urlscan.io logo urlscan.io
SecurityTrails logo

security.stackexchange.com Open in urlscan Pro
151.101.65.69  Public Scan

Go To Rescan Add Verdict Report
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Submission Tags: falconsandbox
Submission: On December 19 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 5 countries across 14 domains to perform 43 HTTP transactions. The main IP is 151.101.65.69, located in United States and belongs to FASTLY, US. The main domain is security.stackexchange.com.
TLS certificate: Issued by R3 on December 3rd 2020. Valid for: 3 months.
This is the only time security.stackexchange.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

16    151.101.65.69 (United States)

ASN54113 (FASTLY, US)
security.stackexchange.com
cdn.sstatic.net
1    2a00:1450:4001:814::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)
graph.facebook.com
2    2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)
www.gravatar.com
5    172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f2.1e100.net
securepubads.g.doubleclick.net
2    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2620:116:800d:21:f916:5049:f87f:108e (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
3    104.111.238.139 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-238-139.deploy.static.akamaitechnologies.com
sb.scorecardresearch.com
1    2600:9000:2204:b600:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
1    2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.pl
adservice.google.com
2    2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
c1075e7485c175f378c3dc63de652a26.safeframe.googlesyndication.com
3    2a00:1450:4001:81d::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
3    2a00:1450:4001:81f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
pagead2.googlesyndication.com
Domain Requested by
14 cdn.sstatic.net security.stackexchange.com
cdn.sstatic.net
5 securepubads.g.doubleclick.net security.stackexchange.com
securepubads.g.doubleclick.net
3 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
3 sb.scorecardresearch.com 1 redirects security.stackexchange.com
2 pagead2.googlesyndication.com securepubads.g.doubleclick.net
2 c1075e7485c175f378c3dc63de652a26.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 www.google-analytics.com security.stackexchange.com
www.google-analytics.com
2 www.gravatar.com security.stackexchange.com
2 security.stackexchange.com ajax.googleapis.com
1 www.googletagservices.com securepubads.g.doubleclick.net
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.pl securepubads.g.doubleclick.net
1 stats.g.doubleclick.net www.google-analytics.com
1 pixel.quantserve.com security.stackexchange.com
1 rules.quantcount.com secure.quantserve.com
1 secure.quantserve.com security.stackexchange.com
1 graph.facebook.com security.stackexchange.com
1 ajax.googleapis.com security.stackexchange.com
43 18

This site contains links to these domains. Also see Links.

Domain
stackoverflow.com
stackexchange.com
security.meta.stackexchange.com
stackoverflowbusiness.com
chat.stackexchange.com
stackoverflow.blog
creativecommons.org
srlabs.de
www.avira.com
meta.stackexchange.com
askubuntu.com
ell.stackexchange.com
rpg.stackexchange.com
history.stackexchange.com
codegolf.stackexchange.com
electronics.stackexchange.com
worldbuilding.stackexchange.com
codereview.stackexchange.com
space.stackexchange.com
retrocomputing.stackexchange.com
unix.stackexchange.com
biology.stackexchange.com
mathematica.stackexchange.com
ethereum.stackexchange.com
writing.stackexchange.com
diy.stackexchange.com
law.stackexchange.com
engineering.stackexchange.com
serverfault.com
superuser.com
webapps.stackexchange.com
webmasters.stackexchange.com
gamedev.stackexchange.com
tex.stackexchange.com
softwareengineering.stackexchange.com
apple.stackexchange.com
wordpress.stackexchange.com
gis.stackexchange.com
android.stackexchange.com
dba.stackexchange.com
drupal.stackexchange.com
sharepoint.stackexchange.com
ux.stackexchange.com
salesforce.stackexchange.com
expressionengine.stackexchange.com
pt.stackoverflow.com
blender.stackexchange.com
networkengineering.stackexchange.com
crypto.stackexchange.com
magento.stackexchange.com
softwarerecs.stackexchange.com
dsp.stackexchange.com
emacs.stackexchange.com
raspberrypi.stackexchange.com
ru.stackoverflow.com
es.stackoverflow.com
datascience.stackexchange.com
arduino.stackexchange.com
bitcoin.stackexchange.com
sqa.stackexchange.com
sound.stackexchange.com
windowsphone.stackexchange.com
photo.stackexchange.com
scifi.stackexchange.com
graphicdesign.stackexchange.com
movies.stackexchange.com
music.stackexchange.com
video.stackexchange.com
cooking.stackexchange.com
money.stackexchange.com
academia.stackexchange.com
fitness.stackexchange.com
gardening.stackexchange.com
parenting.stackexchange.com
english.stackexchange.com
skeptics.stackexchange.com
judaism.stackexchange.com
travel.stackexchange.com
christianity.stackexchange.com
japanese.stackexchange.com
chinese.stackexchange.com
french.stackexchange.com
german.stackexchange.com
hermeneutics.stackexchange.com
spanish.stackexchange.com
islam.stackexchange.com
rus.stackexchange.com
russian.stackexchange.com
gaming.stackexchange.com
bicycles.stackexchange.com
anime.stackexchange.com
puzzling.stackexchange.com
mechanics.stackexchange.com
boardgames.stackexchange.com
bricks.stackexchange.com
homebrew.stackexchange.com
martialarts.stackexchange.com
outdoors.stackexchange.com
poker.stackexchange.com
chess.stackexchange.com
sports.stackexchange.com
mathoverflow.net
math.stackexchange.com
stats.stackexchange.com
cstheory.stackexchange.com
physics.stackexchange.com
chemistry.stackexchange.com
cs.stackexchange.com
philosophy.stackexchange.com
linguistics.stackexchange.com
psychology.stackexchange.com
scicomp.stackexchange.com
stackapps.com
api.stackexchange.com
data.stackexchange.com
www.facebook.com
twitter.com
linkedin.com
www.instagram.com
Subject Issuer Validity Valid
*.stackexchange.com
R3		 2020-12-03 -
2021-03-03		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-11-02 -
2021-01-30		 3 months crt.sh
*.gravatar.com
Sectigo RSA Domain Validation Secure Server CA		 2020-08-14 -
2022-11-16		 2 years crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA		 2020-10-02 -
2021-10-07		 a year crt.sh
sb.scorecardresearch.com
DigiCert Secure Site ECC CA-1		 2020-07-17 -
2021-06-02		 a year crt.sh
*.google.pl
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
*.googleusercontent.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://security.stackexchange.com/questions/97689/a-compromised-usb
Frame ID: BA59304CDA0C7841FE6732C6A487101F
Requests: 41 HTTP requests in this frame

Frame: https://c1075e7485c175f378c3dc63de652a26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: DBCD7257E871B76EFFBC8524737E63DB
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 240AD331E95D969658689FAD3AF5E698
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers vary /Fastly-SSL/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /\.quantserve\.com\/quant\.js/i
Overall confidence: 100%
Detected patterns
  • html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
  • script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

43
Requests

100 %
HTTPS

79 %
IPv6

14
Domains

18
Subdomains

14
IPs

5
Countries

558 kB
Transfer

1838 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26
  • https://sb.scorecardresearch.com/b?c1=2&c2=17440561&ns__t=1608405294597&ns_c=UTF-8&cv=3.5&c8=malware%20-%20A%20compromised%20USB%20-%20Information%20Security%20Stack%20Exchange&c7=https%3A%2F%2Fsecurity.stackexchange.com%2Fquestions%2F97689%2Fa-compromised-usb&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=17440561&ns__t=1608405294597&ns_c=UTF-8&cv=3.5&c8=malware%20-%20A%20compromised%20USB%20-%20Information%20Security%20Stack%20Exchange&c7=https%3A%2F%2Fsecurity.stackexchange.com%2Fquestions%2F97689%2Fa-compromised-usb&c9=&cs_ak_ss=1

43 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request a-compromised-usb
security.stackexchange.com/questions/97689/ 		165 KB
40 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5a2bb6387c7fd815985ad2e1383b1ac929d631e35c5bbf26d0339f8ede682aa1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com
Strict-Transport-Security max-age=15552000
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
security.stackexchange.com
:scheme
https
:path
/questions/97689/a-compromised-usb
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cache-control
private
content-type
text/html; charset=utf-8
content-encoding
gzip
server
Microsoft-IIS/10.0
strict-transport-security
max-age=15552000
x-route-name
Questions/Show
x-frame-options
SAMEORIGIN
x-sql-count
5
x-sql-duration-ms
18
x-flags
AA
x-aspnet-duration-ms
23
x-request-guid
542c27b7-8262-4f1c-8427-2b1fa09d5b0c
x-is-crawler
0
x-providence-cookie
39ef05bf-df8b-d588-b6e9-85635f579cec
content-security-policy
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com
x-page-view
1
accept-ranges
bytes
date
Sat, 19 Dec 2020 19:14:54 GMT
via
1.1 varnish
x-served-by
cache-hhn4060-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1608405294.932325,VS0,VE122
vary
Accept-Encoding,Fastly-SSL
x-dns-prefetch-control
off
set-cookie
prov=39ef05bf-df8b-d588-b6e9-85635f579cec; domain=.stackexchange.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Dec 2020 13:22:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
193968
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33951
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 17 Dec 2021 13:22:06 GMT
stub.en.js
cdn.sstatic.net/Js/ 		47 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.sstatic.net/Js/stub.en.js?v=95d1ce093683
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
1e8734f7c2580b1d9e60520c9db5f2bc2ff1ae3c5572ef80db61440c31341835

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
content-encoding
gzip
age
72894
x-cache
HIT
content-length
16145
x-served-by
cache-hhn4060-HHN
access-control-allow-origin
stackoverflow.com
last-modified
Fri, 18 Dec 2020 22:58:05 GMT
server
Microsoft-IIS/10.0
x-timer
S1608405294.115832,VS0,VE0
vary
Accept-Encoding,Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800
accept-ranges
bytes
x-cache-hits
8191
stacks.css
cdn.sstatic.net/Shared/ 		307 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.sstatic.net/Shared/stacks.css?v=50b8afc7d7a9
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
54ad6053e519325b9b5be0450251d68ff8191be7c5fca40cd9c0dcee997a55dc

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
content-encoding
gzip
age
182445
x-cache
HIT
content-length
35355
x-served-by
cache-hhn4060-HHN
access-control-allow-origin
*
last-modified
Thu, 17 Dec 2020 16:29:06 GMT
server
Microsoft-IIS/10.0
x-timer
S1608405294.115373,VS0,VE0
vary
Accept-Encoding,Accept-Encoding
content-type
text/css
via
1.1 varnish
cache-control
max-age=604800
accept-ranges
bytes
x-cache-hits
30044
primary.css
cdn.sstatic.net/Sites/security/ 		325 KB
61 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.sstatic.net/Sites/security/primary.css?v=e3d17c9eaa13
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
cdd3b91333017ea8cfb6c95a71cb5d7b806345f6b81057775b0900a8eed1291d

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
via
1.1 varnish
last-modified
Tue, 15 Dec 2020 14:51:17 GMT
server
Microsoft-IIS/10.0
age
361326
x-served-by
cache-hhn4060-HHN
vary
Accept-Encoding,Accept-Encoding
x-cache
HIT
content-type
text/css
content-encoding
gzip
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1608405294.115825,VS0,VE1
content-length
62177
x-cache-hits
1
anonymousHeroQuestions.svg
cdn.sstatic.net/Img/hero/ 		347 B
527 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Img/hero/anonymousHeroQuestions.svg?v=748bfb046b78
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
0a30d4caba59f2c2be55b5e2c3dd6d8f47b0b74f4fb20be2fe76822d16384062

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
via
1.1 varnish
last-modified
Mon, 14 Dec 2020 19:07:39 GMT
server
Microsoft-IIS/10.0
age
364990
x-served-by
cache-hhn4060-HHN
vary
Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1608405294.216716,VS0,VE0
content-length
347
x-cache-hits
24584
anonymousHeroAnswers.svg
cdn.sstatic.net/Img/hero/ 		510 B
605 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Img/hero/anonymousHeroAnswers.svg?v=d5348b00eddc
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5f5b8052ca8a15f1c2f0248f38d29dcba23b82fe0df182b595d772f80fd4a7c0

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
via
1.1 varnish
last-modified
Wed, 16 Dec 2020 21:53:10 GMT
server
Microsoft-IIS/10.0
age
238369
x-served-by
cache-hhn4060-HHN
vary
Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1608405294.239140,VS0,VE0
content-length
510
x-cache-hits
14914
anonymousHeroUpvote.svg
cdn.sstatic.net/Img/hero/ 		404 B
487 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Img/hero/anonymousHeroUpvote.svg?v=af2bb70d5d1b
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
3907562e54f3eafa77ab0e4a3a8ddaba3f5452f12ee844e569d395d53360d8ba

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
via
1.1 varnish
last-modified
Wed, 16 Dec 2020 21:53:10 GMT
server
Microsoft-IIS/10.0
age
242555
x-served-by
cache-hhn4060-HHN
vary
Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1608405294.274643,VS0,VE0
content-length
404
x-cache-hits
15025
logo.svg
cdn.sstatic.net/Sites/security/Img/ 		9 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Sites/security/Img/logo.svg?v=f9d04c44487b
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
30b97dc4cfd3062f2a2065d1e1b4b10a7b03f40c1aeb3422133060f01f6877db

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
via
1.1 varnish
last-modified
Wed, 16 Dec 2020 21:53:12 GMT
server
Microsoft-IIS/10.0
age
225836
x-served-by
cache-hhn4060-HHN
vary
Accept-Encoding,Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
content-encoding
gzip
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1608405294.274805,VS0,VE0
content-length
3362
x-cache-hits
1
anonymousHeroBackground.svg
cdn.sstatic.net/Img/hero/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Img/hero/anonymousHeroBackground.svg?v=b7f6054406b5
Requested by
Host: cdn.sstatic.net
URL: https://cdn.sstatic.net/Sites/security/primary.css?v=e3d17c9eaa13
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
3a2703d9e9b2b4fe6436a89b9720cebe354cc4d4c2d00a643cdd3b25a1459459

Request headers

Referer
https://cdn.sstatic.net/Sites/security/primary.css?v=e3d17c9eaa13
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
via
1.1 varnish
last-modified
Wed, 16 Dec 2020 21:53:10 GMT
server
Microsoft-IIS/10.0
age
238758
x-served-by
cache-hhn4060-HHN
vary
Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1608405294.288290,VS0,VE0
content-length
1661
x-cache-hits
15557
header-foreground.svg
cdn.sstatic.net/Sites/security/img/ 		873 B
953 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Sites/security/img/header-foreground.svg?v=621bb09b5524
Requested by
Host: cdn.sstatic.net
URL: https://cdn.sstatic.net/Sites/security/primary.css?v=e3d17c9eaa13
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
160d7cb4a27a4c736b874d5db0462a0b1e3c8af6de12d8978f0089416ef47a2d

Request headers

Referer
https://cdn.sstatic.net/Sites/security/primary.css?v=e3d17c9eaa13
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
via
1.1 varnish
last-modified
Wed, 16 Dec 2020 21:53:12 GMT
server
Microsoft-IIS/10.0
age
229787
x-served-by
cache-hhn4060-HHN
vary
Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1608405294.288271,VS0,VE0
content-length
873
x-cache-hits
1
picture
graph.facebook.com/602592666510785/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://graph.facebook.com/602592666510785/picture?type=large
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin
*
082a4401306decf204b7eeffd88deffa
www.gravatar.com/avatar/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gravatar.com/avatar/082a4401306decf204b7eeffd88deffa?s=32&d=identicon&r=PG
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
17acfafdbafd9cbd49ba277430e09d3516cfd3d84e9741889b825bc702cfa1b1

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc
HIT ams 4
date
Sat, 19 Dec 2020 19:14:54 GMT
last-modified
Thu, 01 Sep 2011 06:24:06 GMT
server
nginx
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="082a4401306decf204b7eeffd88deffa.jpeg"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/082a4401306decf204b7eeffd88deffa?s=32&d=identicon&r=PG>; rel="canonical"
content-length
1206
expires
Sat, 19 Dec 2020 19:19:54 GMT
e64d3e18f7e569051d746fa8e4806e29
www.gravatar.com/avatar/ 		658 B
812 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gravatar.com/avatar/e64d3e18f7e569051d746fa8e4806e29?s=32&d=identicon&r=PG
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
b7d203394370a1c0ab5f6f886e44ae1b112a6f3ae2fcc6b9ccb21bd84c988b22

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc
HIT ams 4
date
Sat, 19 Dec 2020 19:14:54 GMT
last-modified
Wed, 11 Jan 1984 08:00:00 GMT
server
nginx
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/e64d3e18f7e569051d746fa8e4806e29?s=32&d=identicon&r=PG>; rel="canonical"
content-length
658
expires
Sat, 19 Dec 2020 19:19:54 GMT
sprites.svg
cdn.sstatic.net/Sites/security/img/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Sites/security/img/sprites.svg?v=b30b85ca0b6c
Requested by
Host: cdn.sstatic.net
URL: https://cdn.sstatic.net/Sites/security/primary.css?v=e3d17c9eaa13
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
62d4d42970da4977a71912dea3857ed3baee6d7f4ea7ea7564e1c892ed71e5d7

Request headers

Referer
https://cdn.sstatic.net/Sites/security/primary.css?v=e3d17c9eaa13
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
via
1.1 varnish
last-modified
Wed, 16 Dec 2020 21:53:12 GMT
server
Microsoft-IIS/10.0
age
229363
x-served-by
cache-hhn4060-HHN
vary
Accept-Encoding,Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
content-encoding
gzip
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1608405294.313471,VS0,VE0
content-length
1092
x-cache-hits
1
favicons-sprite16.png
cdn.sstatic.net/Img/ 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Img/favicons-sprite16.png?v=f4676f10d215
Requested by
Host: cdn.sstatic.net
URL: https://cdn.sstatic.net/Sites/security/primary.css?v=e3d17c9eaa13
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d2acb71750daca2f12a10be625f42849783c8f1bb382bb793c0285e106fb39c6

Request headers

Referer
https://cdn.sstatic.net/Sites/security/primary.css?v=e3d17c9eaa13
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
via
1.1 varnish
last-modified
Wed, 16 Dec 2020 21:53:10 GMT
server
Microsoft-IIS/10.0
age
242072
x-served-by
cache-hhn4060-HHN
vary
Accept-Encoding
x-cache
HIT
content-type
image/png
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1608405294.398975,VS0,VE0
content-length
79830
x-cache-hits
30727
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		54 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
sffe /
Resource Hash
e9cf43afad0cd90d17eb4e1dd9fbd5e8bd2cf07ace134853680e06dcc1ef5ef1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"729 / 512 of 1000 / last-modified: 1608034737"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18850
x-xss-protection
0
expires
Sat, 19 Dec 2020 19:14:54 GMT
analytics.js
www.google-analytics.com/ 		46 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
4201
date
Sat, 19 Dec 2020 18:04:53 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Sat, 19 Dec 2020 20:04:53 GMT
quant.js
secure.quantserve.com/ 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
437afd9de21717c919be3f40f686b33170f2447dc03ded0fc00ac0cc41839854

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
content-encoding
gzip
etag
"8q1rat7Mm9i+FVcOidF8/g=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Sat, 26 Dec 2020 19:14:54 GMT
beacon.js
sb.scorecardresearch.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.238.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-238-139.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 19 Dec 2020 19:14:54 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=86400
Connection
keep-alive
Content-Length
884
Expires
Sun, 20 Dec 2020 19:14:54 GMT
full-anon.en.js
cdn.sstatic.net/Js/ 		248 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.sstatic.net/Js/full-anon.en.js?v=5161fccab23c
Requested by
Host: cdn.sstatic.net
URL: https://cdn.sstatic.net/Js/stub.en.js?v=95d1ce093683
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
299a4fbec2636ab35f7cbd3a19bc659635c79b9f28bea6af49571ef2637d0f1d

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
content-encoding
gzip
age
280872
x-cache
HIT
content-length
75603
x-served-by
cache-hhn4060-HHN
access-control-allow-origin
stackoverflow.com
last-modified
Wed, 16 Dec 2020 13:11:30 GMT
server
Microsoft-IIS/10.0
x-timer
S1608405294.423069,VS0,VE0
vary
Accept-Encoding,Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800
accept-ranges
bytes
x-cache-hits
7479
rules-p-c1rF4kxgLUzNc.js
rules.quantcount.com/ 		3 B
346 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-c1rF4kxgLUzNc.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2204:b600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:32 GMT
via
1.1 24562ce7bb1d06e6505e84aac2d66ac7.cloudfront.net (CloudFront)
last-modified
Sat, 04 Mar 2017 20:52:55 GMT
server
AmazonS3
age
23
etag
"8a80554c91d9fca8acb82f023de02f11"
x-cache
Hit from cloudfront
content-type
application/x-javascript
cache-control
max-age=86400
x-amz-cf-pop
AMS50-C1
accept-ranges
bytes
content-length
3
x-amz-cf-id
18rRaSOBUEKllqk6nYkM1sYqMakOfYXIRUBlh4Df1K1brK2cf3tLTA==
pixel;r=1310422752;rf=0;uht=2;a=p-c1rF4kxgLUzNc;url=https%3A%2F%2Fsecurity.stackexchange.com%2Fquestions%2F97689%2Fa-compromised-usb;fpan=1;fpa=P0-429153800-1608405294477;ns=0;ce=1;qjs=1;qv=58f0669...
pixel.quantserve.com/ 		35 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1310422752;rf=0;uht=2;a=p-c1rF4kxgLUzNc;url=https%3A%2F%2Fsecurity.stackexchange.com%2Fquestions%2F97689%2Fa-compromised-usb;fpan=1;fpa=P0-429153800-1608405294477;ns=0;ce=1;qjs=1;qv=58f0669e-20201210192756;cm=;gdpr=0;ref=;d=stackexchange.com;je=0;sr=1600x1200x24;dst=1;et=1608405294476;tzo=-60;ogl=type.website%2Curl.https%3A%2F%2Fsecurity%252Estackexchange%252Ecom%2Fquestions%2F97689%2Fa-compromised-usb%2Csite_name.Information%20Security%20Stack%20Exchange%2Cimage.https%3A%2F%2Fcdn%252Esstatic%252Enet%2FSites%2Fsecurity%2FImg%2Fapple-touch-icon%402%252Epng%3Fv%3D497726d850f9%2Ctitle.A%20compromised%20USB%2Cdescription.Assuming%20that%20a%20given%20USB%20drive%20is%20compromised(infected)%252C%20what's%20the%20best%20way%20to
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 19 Dec 2020 19:14:54 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
post-validation.en.js
cdn.sstatic.net/Js/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.sstatic.net/Js/post-validation.en.js?v=84327ab5c35a
Requested by
Host: cdn.sstatic.net
URL: https://cdn.sstatic.net/Js/stub.en.js?v=95d1ce093683
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5d4ebda19952d94be990117f466bd755e798c61b2c868687aaabb3b60368360e

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
content-encoding
gzip
age
72894
x-cache
HIT
content-length
3987
x-served-by
cache-hhn4060-HHN
access-control-allow-origin
stackoverflow.com
last-modified
Fri, 18 Dec 2020 22:57:58 GMT
server
Microsoft-IIS/10.0
x-timer
S1608405295.562571,VS0,VE0
vary
Accept-Encoding,Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800
accept-ranges
bytes
x-cache-hits
6650
5de7
security.stackexchange.com/posts/97689/ivc/ 		0
455 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://security.stackexchange.com/posts/97689/ivc/5de7?_=1608405294114
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com
Strict-Transport-Security max-age=15552000
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
x-providence-cookie
39ef05bf-df8b-d588-b6e9-85635f579cec
x-sql-count
5
x-flags
AA
x-sql-duration-ms
1
x-route-name
Questions/IncrementViewCount
x-cache
MISS
x-dns-prefetch-control
off
x-served-by
cache-hhn4060-HHN
server
Microsoft-IIS/10.0
cache-control
private
x-timer
S1608405295.573965,VS0,VE89
x-frame-options
SAMEORIGIN
date
Sat, 19 Dec 2020 19:14:54 GMT
vary
Fastly-SSL
content-type
text/html
via
1.1 varnish
x-aspnet-duration-ms
2
x-is-crawler
0
content-security-policy
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com
accept-ranges
bytes
x-request-guid
afe1681c-77e9-40c5-a06d-e1bdefb3d571
x-cache-hits
0
collect
www.google-analytics.com/j/ 		2 B
395 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1962303548&t=pageview&_s=1&dl=https%3A%2F%2Fsecurity.stackexchange.com%2Fquestions%2F97689%2Fa-compromised-usb&dp=%2Fquestions%2F97689%2Fa-compromised-usb&ul=en-us&de=UTF-8&dt=malware%20-%20A%20compromised%20USB%20-%20Information%20Security%20Stack%20Exchange&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAAAABEAAAAC~&jid=604589157&gjid=408402577&cid=109140531.1608405295&tid=UA-108242619-5&_gid=1815926100.1608405295&_r=1&cd42=0&cd2=%7Cmalware%7Cusb%7C&cd3=Questions%2FShow&z=1666360498
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 19 Dec 2020 19:14:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://security.stackexchange.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
wmd-buttons.svg
cdn.sstatic.net/Img/unified/ 		11 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.sstatic.net/Img/unified/wmd-buttons.svg?v=c26278fc22d9
Requested by
Host: cdn.sstatic.net
URL: https://cdn.sstatic.net/Sites/security/primary.css?v=e3d17c9eaa13
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.69 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
2a9855571bbb6cd14a072440287014799e0f1b31b372be2590e2def8da6f5377

Request headers

Referer
https://cdn.sstatic.net/Sites/security/primary.css?v=e3d17c9eaa13
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
via
1.1 varnish
last-modified
Wed, 16 Dec 2020 21:53:10 GMT
server
Microsoft-IIS/10.0
age
231187
x-served-by
cache-hhn4060-HHN
vary
Accept-Encoding,Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
content-encoding
gzip
cache-control
max-age=604800
accept-ranges
bytes
x-timer
S1608405295.619069,VS0,VE0
content-length
2049
x-cache-hits
30413
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=17440561&ns__t=1608405294597&ns_c=UTF-8&cv=3.5&c8=malware%20-%20A%20compromised%20USB%20-%20Information%20Security%20Stack%20Exchange&c7=https%3A%2F%2Fsec...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=17440561&ns__t=1608405294597&ns_c=UTF-8&cv=3.5&c8=malware%20-%20A%20compromised%20USB%20-%20Information%20Security%20Stack%20Exchange&c7=https%3A%2F%2Fse...
0
528 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=17440561&ns__t=1608405294597&ns_c=UTF-8&cv=3.5&c8=malware%20-%20A%20compromised%20USB%20-%20Information%20Security%20Stack%20Exchange&c7=https%3A%2F%2Fsecurity.stackexchange.com%2Fquestions%2F97689%2Fa-compromised-usb&c9=&cs_ak_ss=1
Requested by
Host: security.stackexchange.com
URL: https://security.stackexchange.com/questions/97689/a-compromised-usb
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.238.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-238-139.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 19 Dec 2020 19:14:54 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=2&c2=17440561&ns__t=1608405294597&ns_c=UTF-8&cv=3.5&c8=malware%20-%20A%20compromised%20USB%20-%20Information%20Security%20Stack%20Exchange&c7=https%3A%2F%2Fsecurity.stackexchange.com%2Fquestions%2F97689%2Fa-compromised-usb&c9=&cs_ak_ss=1
Pragma
no-cache
Date
Sat, 19 Dec 2020 19:14:54 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-108242619-5&cid=109140531.1608405295&jid=604589157&gjid=408402577&_gid=1815926100.1608405295&_u=aGBAAAAAEAAAAC~&z=1979986068
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sat, 19 Dec 2020 19:14:54 GMT
content-type
text/plain
access-control-allow-origin
https://security.stackexchange.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_2020120801.js
securepubads.g.doubleclick.net/gpt/ 		274 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120801.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
sffe /
Resource Hash
5f02981bfcab6807a15ddfea1babc7cee05cd0f1f59abe712928de44fb6c1f0d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 08 Dec 2020 09:42:29 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
98829
x-xss-protection
0
expires
Sat, 19 Dec 2020 19:14:54 GMT
integrator.js
adservice.google.pl/adsid/ 		109 B
803 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.pl/adsid/integrator.js?domain=security.stackexchange.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 19 Dec 2020 19:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
803 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=security.stackexchange.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 19 Dec 2020 19:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		491 B
299 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2958753747756566&correlator=2476574822898703&output=ldjh&impl=fif&eid=21067995&vrg=2020120801&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201219&iu_parts=248424177%2Csecurity.stackexchange.com%2Clb%2Cquestion-pages&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=728x90&cust_params=Registered%3Dfalse%26ron-tag%3Dmalware%252Cusb%26Community%3Dtrue%26NumberOfAnswers%3D2%26Sidebar%3DRight&cookie_enabled=1&bc=31&abxe=1&lmt=1608405294&dt=1608405294920&dlt=1608405294086&idt=809&frm=20&biw=1600&bih=1200&oid=3&adxs=356&adys=443&adks=121869568&ucis=1&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurity.stackexchange.com%2Fquestions%2F97689%2Fa-compromised-usb&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x0&msz=728x90&ga_vid=109140531.1608405295&ga_sid=1608405295&ga_hid=1962303548&fws=128&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120801.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
476905032893ea5384e624da22ef977177a17ecd99df453d84fd5cba1c281b28
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:55 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
256
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://security.stackexchange.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
c1075e7485c175f378c3dc63de652a26.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://c1075e7485c175f378c3dc63de652a26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
ads
securepubads.g.doubleclick.net/gampad/ 		6 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2958753747756566&correlator=2476574822898703&output=ldjh&impl=fif&eid=21067995&vrg=2020120801&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201219&iu_parts=248424177%2Csecurity.stackexchange.com%2Csb%2Cquestion-pages&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250%7C300x600&cust_params=Registered%3Dfalse%26ron-tag%3Dmalware%252Cusb%26Community%3Dtrue%26NumberOfAnswers%3D2%26Sidebar%3DRight&cookie_enabled=1&bc=31&abxe=1&lmt=1608405294&dt=1608405294927&dlt=1608405294086&idt=809&frm=20&biw=1600&bih=1200&oid=3&adxs=1108&adys=705&adks=581683589&ucis=2&ifi=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurity.stackexchange.com%2Fquestions%2F97689%2Fa-compromised-usb&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x0&msz=300x250&ga_vid=109140531.1608405295&ga_sid=1608405295&ga_hid=1962303548&fws=128&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120801.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
b93365e37f025a0470645fa0f8168927553368a8b8c6af532343be07afd9c9bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:55 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3328
x-xss-protection
0
google-lineitem-id
5510478376
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138329937645
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://security.stackexchange.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		31 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2958753747756566&correlator=2476574822898703&output=ldjh&impl=fif&eid=21067995&vrg=2020120801&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201219&iu_parts=248424177%2Csecurity.stackexchange.com%2Cmlb%2Cquestion-pages&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=728x90&cust_params=Registered%3Dfalse%26ron-tag%3Dmalware%252Cusb%26Community%3Dtrue%26NumberOfAnswers%3D2%26Sidebar%3DRight&cookie_enabled=1&bc=31&abxe=1&lmt=1608405294&dt=1608405294931&dlt=1608405294086&idt=809&frm=20&biw=1600&bih=1200&oid=3&adxs=356&adys=1489&adks=2972933392&ucis=3&ifi=3&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurity.stackexchange.com%2Fquestions%2F97689%2Fa-compromised-usb&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x0&msz=728x90&ga_vid=109140531.1608405295&ga_sid=1608405295&ga_hid=1962303548&fws=128&ohw=0&btvi=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120801.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
c04ffd436452948469d68c6c832ff9c37fc061cc577467aac24619f7b36e358e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:55 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11529
x-xss-protection
0
google-lineitem-id
5552261444
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138332644964
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://security.stackexchange.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
c1075e7485c175f378c3dc63de652a26.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame DBCD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://c1075e7485c175f378c3dc63de652a26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120801.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
c1075e7485c175f378c3dc63de652a26.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-37/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
2973
date
Sat, 19 Dec 2020 19:14:54 GMT
expires
Sun, 19 Dec 2021 19:14:54 GMT
last-modified
Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
1
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c1c9310eb6a56101c2133db372cfbe9cefb5ff6b90a02ded916984c975b813b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1607690616793149"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28334
x-xss-protection
0
expires
Sat, 19 Dec 2020 19:14:55 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		8 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020120801&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2645101ffa7e4cd342a3ceb84ec5d873aad03ac6468070c734b9516eac5bfb20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 19 Dec 2020 19:14:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
6525
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120801.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 19 Dec 2020 19:14:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1603823857801521"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6015
x-xss-protection
0
expires
Sat, 19 Dec 2020 19:14:55 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 240A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/219/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
4867
date
Sat, 19 Dec 2020 18:37:36 GMT
expires
Sun, 19 Dec 2021 18:37:36 GMT
last-modified
Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
2239
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_204
pagead2.googlesyndication.com/pagead/ 		0
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gpt_2020120801&jk=2958753747756566&bg=!6uml6cnNAAXKjztBylgxD2pxS2bVrgIAAABtUgAAABFoAQcKAV3UA56F901vjhLUnqLHPQ2XOw44PJWBHGV1OkPVNcHBRAWRbBtAOr4HD403Om-qkaMlLHLGmJsRGHVwYu_YmTSzp_zM7_XQHWBauSMOpCOWKjWueOC5IaroktILksA6kH-tDljYDkcaaVgY5Qcpt6xf1FdjEqpRf0qr8Qjq6vWjQr4X8AwunVYnS_C2chAU3vbGs4P-Q7qN3YdzaB74UD9ptcXuf7gifuDckCOBN6p9hE7J7E7mqQUEpPbRnGdSXbacGiKaFtz8gzj1eskuiBO6Ci7PJlQ63i77L1ZKAoy6g_dwfZv7_JeEx6f7UFJG9gGHTeh7m3YBaO6tYGiZYj1zPbiIP2IDZ7c1BsZDIPlW34CHqX3Q6FJ5cLlWaKt83pjACO2APlsBHyoq_Gz9zUg3ZCPFmxh4icepcwXJtVbNfsJ7y2BjNRK7rCu0lnFYteNrT37Q3OudU9E5mxYhmQHDNfBDaG7RJV5vC52BpHq95nsgcCf_J0UCMMdkcGVjmWW5KF6FzyttL0tnB-J5gJ5KF78_1oul0rlS2m1oIuK3ZOwGJ-iQAn0r4S7U5Gr3LwMkitn7yqyKJprl4BbLGvrntc-koUETqjDfPutzmc-UaSuYRUzYq2sQjMCn43hlDmGsxG09YuTafk7uEchJNvowlk-Um2OpeZ8iig8Vb_p6cj6ZKvB3JwxsZ2TsqXkPo7T6F_xJiC1p9CaCTPlu2dD8EH4U83FDAs3S7pN_hWKLVT1NxAQYF_IjI_oDfqwhzkHysuWc92xYXd_xU0YEFXgMrH2-0LaPwwirMHemoT2GA5cdy69FBdOKpRUcucWyU85_3wpITQgsXzzNKvc8XLINBRtJKV_EbViGlYiyvZx81w1uuIJjmhReuXYJr7QMYHJEMUx5s4OWh5nl6tbN_ksZ9KRd7j4afnEY0BiUBKGyAfRpMG5lKbwF1OR4dmH6JU8dWHhs7-eDcdAIEOmSJvsTb0omK-BWyu5gaAymD7BBvjtomaPs5Vqz6nGYJVWRYrhQHx4lMa4nUPm0GiDZQkuGC7VqWfibGmTcMBWRsnlDxl8eWA
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://security.stackexchange.com/questions/97689/a-compromised-usb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 19 Dec 2020 19:14:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

71 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| IsMalwareProxy object| StackExchange object| jQuery112406594679968154136 object| clc object| googletag object| _qevents object| _comscore string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins function| quantserve function| __qc object| ezt object| _qoptions function| qtrack function| moveScroller function| initTagRenderer function| showFadingHelpText function| initFadingHelpText function| styleCode object| UniversalAuth object| StackOverflow function| Svg function| __extends function| __spreadArrays object| Stacks function| EventEmitter function| klass object| Stimulus object| Popper function| tagRendererRaw function| tagRenderer object| gaGlobal object| gaData function| udm_ object| ns_p object| COMSCORE object| ggeac object| google_js_reporting_queue function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken number| __google_ad_urls_id number| google_unique_id object| __google_ad_urls boolean| google_osd_loaded boolean| google_onload_fired object| ampInaboxIframes object| ampInaboxPendingMessages function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| GoogleGcLKhOms object| google_image_requests

1 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com
Strict-Transport-Security max-age=15552000
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.pl
ajax.googleapis.com
c1075e7485c175f378c3dc63de652a26.safeframe.googlesyndication.com
cdn.sstatic.net
graph.facebook.com
pagead2.googlesyndication.com
pixel.quantserve.com
rules.quantcount.com
sb.scorecardresearch.com
secure.quantserve.com
securepubads.g.doubleclick.net
security.stackexchange.com
stats.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.googletagservices.com
www.gravatar.com
104.111.238.139
151.101.65.69
172.217.23.98
2600:9000:2204:b600:6:44e3:f8c0:93a1
2620:116:800d:21:f916:5049:f87f:108e
2a00:1450:4001:803::2002
2a00:1450:4001:808::2001
2a00:1450:4001:809::200e
2a00:1450:4001:814::200a
2a00:1450:4001:81d::2001
2a00:1450:4001:81f::2002
2a00:1450:400c:c0c::9c
2a03:2880:f01c:800e:face:b00c:0:2
2a04:fa87:fffe::c000:4902
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0a30d4caba59f2c2be55b5e2c3dd6d8f47b0b74f4fb20be2fe76822d16384062
160d7cb4a27a4c736b874d5db0462a0b1e3c8af6de12d8978f0089416ef47a2d
17acfafdbafd9cbd49ba277430e09d3516cfd3d84e9741889b825bc702cfa1b1
1e8734f7c2580b1d9e60520c9db5f2bc2ff1ae3c5572ef80db61440c31341835
2645101ffa7e4cd342a3ceb84ec5d873aad03ac6468070c734b9516eac5bfb20
299a4fbec2636ab35f7cbd3a19bc659635c79b9f28bea6af49571ef2637d0f1d
2a9855571bbb6cd14a072440287014799e0f1b31b372be2590e2def8da6f5377
30b97dc4cfd3062f2a2065d1e1b4b10a7b03f40c1aeb3422133060f01f6877db
3907562e54f3eafa77ab0e4a3a8ddaba3f5452f12ee844e569d395d53360d8ba
3a2703d9e9b2b4fe6436a89b9720cebe354cc4d4c2d00a643cdd3b25a1459459
437afd9de21717c919be3f40f686b33170f2447dc03ded0fc00ac0cc41839854
476905032893ea5384e624da22ef977177a17ecd99df453d84fd5cba1c281b28
54ad6053e519325b9b5be0450251d68ff8191be7c5fca40cd9c0dcee997a55dc
5a2bb6387c7fd815985ad2e1383b1ac929d631e35c5bbf26d0339f8ede682aa1
5d4ebda19952d94be990117f466bd755e798c61b2c868687aaabb3b60368360e
5f02981bfcab6807a15ddfea1babc7cee05cd0f1f59abe712928de44fb6c1f0d
5f5b8052ca8a15f1c2f0248f38d29dcba23b82fe0df182b595d772f80fd4a7c0
62d4d42970da4977a71912dea3857ed3baee6d7f4ea7ea7564e1c892ed71e5d7
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
b7d203394370a1c0ab5f6f886e44ae1b112a6f3ae2fcc6b9ccb21bd84c988b22
b93365e37f025a0470645fa0f8168927553368a8b8c6af532343be07afd9c9bf
c04ffd436452948469d68c6c832ff9c37fc061cc577467aac24619f7b36e358e
c1c9310eb6a56101c2133db372cfbe9cefb5ff6b90a02ded916984c975b813b2
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cdd3b91333017ea8cfb6c95a71cb5d7b806345f6b81057775b0900a8eed1291d
d2acb71750daca2f12a10be625f42849783c8f1bb382bb793c0285e106fb39c6
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e9cf43afad0cd90d17eb4e1dd9fbd5e8bd2cf07ace134853680e06dcc1ef5ef1