996%2C839699756%2C2001992165&ucis=1%7C2%7C3&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsuperuser.com%2Fquestions%2F892437%2Fwhat-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg&ref=https%3A%2F%2Fwww.google.com%2F&dssz=25&icsg=2690&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=726x704%7C726x2122%7C300x1718&msz=728x90%7C728x90%7C300x250&blev=1&bisch=1&ga_vid=234312853.1566005002&ga_sid=1566005002&ga_hid=1570848132&fws=132%2C132%2C128&ohw=728%2C728%2C0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019080801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
e4fc7dc4cd454f0393cdc390a2f7be8be226af1fbe5b62546084e430d96120d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:22 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
6886
x-xss-protection
0
google-lineitem-id
5048489407,-2,4386609485
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138268898702,-2,138208453911
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://superuser.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2019080801.js
securepubads.g.doubleclick.net/gpt/ 		66 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019080801.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019080801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
sffe /
Resource Hash
5a71ed7e2814d4c4ee366471671d531f71b36a63c7118c88aa58e54fbba21b18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 08 Aug 2019 13:06:01 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
25145
x-xss-protection
0
expires
Sat, 17 Aug 2019 01:23:22 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-35/html/ 		0
0
amp4ads-host-v0.js
cdn.ampproject.org/rtv/011907301630320/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011907301630320/amp4ads-host-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019080801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
cd457ff2b26cd2168a8cf8bfdf25b797915adf6df399119db14ee9438068c8d5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
etag
"372048504d8c8953"
age
1404454
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
7441
x-xss-protection
0
server
sffe
date
Wed, 31 Jul 2019 19:15:48 GMT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Thu, 30 Jul 2020 19:15:48 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/011907301630320/ Frame 27C4 		253 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011907301630320/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019080801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0de16b7cf53815ba8552904efb3880db6ef7c1c79f8da73cc0e0864103601138
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
etag
"c306f681e4e577a5"
age
706225
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
70529
x-xss-protection
0
server
sffe
date
Thu, 08 Aug 2019 21:12:57 GMT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Fri, 07 Aug 2020 21:12:57 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/011907301630320/v0/ Frame 27C4 		146 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011907301630320/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019080801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ad495978b12f6708cd046c41ce5390b6ffcb71402be19aa57db08ddc8c3eaba9
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
etag
"c47ca641e3725694"
age
152971
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
40779
x-xss-protection
0
server
sffe
date
Thu, 15 Aug 2019 06:53:51 GMT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Fri, 14 Aug 2020 06:53:51 GMT
truncated
/ Frame 27C4 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8e54aff913f79a3183d18a7be431a8efa4a0854580925395826321f5e817d959

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame B25C 		0
272 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsstRJIiAgrojCRmRcWdy4RJ6SUW9v4sTzyDhwaW20Ve-ykPxZPO8tsMrPvmXzPJZ1l5M7jsOjJRPRQR7fxbwPmCLVdIG4lZQ89Mz1eXiWORhgFEKHNJafp_0DssFK8tihrwm5T0vvdAmxYvSuU2ma2vdt7TpNxhRa9FZCMtz2Vq-zpvKunz4ms-RoAy7QrulDVOoBRe8pK1-CN3gK9ud95Rh6xBVv8_GDM-Jc3kfIgMhoE7RckeHU9RfPD3FLq05IyNSOp4eoxIpuee460O8rFFzR5Pdx5sgg&sai=AMfl-YTJ6vsih3RsrNkoGbOg43lpEZmpWVBQTMFt95gLdh_pIh5b68K6s841K0DWMe6ryHNi8jifiC-vpi8hZGByRNy0En6OR-UCed_vGWUw&sig=Cg0ArKJSzAkIyNYJmzB1EAE&urlfix=1&adurl=
Requested by
Host: www.google.com
URL: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=2ahUKEwiJ0JGU34jkAhWhoVwKHXaYDXIQFjABegQIARAB&url=https%3A%2F%2Fsuperuser.com%2Fquestions%2F892437%2Fwhat-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg&usg=AOvVaw3ey19t2uGoZ5A2a_pwY_7r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 17 Aug 2019 01:23:22 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
0
x-xss-protection
0
expires
Sat, 17 Aug 2019 01:23:22 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ Frame B25C 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019080801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 09 Jul 2019 03:50:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3360778
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
30306
x-xss-protection
0
last-modified
Fri, 24 Mar 2017 20:55:54 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jul 2020 03:50:24 GMT
community
superuser.com/ads/ Frame B25C 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://superuser.com/ads/community?id=so_community_div
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019080801.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.69 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
c69f8d2723c322ec6c2d0c4a1d41d864bb86c232be52c342474935c0c9368cc9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com
Strict-Transport-Security max-age=15552000
X-Frame-Options SAMEORIGIN

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
0
content-security-policy-report-only
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports
x-cache
MISS
status
200
x-request-guid
b9950032-52ff-4199-8cb9-65bed4a15de5
x-dns-prefetch-control
off
content-length
1178
x-served-by
cache-ams21037-AMS
x-timer
S1566005002.198621,VS0,VE82
x-frame-options
SAMEORIGIN
date
Sat, 17 Aug 2019 01:23:22 GMT
vary
Accept-Encoding,Fastly-SSL
content-type
text/javascript; charset=utf-8
via
1.1 varnish
cache-control
private
content-security-policy
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com
accept-ranges
bytes, bytes
x-cache-hits
0
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame B25C 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019080801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
22f9a3763a30e0c8e9a369df16597c5495cd9b42ecc560e304fed2646b2f70de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1565953966135968"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
28450
x-xss-protection
0
expires
Sat, 17 Aug 2019 01:23:22 GMT
osd.js
www.googletagservices.com/activeview/js/current/ 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019080801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0989a55075d46fb65315319f31af78fcf90a991699e17292ca403b1790533cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1565953966135968"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
28317
x-xss-protection
0
expires
Sat, 17 Aug 2019 01:23:22 GMT
2735792949360454598
tpc.googlesyndication.com/simgad/ Frame 27C4 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/2735792949360454598
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
2873c3b42e741caa20609cb8e212941b406737a2085bc8a2db48981f9db5e1d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 11 Jul 2019 15:42:08 GMT
x-content-type-options
nosniff
age
3145274
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
42157
x-xss-protection
0
last-modified
Tue, 30 Apr 2019 16:58:02 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jul 2020 15:42:08 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 27C4 		0
254 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss5HAMNsGTfvw-7d2H-mhqPn-s4oTegmPcZ4RHcnzLBNyfc5CpbNzTtrw4pf7CIhLtM3KDClvqC7LMhSjXQnf0QumwTNDK_UB8esmOxm9X3-qV0gDHOZRcu98CHr-iL6bROPZwbdHH638hJYfzng5hTlAgqVtD5EtkjuFzqZBWc1eTE8GO7N3K42ZZYmh2DgHlPspdMh6_pZMPslcWhYBNYCdFsGTNxW-qET_UPKK-pbOh4e1bDJNN5HEhIWQlBElRmhYSYZna3aFSddKQ7y173_YL92bEuuQ&sai=AMfl-YSz4iaP76JptkYylR9Bz9JqEdx9VPUxZiITmKm0q0Nc1WCWD5m3PiP8Jm3adNUylhBs2BO3oMaLi7VG-Rm4KCmuaIG7QA_flqroWTz9&sig=Cg0ArKJSzEvdXIGUZWzBEAE&adurl=
Requested by
Host: superuser.com
URL: https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 17 Aug 2019 01:23:22 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
0
x-xss-protection
0
expires
Sat, 17 Aug 2019 01:23:22 GMT
truncated
/ Frame B25C 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
774e9ec593e3ef22350fbabb96bad1b2f2489937a5e5bd9113efcf207e1277b6

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
TvuL9.png
i.stack.imgur.com/ Frame B25C 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.stack.imgur.com/TvuL9.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.16.27.34 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e2d884f1bfb7662030afe2c23084f44d72b7c939c5c4e8cc1363d6461223b15

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 01:23:22 GMT
cf-cache-status
HIT
age
323741
status
200
content-type
image/png
content-length
4705
last-modified
Fri, 15 Jan 2016 03:00:00 GMT
server
cloudflare
etag
"be98417d82d78a09b290ceb026b3a7fe"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
0sQ6dzPgVgJA_pSJVErJ_5o69yJm2flG
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
5077d7a07abad8f9-AMS
expires
Tue, 14 Aug 2029 01:23:22 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 27C4 		42 B
420 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsskf6r1Ee8MEfoofAh32io0il5A8ntz0AItRKGXI9Z6m7lJ0yc-ms7UDkY8GJnHJhuookwgeNmcBJLHJDz1hxvIi2XLEez0jaw26aGwQVI&sig=Cg0ArKJSzMpri_cBgN8fEAE&id=ampim&o=349,527&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=54&tls=1055&g=100&h=100&pt=81&tt=1055&rpt=81&rst=1566005002182&r=v&adk=1503356996&avms=ampa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 17 Aug 2019 01:23:23 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame B25C 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsumK2E-06swhVFP_YcZ-K6Pzt_iRGeZfJDN_RBUghxC4sVlxDwmfImgeXNcDg5U8CYcabOXmnoq8X2WUSrNVjMmhIYjEapTI508HZAqs_U&sig=Cg0ArKJSzLV_zU7PRMSGEAE&adk=2001992165&tt=1123&bs=1585%2C1200&mtos=1020,1020,1020,1020,1020&tos=1020,0,0,0,0&p=795,1099.5,1045,1399.5&mcvt=1020&rs=3&ht=0&tfs=111&tls=1131&mc=1&lte=1&bas=0&bac=0&met=0&avms=nio&niot_obs=7&niot_cbk=13&md=2&rst=1566005002189&rpt=113&isd=0&msd=0&lm=2&oseid=3&xdi=0&ps=1585%2C3767&ss=1600%2C1200&pt=10&bin=1&deb=1-1-1-9-12-11-13-11-0-0-0&tvt=1126&r=v&id=osdim&vs=4&uc=11&upc=1&tgt=DIV&cl=1&cec=1&clc=1&cac=1&cd=0x0&itpl=19&v=20190816
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://superuser.com/questions/892437/what-do-you-do-if-you-are-being-hacked-by-something-coming-from-a-supposedly-leg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 17 Aug 2019 01:23:23 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
tpc.googlesyndication.com
URL
https://tpc.googlesyndication.com/safeframe/1-0-35/html/container.html

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| IsMalwareProxy object| StackExchange object| jQuery112409200237187244693 object| clc object| googletag object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken object| _qevents object| _comscore string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins function| moveScroller function| initTagRenderer function| showFadingHelpText function| initFadingHelpText function| styleCode object| UniversalAuth function| Svg function| __extends object| Stacks function| EventEmitter function| klass object| Stimulus function| Popper function| tagRendererRaw function| tagRenderer object| gaGlobal object| gaData function| quantserve function| __qc object| ezt object| _qoptions function| udm_ object| ns_p object| COMSCORE undefined| google_measure_js_timing boolean| google_noFetch number| __google_ad_urls_id number| google_unique_id object| google_reactive_ads_global_state function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter object| __google_ad_urls object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired object| AMP_CONFIG object| log object| AMPErrors boolean| ampInaboxInitialized object| AMP_MODE function| reportError object| ampInaboxPositionObserver object| AMP function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb

5 Cookies

Domain/Path Name / Value
.superuser.com/ Name: _gid
Value: GA1.2.304145545.1566005002
.superuser.com/ Name: __qca
Value: P0-1406572043-1566005001925
.superuser.com/ Name: _ga
Value: GA1.2.234312853.1566005002
.superuser.com/ Name: _gat
Value: 1
.superuser.com/ Name: prov
Value: 4eb1f27b-e99e-af94-adaa-4421962ac42c

1 Console Messages

Source Level URL
Text
console-api info URL: https://cdn.ampproject.org/rtv/011907301630320/amp4ads-v0.js(Line 523)
Message:
Powered by AMP ⚡ HTML – Version 1907301630320

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
ajax.googleapis.com
cdn.ampproject.org
cdn.sstatic.net
i.stack.imgur.com
pagead2.googlesyndication.com
pixel.quantserve.com
rules.quantcount.com
sb.scorecardresearch.com
secure.quantserve.com
securepubads.g.doubleclick.net
superuser.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gravatar.com
tpc.googlesyndication.com
104.111.214.103
104.16.27.34
151.101.193.69
216.58.207.66
2600:9000:200c:b400:6:44e3:f8c0:93a1
2a00:1450:4001:806::200e
2a00:1450:4001:814::2001
2a00:1450:4001:815::2001
2a00:1450:4001:819::2004
2a00:1450:4001:81d::200a
2a00:1450:4001:81f::2002
2a00:1450:4001:820::2002
2a04:fa87:fffe::c000:4902
91.228.74.152
91.228.74.235
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0989a55075d46fb65315319f31af78fcf90a991699e17292ca403b1790533cfa
0a30d4caba59f2c2be55b5e2c3dd6d8f47b0b74f4fb20be2fe76822d16384062
0de16b7cf53815ba8552904efb3880db6ef7c1c79f8da73cc0e0864103601138
192d3ef49c53a1ed3933762a692a209c8419a947288c207dc9dc4b0d79815216
22f9a3763a30e0c8e9a369df16597c5495cd9b42ecc560e304fed2646b2f70de
2873c3b42e741caa20609cb8e212941b406737a2085bc8a2db48981f9db5e1d4
3907562e54f3eafa77ab0e4a3a8ddaba3f5452f12ee844e569d395d53360d8ba
3e2d884f1bfb7662030afe2c23084f44d72b7c939c5c4e8cc1363d6461223b15
3ea42626d3d36b17c1b9347d111373389b9bf36fc6daf7e8773919f6e881c4ab
404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176
46a22150b8dc486a0fa9d2202b8a9b112bcfe677863948be8ce50c863e5aad67
5a71ed7e2814d4c4ee366471671d531f71b36a63c7118c88aa58e54fbba21b18
5f5b8052ca8a15f1c2f0248f38d29dcba23b82fe0df182b595d772f80fd4a7c0
635dd240d912075a79a32839d6435c409f6fb8ec04b07c52cd83a6f809ccea42
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
7132df0c323abea13348dbf4883cab9ca35b92d021fd0de879e07175da8fa008
75a571ad154e2986c757765df566f723ba821c52db4a732deb55cd37d1ccfb2e
76c393f564f53c19e795307e622edc8657a603f7a816c2646385697286d11313
774e9ec593e3ef22350fbabb96bad1b2f2489937a5e5bd9113efcf207e1277b6
788ad8ced976b93f05f7585c450cc5af73f12baf511fa0f4aaa3756044f96254
7fe202cad2ed5c1a4cb27bcad2d600366a1c33c8fd7d642d72da6e3b25be2c7c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8e54aff913f79a3183d18a7be431a8efa4a0854580925395826321f5e817d959
8f13c0d11b67a6768d64430789c93afef93f8c26ebd0346ae5902fb0fd2023d6
9447f0a4e450de509d55498e3b41bd8bd815d6603af26ed89d3f53f6d6a182f6
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
ad495978b12f6708cd046c41ce5390b6ffcb71402be19aa57db08ddc8c3eaba9
b00284ac4e53539f2a57419e54292ad6a0970416181a8fa52c11806d4116a8be
b326e87c6bf5e7526c2932a745a9c50f9f6357abd98a71fb184d8ea321ef5390
b87000052da5d9a8286f70bffdf65991611976554df282ca02ce7cd4eebbc00a
b92466dfd407ccdafc3b0bd41d062b760db45561ae82d91308d5fcd88f6b20c0
c69f8d2723c322ec6c2d0c4a1d41d864bb86c232be52c342474935c0c9368cc9
c9c0c8e7f6bd60c3febc29a13e9e73d48beac53468c86e7ef8a91f765c45bd06
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd457ff2b26cd2168a8cf8bfdf25b797915adf6df399119db14ee9438068c8d5
cec3748d0c3da4700300d5424aaea375b03550b0ee8b3dd38e242c4022261446
dbc8d0bf25102c9e472c0ad2be7c307fbbb7c0a4c5951acfdeb1790af720cd0b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4fc7dc4cd454f0393cdc390a2f7be8be226af1fbe5b62546084e430d96120d8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4d6ff8fdd6170f5573ef22c176f3f186115968c64fed7fe1725f7dc8bc86010