www.coveware.com Open in urlscan Pro
198.185.159.144 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Effective URL:
https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Submission: On March 17 via manual (March 17th 2023, 1:48:37 pm UTC) from US — Scanned from DE

Summary HTTP 51 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 21 IPs in 3 countries across 16 domains to perform 51 HTTP transactions. The main IP is 198.185.159.144, located in United States and belongs to SQUARESPACE, US. The main domain is www.coveware.com.
TLS certificate: Issued by R3 on February 6th 2023. Valid for: 3 months.

This is the only time www.coveware.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	198.185.159.145 198.185.159.145	53831 (SQUARESPACE) (SQUARESPACE)
7	198.185.159.144 198.185.159.144	53831 (SQUARESPACE) (SQUARESPACE)
7	2a02:26f0:480... 2a02:26f0:480:e::210:f10f	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
12	151.101.0.237 151.101.0.237	54113 (FASTLY) (FASTLY)
2	151.101.0.238 151.101.0.238	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	151.101.192.238 151.101.192.238	54113 (FASTLY) (FASTLY)
1	2606:4700:20:... 2606:4700:20::ac43:4b97	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
51	21

1 198.185.159.145 (United States) 1 redirects

ASN53831 (SQUARESPACE, US)

www.coveware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 198.185.159.144 (United States)

ASN53831 (SQUARESPACE, US)

www.coveware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:480:e::210:f10f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 151.101.0.237 (United States)

ASN54113 (FASTLY, US)

assets.squarespace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.0.238 (United States)

ASN54113 (FASTLY, US)

static1.squarespace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.192.238 (United States)

ASN54113 (FASTLY, US)

images.squarespace-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4b97 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.squarewebsites.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	squarespace.com assets.squarespace.com — Cisco Umbrella Rank: 5297 static1.squarespace.com — Cisco Umbrella Rank: 5101	1 MB
8	coveware.com 1 redirects www.coveware.com	321 KB
7	typekit.net use.typekit.net — Cisco Umbrella Rank: 413 p.typekit.net — Cisco Umbrella Rank: 542	241 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 108 graph.facebook.com — Cisco Umbrella Rank: 132	911 B
3	gstatic.com www.gstatic.com fonts.gstatic.com	254 KB
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 32 stats.g.doubleclick.net — Cisco Umbrella Rank: 76	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 25	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 147	136 KB
2	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 42	94 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34 ajax.googleapis.com — Cisco Umbrella Rank: 305	32 KB
1	linkedin.com www.linkedin.com — Cisco Umbrella Rank: 564
1	google.de www.google.de — Cisco Umbrella Rank: 6069	455 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 337	2 KB
1	squarewebsites.org assets.squarewebsites.org — Cisco Umbrella Rank: 44142	32 KB
1	squarespace-cdn.com images.squarespace-cdn.com — Cisco Umbrella Rank: 4192	60 KB
51	16

	Domain	Requested by
12	assets.squarespace.com	www.coveware.com assets.squarespace.com
8	www.coveware.com	1 redirects www.coveware.com assets.squarespace.com ajax.googleapis.com
6	use.typekit.net	www.coveware.com
2	www.facebook.com	www.coveware.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	fonts.gstatic.com	fonts.googleapis.com
2	connect.facebook.net	www.coveware.com connect.facebook.net
2	www.google.com	www.coveware.com
2	www.googletagmanager.com	www.coveware.com
2	static1.squarespace.com	www.coveware.com
1	p.typekit.net	www.coveware.com
1	www.linkedin.com	assets.squarespace.com
1	graph.facebook.com	assets.squarespace.com
1	www.google.de	www.coveware.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	www.gstatic.com	www.google.com
1	cdn.jsdelivr.net	www.coveware.com
1	assets.squarewebsites.org	www.coveware.com
1	images.squarespace-cdn.com	www.coveware.com
1	ajax.googleapis.com	www.coveware.com
1	fonts.googleapis.com	www.coveware.com
51	22

This site contains links to these domains. Also see Links.

Domain
www.bloomberg.com
securitytoday.com
www.zdnet.com
www.facebook.com
twitter.com
www.linkedin.com
www.reddit.com

Subject Issuer	Validity	Valid
www.coveware.com R3	`2023-02-06` - `2023-05-07`	3 months	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.squarespace.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-01` - `2024-02-29`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.squarespace-cdn.com R3	`2023-02-05` - `2023-05-06`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-13` - `2023-06-13`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-10` - `2023-03-24`	2 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-03-07` - `2023-09-07`	6 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Frame ID: 95D1F8818D20AC5E007DA142526DBEEE
Requests: 50 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: E4F200FFA8CBEA58FC4A797B2563D335
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Phantom Incident Scam Threatens Release of Corporate PII

Page URL History Show full URLs

http://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corpora... HTTP 301
https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corpora... Page URL

Detected technologies

Squarespace (CMS) Expand

Overall confidence: 100%
Detected patterns

Squarespace Commerce (Ecommerce) Expand

Overall confidence: 100%
Detected patterns

assets\.squarespace\.\w+/universal/scripts-compressed/commerce-\w+-min\.[\w+\-]+\.js

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

51
Requests

100 %
HTTPS

77 %
IPv6

16
Domains

22
Subdomains

21
IPs

3
Countries

2405 kB
Transfer

8794 kB
Size

13
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data
Title: Uber demonstrated

Search URL Search Domain Scan URL

URL: https://securitytoday.com/articles/2018/07/17/the-average-cost-of-a-data-breach.aspx
Title: $4 million average cost of a data breach

Search URL Search Domain Scan URL

URL: https://www.zdnet.com/article/the-average-ddos-attack-cost-for-businesses-rises-to-over-2-5m/
Title: average cost of a corporate DDOS attack

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.coveware.com%2Fblog%2F2019%2F11%2F19%2Fphantom-incident-extortion-scam-threatens-release-of-corporate-pii
Title: Facebook0

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.coveware.com%2Fblog%2F2019%2F11%2F19%2Fphantom-incident-extortion-scam-threatens-release-of-corporate-pii&text=Several+new+types+of+Phantom+Incident+Scams+are+trying+to+extort+...
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&source=Coveware%3A+Ransomware+Recovery+First+Responders&summary=Several+new+types+of+Phantom+Incident+Scams+are+trying+to+extort+...&url=https%3A%2F%2Fwww.coveware.com%2Fblog%2F2019%2F11%2F19%2Fphantom-incident-extortion-scam-threatens-release-of-corporate-pii
Title: LinkedIn0

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Fwww.coveware.com%2Fblog%2F2019%2F11%2F19%2Fphantom-incident-extortion-scam-threatens-release-of-corporate-pii
Title: Reddit

Search URL Search Domain Scan URL

URL: https://twitter.com/coveware

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/coveware/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii HTTP 301
https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

51 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request phantom-incident-extortion-scam-threatens-release-of-corporate-pii Show response
www.coveware.com/blog/2019/11/19/
Redirect Chain

http://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

109 KB
30 KB

331ms
135ms

Document
text/html

198.185.159.144
SQUARESPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.185.159.144 , United States, ASN53831 (SQUARESPACE, US),

Reverse DNS

Software

Squarespace /

Resource Hash

74af9f9a9fc8e8e535d843f8929e31fd2990d885fd1b3d5e82b518eea386c076

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 18855
content-encoding: gzip
content-length: 30359
content-type: text/html;charset=utf-8
date: Fri, 17 Mar 2023 08:34:17 GMT
etag: W/"83bc22b7fe04f6098e1df8a7b1038d94--gzip"
expires: Thu, 01 Jan 1970 00:00:00 GMT
server: Squarespace
strict-transport-security: max-age=43200
vary: Accept-Encoding
x-content-type-options: nosniff
x-contextid: R06fTZVC/YO6MojF6
x-frame-options: SAMEORIGIN

Redirect headers

Age: 0
Content-Length: 0
Date: Fri, 17 Mar 2023 13:48:32 GMT
Location: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Server: Squarespace
X-Contextid: lCVKRWro/r8sdYTr1

GET
H2 200 dgcC_FNqPkHqUeuajPVNExn9qjO5jscqCZBIxerGWCbfe0t2fFHN4UJLFRbh52jhWDmyjRIhFQStZQ4RjhbUw26o52qaFRIa5gnNMKG0jAFu-WsoShFGZAsude80ZkoRdhXCHKoyjamTiY8Djhy8ZYmC-Ao1Oco8if37OcBDOcu8OfG0jhNhZWiySc9lZemldkoDS... Show response
use.typekit.net/ik/ 17 KB
7 KB 82ms
14ms Script
text/javascript 2a02:26f0:480:e::210:f10f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/ik/dgcC_FNqPkHqUeuajPVNExn9qjO5jscqCZBIxerGWCbfe0t2fFHN4UJLFRbh52jhWDmyjRIhFQStZQ4RjhbUw26o52qaFRIa5gnNMKG0jAFu-WsoShFGZAsude80ZkoRdhXCHKoyjamTiY8Djhy8ZYmC-Ao1Oco8if37OcBDOcu8OfG0jhNhZWiySc9lZemldkoDSWmyScmDSeBRZPoRdhXCHKoDSWmyScmDSeBRZWFR-emqiAUTdcS0jhNlOeBRiA8XpWFR-emqiAUTdcS0jhNlOeBRiA8XpWFR-emqiAUTdcS0dcmXOeBDOcu8OeFzicmajW48OAs8dAv0SaBujW48Sagyjh90jhNlOeFzicmajW48OcFzdPUCdhFydeyzSabCSaBujW48SagyjhmDjhy8ZYmC-Ao1OcFzdPUaiaS0jAFu-WsoShFGZAsude80ZkoRdhXCiaiaOcBRiA8XpWFR-emqiAUTdcS0dcmXOYiaikoySkolZPUaiaS0jhNhZWiySc9lZemldkoDSWmyScmDSeBRZPoRdhXCiaiaOcFzicmajW48OcFzdPUaiaS0SaBujW48SagyjhmDjhy8ZYmC-Ao1OcFzdPJ4Z1mXiW4yOWgXH6qJy89bMg62JMJ7fbKImsMMeMb6MKG4fVN9IMMjgPMfH6qJ6m9bMg6YJMJ7fbKfmsMMegI6MTMgx5Lbrb9.js

Requested by

Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:e::210:f10f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

ef96ebaf8382b871362555060222e31e43820a42c2c89c905eb43c38ae3f295f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Fri, 17 Mar 2023 13:48:33 GMT
server: nginx
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6763

GET
H2 200 css2
fonts.googleapis.com/ 16 KB
1 KB 86ms
20ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400;1,700

Requested by

Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e07b1b58374998ee270804d18cd4c13458e11b301d78e75527b743a33d7c9cb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 17 Mar 2023 13:48:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 17 Mar 2023 13:48:33 GMT

GET
H2 200 modern.js Show response
assets.squarespace.com/@sqs/polyfiller/1.6/ 115 KB
42 KB 74ms
10ms Script
text/javascript 151.101.0.237
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.squarespace.com/@sqs/polyfiller/1.6/modern.js
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.237 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 54e832663426c696b1f603379026e5e15720e8c812bbbc60d63aa2ad8a479f75

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 1, 28977
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 8622548
x-cache: HIT, HIT
content-length: 42447
x-served-by: cache-iad-kiad7000176-IAD, cache-fra-eddf8230133-FRA
last-modified: Mon, 31 Oct 2022 21:19:57 GMT
server: UploadServer
x-timer: S1679060913.023277,VS0,VE0
etag: "fe0d53a94823df972dbf107bf190771a"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 18:39:24 GMT

GET
H2 200 extract-css-runtime-fd345d8da259ebb2b7fd8-min.en-US.js Show response
assets.squarespace.com/universal/scripts-compressed/ 47 KB
16 KB 85ms
21ms Script
text/javascript 151.101.0.237
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.squarespace.com/universal/scripts-compressed/extract-css-runtime-fd345d8da259ebb2b7fd8-min.en-US.js
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.237 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: a0611a1a9857a4de84597bf85e3f05daa617698be9da89ba33925cf959705f59

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 37, 2521
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
age: 59853
x-cache: HIT, HIT
content-length: 16100
x-served-by: cache-iad-kjyo7100133-IAD, cache-fra-eddf8230133-FRA
last-modified: Thu, 16 Mar 2023 21:01:56 GMT
server: UploadServer
x-timer: S1679060913.023837,VS0,VE0
etag: "7a09e9ca2de91cf14c004d0e921c7e35"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 21:10:58 GMT

GET
H2 200 extract-css-moment-js-vendor-5082e2dab696b020ac83a-min.en-US.js Show response
assets.squarespace.com/universal/scripts-compressed/ 575 KB
86 KB 85ms
22ms Script
text/javascript 151.101.0.237
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.squarespace.com/universal/scripts-compressed/extract-css-moment-js-vendor-5082e2dab696b020ac83a-min.en-US.js
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.237 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: a59acd7a8cbaf68d5d628ac09c501f01a2f3f42c9affa8f3d101f2860d1cc3f7

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 1, 25941
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
age: 10009477
x-cache: HIT, HIT
content-length: 87950
x-served-by: cache-iad-kiad7000031-IAD, cache-fra-eddf8230133-FRA
last-modified: Mon, 21 Nov 2022 16:44:05 GMT
server: UploadServer
x-timer: S1679060913.023782,VS0,VE0
etag: "c790849e8518999c8594a0bbb6597784"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 21 Nov 2023 17:23:55 GMT

GET
H2 200 cldr-resource-pack-56fdc0b6309d3f37f75e8-min.en-US.js Show response
assets.squarespace.com/universal/scripts-compressed/ 119 KB
18 KB 122ms
61ms Script
text/javascript 151.101.0.237
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.squarespace.com/universal/scripts-compressed/cldr-resource-pack-56fdc0b6309d3f37f75e8-min.en-US.js
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.237 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 8b5cef272f73912c45d8b2ee7d7ae55cb21eebb61f68c95f75c5391fa3d06533

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 8, 29255
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
age: 1962231
x-cache: HIT, HIT
content-length: 18299
x-served-by: cache-iad-kiad7000155-IAD, cache-fra-eddf8230133-FRA
last-modified: Wed, 22 Feb 2023 20:39:09 GMT
server: UploadServer
x-timer: S1679060913.023946,VS0,VE0
etag: "39277ff9e8d70b66e41abc81da6970da"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 22 Feb 2024 20:44:40 GMT

GET
H2 200 common-vendors-stable-dade9d616ff90ebf99b1d-min.en-US.js Show response
assets.squarespace.com/universal/scripts-compressed/ 240 KB
69 KB 121ms
61ms Script
text/javascript 151.101.0.237
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.squarespace.com/universal/scripts-compressed/common-vendors-stable-dade9d616ff90ebf99b1d-min.en-US.js
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.237 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: f7933255ef71246aa324ac4ef34fa6608f9cd5b085734815cc4db3db5a0d28db

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 29, 26145
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
age: 673993
x-cache: HIT, HIT
content-length: 70760
x-served-by: cache-iad-kiad7000065-IAD, cache-fra-eddf8230133-FRA
last-modified: Thu, 09 Mar 2023 18:20:16 GMT
server: UploadServer
x-timer: S1679060913.024233,VS0,VE0
etag: "d18d11dd61d45a06e89c66058749efda"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Mar 2024 18:35:20 GMT

GET
H2 200 common-vendors-77853e7960856b0973083-min.en-US.js Show response
assets.squarespace.com/universal/scripts-compressed/ 735 KB
165 KB 114ms
62ms Script
text/javascript 151.101.0.237
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.squarespace.com/universal/scripts-compressed/common-vendors-77853e7960856b0973083-min.en-US.js
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.237 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 01ecdaa12ccc33c2022d962845fafbf2daa80a559b52e70465436b54bbf17cea

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 16, 4026
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
age: 147239
x-cache: HIT, HIT
content-length: 169162
x-served-by: cache-iad-kjyo7100084-IAD, cache-fra-eddf8230133-FRA
last-modified: Wed, 15 Mar 2023 20:15:27 GMT
server: UploadServer
x-timer: S1679060913.024318,VS0,VE0
etag: "eb7ef3481b677f98ed692771754134da"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 20:54:34 GMT

GET
H2 200 common-cf6d3ad731097a07c3893-min.en-US.js Show response
assets.squarespace.com/universal/scripts-compressed/ 2 MB
375 KB 112ms
61ms Script
text/javascript 151.101.0.237
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.squarespace.com/universal/scripts-compressed/common-cf6d3ad731097a07c3893-min.en-US.js
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.237 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: ca7e977e5229b10b77641c5310ce3cd34e85b7bf4d824e2f1630f9048628d5c6

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 6, 2219
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
age: 67155
x-cache: HIT, HIT
content-length: 383556
x-served-by: cache-iad-kcgs7200022-IAD, cache-fra-eddf8230133-FRA
last-modified: Thu, 16 Mar 2023 19:04:23 GMT
server: UploadServer
x-timer: S1679060913.024253,VS0,VE0
etag: "e8e295c1e59c357abc7c95c0fafb15fa"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 19:09:18 GMT

GET
H2 200 commerce-c2827eb98afc78eb065cd-min.en-US.js Show response
assets.squarespace.com/universal/scripts-compressed/ 814 KB
195 KB 111ms
62ms Script
text/javascript 151.101.0.237
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.squarespace.com/universal/scripts-compressed/commerce-c2827eb98afc78eb065cd-min.en-US.js
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.237 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 4e228b98c23016425ff3c09f7de4e1de57424d8dac96dab463ca4e386f532d6b

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 3, 144
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
age: 67155
x-cache: HIT, HIT
content-length: 199838
x-served-by: cache-iad-kjyo7100179-IAD, cache-fra-eddf8230133-FRA
last-modified: Thu, 16 Mar 2023 18:53:04 GMT
server: UploadServer
x-timer: S1679060913.024617,VS0,VE0
etag: "10fe8eb3ec123db6671b3b821eaefdb1"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 19:09:18 GMT

GET
H2 200 commerce-42e904b2189a7c1684dd6-min.en-US.css
assets.squarespace.com/universal/styles-compressed/ 17 KB
6 KB 60ms
11ms Stylesheet
text/css 151.101.0.237
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.squarespace.com/universal/styles-compressed/commerce-42e904b2189a7c1684dd6-min.en-US.css
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.237 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 5291859d1d01fb7a948ac16a4aa17c04302165bff70b6d4812fb9f578143996a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 1, 13386
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
age: 12812145
x-cache: HIT, HIT
content-length: 5876
x-served-by: cache-iad-kiad7000026-IAD, cache-fra-eddf8230124-FRA
last-modified: Mon, 27 Jun 2022 22:26:21 GMT
server: UploadServer
x-timer: S1679060913.023298,VS0,VE0
etag: "85a7cc56146c243a55ebf967516af1b7"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 20 Oct 2023 06:52:48 GMT

GET
H2 200 performance-75d8131bcea4a489bbd4f-min.en-US.js Show response
assets.squarespace.com/universal/scripts-compressed/ 244 KB
53 KB 10ms
8ms Script
text/javascript 151.101.0.237
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.squarespace.com/universal/scripts-compressed/performance-75d8131bcea4a489bbd4f-min.en-US.js
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.237 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: fbdbe7e9d0e771fca844068344b8c52ba54f043a0ab2c74748208e4af2407d16

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 22, 11181
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
age: 673993
x-cache: HIT, HIT
content-length: 53512
x-served-by: cache-iad-kiad7000164-IAD, cache-fra-eddf8230133-FRA
last-modified: Thu, 09 Mar 2023 18:20:15 GMT
server: UploadServer
x-timer: S1679060914.535445,VS0,VE0
etag: "fbd5ce202328e935a1fad4c7c3fcd434"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Mar 2024 18:35:20 GMT

GET
H2 200 site.css
static1.squarespace.com/static/sitecss/5ab16578e2ccd10898976178/1156/55f0aac0e4b0f0a5b7e0b22e/5b609cf48a922d3f43d100d1/349/ 1005 KB
98 KB 55ms
22ms Stylesheet
text/css 151.101.0.238
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://static1.squarespace.com/static/sitecss/5ab16578e2ccd10898976178/1156/55f0aac0e4b0f0a5b7e0b22e/5b609cf48a922d3f43d100d1/349/site.css

Requested by

Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.238 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Squarespace /

Resource Hash

d7cb0b0f191b18a363f12ebbb0eae0b54c5660f4dc296f31cc19a5a9805eec69

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 46, 1
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 varnish, 1.1 varnish
age: 295992
x-cache: HIT, HIT
x-contextid: ak22gTwR/SwO9zGmD
content-length: 100002
x-served-by: cache-dfw-kdfw8210048-DFW, cache-fra-eddf8230040-FRA
pragma: cache
server: Squarespace
x-timer: S1679060913.050590,VS0,VE2
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=94608000
accept-ranges: bytes
timing-allow-origin: *
tracepoint: Fastly

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 131 KB
51 KB 60ms
34ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-799277872

Requested by

Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

135a9a67703a16a1700806ee264015aacd35e864a6eccdee0484cc61f1309ca2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51588
x-xss-protection: 0
last-modified: Fri, 17 Mar 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 17 Mar 2023 13:48:33 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 87 KB
31 KB 287ms
253ms Script
text/javascript 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 10:02:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99975
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31017
x-xss-protection: 0
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 10:02:18 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
874 B 270ms
238ms Script
text/javascript 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e8541d6ca2ec496ef20ce369b49574983997543cc150f1d6f756f3b56019a4f4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 554
x-xss-protection: 1; mode=block
expires: Fri, 17 Mar 2023 13:48:33 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 63ms
36ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-119192266-1

Requested by

Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3e562f8b917cb37bafe180af15478425b13ee7d3331d4e8148c72a1cc8839b76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44654
x-xss-protection: 0
last-modified: Fri, 17 Mar 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 17 Mar 2023 13:48:33 GMT

GET
H2 200 coveware_banner.png
images.squarespace-cdn.com/content/v1/5ab16578e2ccd10898976178/1524678956216-R496TJD9OIGMY0CH4K94/ 59 KB
60 KB 182ms
11ms Image
image/png 151.101.192.238
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.squarespace-cdn.com/content/v1/5ab16578e2ccd10898976178/1524678956216-R496TJD9OIGMY0CH4K94/coveware_banner.png?format=1500w
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.192.238 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7b944c6fd5b53c7ab1b83a3ee5bff758cadd2081365eb4b8b127f4c61253674d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 134, 1
date: Fri, 17 Mar 2023 13:48:33 GMT
via: 1.1 google, 1.1 varnish, 1.1 varnish
age: 25694
x-cache: HIT, HIT
content-length: 60927
x-served-by: cache-iad-kjyo7100076-IAD, cache-hhn-etou8220041-HHN
x-timer: S1679060914.706625,VS0,VE2
etag: CJunz4zdxOsCEAE=
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Timing-Allow-Origin
cache-control: max-age=604800
accept-ranges: bytes
timing-allow-origin: *
tracepoint: Fastly

GET
H2 200 site-bundle.js Show response
static1.squarespace.com/static/ta/55f0a9b0e4b0f3eb70352f6d/349/scripts/ 133 KB
42 KB 19ms
18ms Script
application/javascript 151.101.0.238
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://static1.squarespace.com/static/ta/55f0a9b0e4b0f3eb70352f6d/349/scripts/site-bundle.js

Requested by

Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.238 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Squarespace /

Resource Hash

44a6d323ae0ec00c95159c85576d24a810c333584da517505cd8bef888beb77a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 5113, 481
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 varnish, 1.1 varnish
age: 276576
x-cache: HIT, HIT
x-contextid: gj2kEUVS/5EnCA4vv
content-length: 42907
x-served-by: cache-dfw-kdfw8210137-DFW, cache-fra-eddf8230040-FRA
pragma: cache
server: Squarespace
x-timer: S1679060914.526258,VS0,VE0
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=94608000
accept-ranges: bytes
timing-allow-origin: *
tracepoint: Fastly

GET
H2 200 lazy-summaries.min.js Show response
assets.squarewebsites.org/lazy-summaries/ 112 KB
32 KB 183ms
141ms Script
application/x-javascript 2606:4700:20::ac43:4b97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.squarewebsites.org/lazy-summaries/lazy-summaries.min.js
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4b97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a89dea4e2217d0660176390cb483ea4be7b1fadffd27c872a1763fe99ee44ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
service-worker-allowed: /
last-modified: Fri, 03 Mar 2023 18:53:04 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W8DZtp2ChdXVaG0K7yBnOlfU%2FGAzZ1mXl7xo1PedYijIX0hPRfHhmfbZ1vA7Qilpu4Qx0JMisb3dJxi03COeg34lrsZyJK0BdQ9Kb9p%2FC7jiYDmfXTIiGOjfTbG1alMBYGz8DkcbiG7rkW1PQnaoqZ0LJ9AFGnk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, no-cache, must-revalidate, max-age=7200, s-maxage=7200, stale-if-error=600
x-turbo-charged-by: LiteSpeed
cf-ray: 7a95b1b5ccc2699f-FRA
platform: hostinger
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
x-robots-tag: noindex, noarchive, nosnippet
expires: Fri, 17 Mar 2023 14:18:33 GMT

GET
H2 200 UI_CSS_SEARCH.js Show response
cdn.jsdelivr.net/gh/joecorylabs/plugins/ 3 KB
2 KB 45ms
19ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/joecorylabs/plugins/UI_CSS_SEARCH.js

Requested by

Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4e51648b4dee156e40cbdf04e3e130b912ff231270c0b5fcc7f5c3e2c994534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 25743
x-jsd-version: master
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230064-FRA, cache-yyz4565-YYZ
x-jsd-version-type: branch
server: cloudflare
etag: W/"bf7-fE0usFxZZxKVsSugaroSbAZGQXw"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HMeRMIQw5QCLrZPnwoeUstUbGqDzjfNLiBe0udSsdeD6cbMuUK7dy828moSTgZ5RTJYiYx23A87ZV1ixnygBL3HfxhLn7G%2F2OLHxoigGZ5vYa%2BakYR5V%2B9jZ4bYotk4d%2Fp5hM%2BE%2BjmIGqJ%2BRzAo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7a95b1b5bb408ffe-FRA

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/ 407 KB
163 KB 34ms
9ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7758a4fd4f12e3dcce82f7ee68f926f28fad12d9073b88eced439b6a6fe12343

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 13 Mar 2023 16:41:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 335236
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 166267
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 02:02:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 12 Mar 2024 16:41:17 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 107 KB
28 KB 30ms
10ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0fca0294cfaf24a4db0852415eee7bcdea7b9766d59e443fb2d5f0c77eb23363

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 17 Mar 2023 13:48:33 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27907
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: cS33kM7pi4SPniFEdp3vM5jy1qKiq2drulWlkm2lQB0pdbj2uHeG9w8COcR48VQh4AOnyi4rKFkt1CnmVGwb3Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ui-icons.svg
www.coveware.com/assets/ 8 KB
8 KB 185ms
183ms Other
image/svg+xml 198.185.159.144
SQUARESPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.coveware.com/assets/ui-icons.svg

Requested by

Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.185.159.144 , United States, ASN53831 (SQUARESPACE, US),

Reverse DNS

Software

Squarespace /

Resource Hash

ded1e2af9a5d3937cc8d26fbb6d0212702f611ca62607c4eb3e7b4dc3b196d9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: cache
date: Thu, 16 Mar 2023 23:20:35 GMT
strict-transport-security: max-age=43200
x-content-type-options: nosniff
server: Squarespace
age: 52078
etag: W/"c584ca28c0d318c4be97d5f2fa1a4a28"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=94608000
x-contextid: R06fTZVC/8cmEKeLO
accept-ranges: bytes
content-length: 8459
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 social-accounts.svg
www.coveware.com/universal/svg/ 105 KB
105 KB 93ms
92ms Other
image/svg+xml 198.185.159.144
SQUARESPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.coveware.com/universal/svg/social-accounts.svg
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.185.159.144 , United States, ASN53831 (SQUARESPACE, US),
Reverse DNS
Software: Squarespace /
Resource Hash: 628a4b936040bd387e58c9dff075de75d3dcf5d29635b06f0362c8b36651f876

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: cache
date: Fri, 17 Mar 2023 13:47:52 GMT
surrogate-key: universal
last-modified: Thu, 16 Mar 2023 22:15:27 GMT
server: Squarespace
age: 40
etag: "d49a4c8afd502aa06d8ea512e01bb976"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-contextid: R06fTZVC/ZRnsNlTI
accept-ranges: bytes
timing-allow-origin: *
content-length: 107352
expires: Sun, 17 Mar 2024 10:26:32 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 44ms
8ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400;1,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 05:05:33 GMT
x-content-type-options: nosniff
age: 117780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 05:05:33 GMT

GET
H2 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v34/ 47 KB
47 KB 51ms
16ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400;1,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84161c46238fff2c6920ebc28f02cddd7b710cf3d1107853f540b084320f6afd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 17:32:46 GMT
x-content-type-options: nosniff
age: 591347
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47952
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:22:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Mar 2024 17:32:46 GMT

GET
H2 200 l
use.typekit.net/af/309dfe/000000000000000000010091/27/ 39 KB
40 KB 42ms
7ms Font
application/font-woff2 2a02:26f0:480:e::210:f10f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/309dfe/000000000000000000010091/27/l?subset_id=2&fvd=n7&v=3
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:e::210:f10f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: d76f8e42213513ab33c721c98a652b012ee11ff86efc7661ca19a344c4c117a8

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
server: nginx
etag: "78f589bb61056c7dc2c42601e2fd59aa96941141"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 40404

GET
H2 200 2406371312769603 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 60ms
59ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2406371312769603?v=2.9.98&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5c7f4bc25dea91cff52ba92dac7e1ffcd7b8b78212bd943c1a4593945bd1b9da

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 17 Mar 2023 13:48:33 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: gimaYJGUBvCDDpHJJeoAAHK6CTU5gFKzzAYuQSshhlHJPaRmFXYu8zR+d/1VtFB/deN4d+bUpXIywHf1vtOpzA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 39ms
8ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119192266-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 17 Mar 2023 13:19:33 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 1740
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Fri, 17 Mar 2023 15:19:33 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/799277872/ 3 KB
2 KB 80ms
55ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/799277872/?random=1679060913656&cv=11&fst=1679060913656&bg=ffffff&guid=ON&async=1&gtm=45be33f0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.coveware.com%2Fblog%2F2019%2F11%2F19%2Fphantom-incident-extortion-scam-threatens-release-of-corporate-pii&tiba=Phantom%20Incident%20Scam%20Threatens%20Release%20of%20Corporate%20PII&auid=1334266132.1679060914&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-799277872

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

665877c1c444a8fc1e8c525010be1227e5de44e5a992c2856e99cfe5cbe8c661

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1276
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 32ms
11ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2406371312769603&ev=PageView&dl=https%3A%2F%2Fwww.coveware.com%2Fblog%2F2019%2F11%2F19%2Fphantom-incident-extortion-scam-threatens-release-of-corporate-pii&rl=&if=false&ts=1679060913699&sw=1600&sh=1200&v=2.9.98&r=stable&a=plsquarespace&ec=0&o=30&cs_est=true&fbp=fb.1.1679060913698.2058000668&it=1679060913600&coo=false&rqm=GET

Requested by

Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 17 Mar 2023 13:48:33 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
208 B 17ms
16ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1173023244&t=pageview&_s=1&dl=https%3A%2F%2Fwww.coveware.com%2Fblog%2F2019%2F11%2F19%2Fphantom-incident-extortion-scam-threatens-release-of-corporate-pii&ul=en-us&de=UTF-8&dt=Phantom%20Incident%20Scam%20Threatens%20Release%20of%20Corporate%20PII&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1744455942&gjid=593193730&cid=1654748620.1679060914&tid=UA-119192266-1&_gid=561283065.1679060914&_r=1&gtm=457e33f0&did=dZjQwMz&gdid=dZjQwMz&z=323991435

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.coveware.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 13:48:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.coveware.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 announcement-bar-6721d4a90ce99df85fd07-min.en-US.js Show response
assets.squarespace.com/universal/scripts-compressed/ 127 KB
39 KB 8ms
7ms Script
text/javascript 151.101.0.237
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.squarespace.com/universal/scripts-compressed/announcement-bar-6721d4a90ce99df85fd07-min.en-US.js
Requested by: Host: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/common-vendors-stable-dade9d616ff90ebf99b1d-min.en-US.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.237 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: d0e5b472f10636a8b03f10857cad0373d081cd52f8a7a3148e3e57e0b261e1c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 10, 3524
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
age: 673519
x-cache: HIT, HIT
content-length: 40166
x-served-by: cache-iad-kjyo7100044-IAD, cache-fra-eddf8230124-FRA
last-modified: Thu, 09 Mar 2023 18:20:17 GMT
server: UploadServer
x-timer: S1679060914.747360,VS0,VE0
etag: "36fac9fa4882a3a158cf5ea6d7ecd31e"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Mar 2024 18:43:14 GMT

GET
H2 200 share-buttons-b0982e19b446aa84f9d0b-min.en-US.js Show response
assets.squarespace.com/universal/scripts-compressed/ 6 KB
2 KB 13ms
12ms Script
text/javascript 151.101.0.237
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.squarespace.com/universal/scripts-compressed/share-buttons-b0982e19b446aa84f9d0b-min.en-US.js
Requested by: Host: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/extract-css-runtime-fd345d8da259ebb2b7fd8-min.en-US.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.237 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 110c48b92a8414ae738176183dd228f7bd26d823020eb4d5fc8ea33232a6f403

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-cache-hits: 32, 1307
date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
age: 673513
x-cache: HIT, HIT
content-length: 2054
x-served-by: cache-iad-kiad7000026-IAD, cache-fra-eddf8230124-FRA
last-modified: Thu, 09 Mar 2023 18:19:59 GMT
server: UploadServer
x-timer: S1679060914.749748,VS0,VE0
etag: "43b07746e6bdcd3ab0c64aabd11460bc"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Mar 2024 18:43:20 GMT

POST
H2 200 RecordHit Show response
www.coveware.com/api/census/ 17 B
110 B 145ms
144ms XHR
application/json 198.185.159.144
SQUARESPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.coveware.com/api/census/RecordHit

Requested by

Host: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/common-vendors-77853e7960856b0973083-min.en-US.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.185.159.144 , United States, ASN53831 (SQUARESPACE, US),

Reverse DNS

Software

Squarespace /

Resource Hash

f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
X-CSRF-Token: BfH+CRvq6ljdOTRhMDg0ZWFjNGYwOTVlMDBmYjczZGY5MzBiZTM2
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
strict-transport-security: max-age=43200
x-content-type-options: nosniff
server: Squarespace
content-type: application/json;charset=utf-8
cache-control: no-cache, no-store, must-revalidate
x-contextid: R06fTZVC/0oa2nx3l
content-length: 17

POST
H2 200 button-render Show response
www.coveware.com/api/census/ 17 B
60 B 145ms
144ms XHR
application/json 198.185.159.144
SQUARESPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.coveware.com/api/census/button-render

Requested by

Host: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/common-vendors-77853e7960856b0973083-min.en-US.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.185.159.144 , United States, ASN53831 (SQUARESPACE, US),

Reverse DNS

Software

Squarespace /

Resource Hash

f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
X-CSRF-Token: BfH+CRvq6ljdOTRhMDg0ZWFjNGYwOTVlMDBmYjczZGY5MzBiZTM2
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
strict-transport-security: max-age=43200
x-content-type-options: nosniff
server: Squarespace
content-type: application/json;charset=utf-8
cache-control: no-cache, no-store, must-revalidate
x-contextid: R06fTZVC/pmyXLoHP
content-length: 17

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
347 B 69ms
19ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-119192266-1&cid=1654748620.1679060914&jid=1744455942&gjid=593193730&_gid=561283065.1679060914&_u=YEBAAUAAAAAAACAAI~&z=1149858816

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.coveware.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 17 Mar 2023 13:48:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.coveware.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 settings Show response
www.coveware.com/api/1/performance/ 53 B
153 B 105ms
105ms XHR
application/json 198.185.159.144
SQUARESPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.coveware.com/api/1/performance/settings
Requested by: Host: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/common-cf6d3ad731097a07c3893-min.en-US.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.185.159.144 , United States, ASN53831 (SQUARESPACE, US),
Reverse DNS
Software: Squarespace /
Resource Hash: eaecf8496fdeb22a5d7caad2683d240764d1cb940a7af00867ad579e1e7d082b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
x-contextid: R06fTZVC/2w3Boc4E
server: Squarespace
content-length: 53
vary: Accept-Encoding, User-Agent
content-type: application/json

GET
H2 200 l
use.typekit.net/af/ae4f6c/000000000000000000010096/27/ 67 KB
67 KB 19ms
19ms Font
application/font-woff2 2a02:26f0:480:e::210:f10f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/ae4f6c/000000000000000000010096/27/l?subset_id=2&fvd=n3&v=3
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:e::210:f10f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 634a4f9f8a22e44867bf4f68b9671e1471fe6e7339bbf2777ad5264be64d4049

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
server: nginx
etag: "dcb4afde1e053f9caf987fd66290b8eca72ab6f0"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 68532

GET
H2 200 l
use.typekit.net/af/9b05f3/000000000000000000013365/27/ 46 KB
46 KB 20ms
19ms Font
application/font-woff2 2a02:26f0:480:e::210:f10f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/9b05f3/000000000000000000013365/27/l?subset_id=2&fvd=n4&v=3
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:e::210:f10f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 2d36e12bfbde85feb98c8b66f8a4a40f9a5db6918f49234a2ddece526d933237

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
server: nginx
etag: "0ffa5e8c8eb076cc21ede9987250dfa4f2af4438"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 46668

GET
H2 200 l
use.typekit.net/af/2cd6bf/00000000000000000001008f/27/ 41 KB
42 KB 11ms
10ms Font
application/font-woff2 2a02:26f0:480:e::210:f10f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/2cd6bf/00000000000000000001008f/27/l?subset_id=2&fvd=n5&v=3
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:e::210:f10f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: bf2d68276696fd7c8903c75e24b32536f8a4d9f39a952b389c13ee8c793a530c

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
server: nginx
etag: "87868ea7533b245fa343d5fd2e370ee0daee1db8"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 42384

GET
H2 200 l
use.typekit.net/af/eb729a/000000000000000000010092/27/ 39 KB
40 KB 8ms
8ms Font
application/font-woff2 2a02:26f0:480:e::210:f10f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/eb729a/000000000000000000010092/27/l?subset_id=2&fvd=i7&v=3
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:e::210:f10f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 7fcb4ef179e88dd6fd4181433f9b97f869c03930f5c698113ef4a18785a2f6df

Request headers

Referer: https://www.coveware.com/
Origin: https://www.coveware.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
server: nginx
etag: "599bfc6908295758da16f495738fa5c76ccf9542"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 40216

GET
H2 200 /
www.google.com/pagead/1p-user-list/799277872/ 42 B
327 B 36ms
21ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/799277872/?random=1679060913656&cv=11&fst=1679058000000&bg=ffffff&guid=ON&async=1&gtm=45be33f0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.coveware.com%2Fblog%2F2019%2F11%2F19%2Fphantom-incident-extortion-scam-threatens-release-of-corporate-pii&tiba=Phantom%20Incident%20Scam%20Threatens%20Release%20of%20Corporate%20PII&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3972593875&rmt_tld=0&ipr=y

Requested by

Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 13:48:33 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/799277872/ 42 B
455 B 57ms
19ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/799277872/?random=1679060913656&cv=11&fst=1679058000000&bg=ffffff&guid=ON&async=1&gtm=45be33f0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.coveware.com%2Fblog%2F2019%2F11%2F19%2Fphantom-incident-extortion-scam-threatens-release-of-corporate-pii&tiba=Phantom%20Incident%20Scam%20Threatens%20Release%20of%20Corporate%20PII&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3972593875&rmt_tld=1&ipr=y

Requested by

Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 13:48:33 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
graph.facebook.com/ 260 B
653 B 64ms
33ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii&callback=SquarespaceShareButtonCounts1679060913791.facebook

Requested by

Host: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/share-buttons-b0982e19b446aa84f9d0b-min.en-US.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ba1f96474a2b8d4aabca746bb2f903f875cf33346367f9f58f89c69a01f6b39a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
date: Fri, 17 Mar 2023 13:48:33 GMT
x-fb-rev: 1007130069
alt-svc: h3=":443"; ma=86400
content-length: 195
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: euI0JyuXnRznUY1rCVnbO0TZ2PY5Zfn0U6127d4RL1pin/cs5id2t65l5K8MnN5ViTYpATgBNDSbbXjyDK0qQQ==
x-fb-trace-id: ELwj9/+Tgco
vary: Origin, Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AW0yRiVe4nmIgp0mB-vQcdX
cache-control: no-store
facebook-api-version: v10.0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 404 share
www.linkedin.com/countserv/count/ 0
0 181ms
153ms Script
text/html 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.linkedin.com/countserv/count/share?url=https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii&callback=SquarespaceShareButtonCounts1679060913791.linkedin
Requested by: Host: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/share-buttons-b0982e19b446aa84f9d0b-min.en-US.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H2 200 blog Show response
www.coveware.com/ 901 KB
177 KB 301ms
298ms XHR
application/json 198.185.159.144
SQUARESPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.coveware.com/blog?&format=json&_=1679060913590

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.185.159.144 , United States, ASN53831 (SQUARESPACE, US),

Reverse DNS

Software

Squarespace /

Resource Hash

244c49dd46ce61f0a118e6e987811c931f2e3712ad18daeeb43cc6904b526051

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=43200
age: 0
x-contextid: R06fTZVC/NDp9GKKj
content-length: 181076
pragma: cache
server: Squarespace
etag: W/"20ff47074f550c8fe77b51a0efe39784"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/json;charset=utf-8
cache-control: public, max-age=94608000
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 p.gif
p.typekit.net/ 35 B
214 B 36ms
7ms Image
image/gif 2a02:26f0:480:e::210:f10f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=2&k=646866_5ab16578e2ccd10898976178&ht=tk&h=www.coveware.com&f=10886.10884.10879.10881.10882&a=646866&js=1.21.0&app=typekit&e=js&_=1679060913826
Requested by: Host: www.coveware.com
URL: https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:e::210:f10f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coveware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:48:33 GMT
last-modified: Sat, 09 Oct 2021 02:10:03 GMT
server: nginx
etag: "6160f9fb-23"
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35

POST
H2 200 / Show response
www.facebook.com/tr/ Frame E4F2 0
73 B 9ms
9ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.coveware.com
Referer: https://www.coveware.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.coveware.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Fri, 17 Mar 2023 13:48:34 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

Verdicts & Comments Add Verdict or Comment

87 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.coveware.com/	1969-12-31 23:59:59	Name: crumb Value: BfH+CRvq6ljdOTRhMDg0ZWFjNGYwOTVlMDBmYjczZGY5MzBiZTM2
.coveware.com/	1970-01-20 12:33:56	Name: _gcl_au Value: 1.1.1334266132.1679060914
.coveware.com/	1970-01-20 12:33:56	Name: _fbp Value: fb.1.1679060913698.2058000668
.coveware.com/	1970-01-20 20:00:20	Name: _ga Value: GA1.2.1654748620.1679060914
.coveware.com/	1970-01-20 10:25:47	Name: _gid Value: GA1.2.561283065.1679060914
.coveware.com/	1970-01-20 10:24:20	Name: _gat_gtag_UA_119192266_1 Value: 1
www.coveware.com/	1970-01-20 20:00:20	Name: ss_cvr Value: 6f8f92b1-8003-4f72-beb7-471421e7a968\|1679060913737\|1679060913737\|1679060913737\|1
www.coveware.com/	1970-01-20 10:24:22	Name: ss_cvt Value: 1679060913737
.doubleclick.net/	1970-01-20 10:24:21	Name: test_cookie Value: CheckForPermission
.linkedin.com/	1970-01-20 19:09:56	Name: bcookie Value: "v=2&c2c35f6f-f344-4e5a-8187-aef4f9a75be1"
.www.linkedin.com/	1970-01-20 19:09:56	Name: bscookie Value: "v=1&202303171348331cc8b30d-a170-4e60-81db-58d605f1e0d7AQHKKJCti1Upk5wxvCUOJcb8Jtg9ivUX"
.linkedin.com/	1970-01-20 14:43:32	Name: li_gc Value: MTswOzE2NzkwNjA5MTM7MjswMjGRluVJfPib9Diz0tLMCoxcktegnIfbR7LZhhQ3/a9htQ==
.linkedin.com/	1970-01-20 10:25:47	Name: lidc Value: "b=TGST02:s=T:r=T:a=T:p=T:g=2975:u=1:x=1:i=1679060913:t=1679147313:v=2:sig=AQHbyL-tuFsSLpLNHpispwJwkkhJNMV7"

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.linkedin.com/countserv/count/share?url=https://www.coveware.com/blog/2019/11/19/phantom-incident-extortion-scam-threatens-release-of-corporate-pii&callback=SquarespaceShareButtonCounts1679060913791.linkedin Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=43200
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
assets.squarespace.com
assets.squarewebsites.org
cdn.jsdelivr.net
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
graph.facebook.com
images.squarespace-cdn.com
p.typekit.net
static1.squarespace.com
stats.g.doubleclick.net
use.typekit.net
www.coveware.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
151.101.0.237
151.101.0.238
151.101.192.238
198.185.159.144
198.185.159.145
2606:4700:20::ac43:4b97
2606:4700::6810:5714
2620:1ec:21::14
2a00:1450:4001:806::200a
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2003
2a00:1450:4001:810::200a
2a00:1450:4001:811::2003
2a00:1450:4001:827::2008
2a00:1450:4001:827::200e
2a00:1450:4001:82f::2003
2a00:1450:4001:831::2004
2a00:1450:400c:c00::9c
2a02:26f0:480:e::210:f10f
2a03:2880:f01c:800e:face:b00c:0:2
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
01ecdaa12ccc33c2022d962845fafbf2daa80a559b52e70465436b54bbf17cea
0fca0294cfaf24a4db0852415eee7bcdea7b9766d59e443fb2d5f0c77eb23363
110c48b92a8414ae738176183dd228f7bd26d823020eb4d5fc8ea33232a6f403
135a9a67703a16a1700806ee264015aacd35e864a6eccdee0484cc61f1309ca2
244c49dd46ce61f0a118e6e987811c931f2e3712ad18daeeb43cc6904b526051
2d36e12bfbde85feb98c8b66f8a4a40f9a5db6918f49234a2ddece526d933237
3e562f8b917cb37bafe180af15478425b13ee7d3331d4e8148c72a1cc8839b76
44a6d323ae0ec00c95159c85576d24a810c333584da517505cd8bef888beb77a
4e228b98c23016425ff3c09f7de4e1de57424d8dac96dab463ca4e386f532d6b
5291859d1d01fb7a948ac16a4aa17c04302165bff70b6d4812fb9f578143996a
54e832663426c696b1f603379026e5e15720e8c812bbbc60d63aa2ad8a479f75
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5c7f4bc25dea91cff52ba92dac7e1ffcd7b8b78212bd943c1a4593945bd1b9da
628a4b936040bd387e58c9dff075de75d3dcf5d29635b06f0362c8b36651f876
634a4f9f8a22e44867bf4f68b9671e1471fe6e7339bbf2777ad5264be64d4049
665877c1c444a8fc1e8c525010be1227e5de44e5a992c2856e99cfe5cbe8c661
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
74af9f9a9fc8e8e535d843f8929e31fd2990d885fd1b3d5e82b518eea386c076
7758a4fd4f12e3dcce82f7ee68f926f28fad12d9073b88eced439b6a6fe12343
7b944c6fd5b53c7ab1b83a3ee5bff758cadd2081365eb4b8b127f4c61253674d
7fcb4ef179e88dd6fd4181433f9b97f869c03930f5c698113ef4a18785a2f6df
84161c46238fff2c6920ebc28f02cddd7b710cf3d1107853f540b084320f6afd
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
8b5cef272f73912c45d8b2ee7d7ae55cb21eebb61f68c95f75c5391fa3d06533
9a89dea4e2217d0660176390cb483ea4be7b1fadffd27c872a1763fe99ee44ef
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
a0611a1a9857a4de84597bf85e3f05daa617698be9da89ba33925cf959705f59
a59acd7a8cbaf68d5d628ac09c501f01a2f3f42c9affa8f3d101f2860d1cc3f7
ba1f96474a2b8d4aabca746bb2f903f875cf33346367f9f58f89c69a01f6b39a
bf2d68276696fd7c8903c75e24b32536f8a4d9f39a952b389c13ee8c793a530c
c4e51648b4dee156e40cbdf04e3e130b912ff231270c0b5fcc7f5c3e2c994534
ca7e977e5229b10b77641c5310ce3cd34e85b7bf4d824e2f1630f9048628d5c6
d0e5b472f10636a8b03f10857cad0373d081cd52f8a7a3148e3e57e0b261e1c9
d76f8e42213513ab33c721c98a652b012ee11ff86efc7661ca19a344c4c117a8
d7cb0b0f191b18a363f12ebbb0eae0b54c5660f4dc296f31cc19a5a9805eec69
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
ded1e2af9a5d3937cc8d26fbb6d0212702f611ca62607c4eb3e7b4dc3b196d9f
e07b1b58374998ee270804d18cd4c13458e11b301d78e75527b743a33d7c9cb7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8541d6ca2ec496ef20ce369b49574983997543cc150f1d6f756f3b56019a4f4
eaecf8496fdeb22a5d7caad2683d240764d1cb940a7af00867ad579e1e7d082b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef96ebaf8382b871362555060222e31e43820a42c2c89c905eb43c38ae3f295f
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f7933255ef71246aa324ac4ef34fa6608f9cd5b085734815cc4db3db5a0d28db
fbdbe7e9d0e771fca844068344b8c52ba54f043a0ab2c74748208e4af2407d16
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.coveware.com Open in urlscan Pro 198.185.159.144 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

51 Requests

100 %HTTPS

77 %IPv6

16 Domains

22 Subdomains

21 IPs

3 Countries

2405 kBTransfer

8794 kBSize

13 Cookies

9 Outgoing links

Page URL History

Redirected requests

51 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.coveware.com Open in urlscan Pro
198.185.159.144 Public Scan

Screenshot
Live screenshot

Full Image

51
Requests

100 %
HTTPS

77 %
IPv6

16
Domains

22
Subdomains

21
IPs

3
Countries

2405 kB
Transfer

8794 kB
Size

13
Cookies

51 HTTP transactions
0 data transactions