www.mimecast.com Open in urlscan Pro
2606:4700::6810:a1a Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Submission: On March 20 via api (March 20th 2020, 5:10:38 pm UTC) from US

Summary HTTP 109 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 59 IPs in 8 countries across 57 domains to perform 109 HTTP transactions. The main IP is 2606:4700::6810:a1a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.mimecast.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on February 12th 2020. Valid for: 6 months.

This is the only time www.mimecast.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 20	2606:4700::68... 2606:4700::6810:a1a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:816::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:814::2003	15169 (GOOGLE) (GOOGLE)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
2 6	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:10c... 2a02:26f0:10c:382::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:815::2008	15169 (GOOGLE) (GOOGLE)
1	52.29.155.208 52.29.155.208	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	151.101.113.181 151.101.113.181	54113 (FASTLY) (FASTLY)
1	52.222.143.82 52.222.143.82	16509 (AMAZON-02) (AMAZON-02)
2	88.221.60.75 88.221.60.75	16625 (AKAMAI-AS) (AKAMAI-AS)
1 3	31.186.247.145 31.186.247.145	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
2	152.195.132.202 152.195.132.202	15133 (EDGECAST) (EDGECAST)
1	169.50.137.179 169.50.137.179	36351 (SOFTLAYER) (SOFTLAYER)
2 4	23.37.58.95 23.37.58.95	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
6 9	185.33.223.208 185.33.223.208	29990 (ASN-APPNEX) (ASN-APPNEX)
1	99.86.3.6 99.86.3.6	16509 (AMAZON-02) (AMAZON-02)
2	46.228.164.11 46.228.164.11	56396 (TURN) (TURN)
1	143.204.201.47 143.204.201.47	16509 (AMAZON-02) (AMAZON-02)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
1 1	2a05:f500:11:... 2a05:f500:11:101::b93f:9001	14413 (LINKEDIN) (LINKEDIN)
2 2	2a00:1450:400... 2a00:1450:400c:c06::9b	15169 (GOOGLE) (GOOGLE)
3 6	2001:4860:480... 2001:4860:4802:34::75	15169 (GOOGLE) (GOOGLE)
1	143.204.201.74 143.204.201.74	16509 (AMAZON-02) (AMAZON-02)
2 2	52.49.185.203 52.49.185.203	16509 (AMAZON-02) (AMAZON-02)
1 2	143.204.201.67 143.204.201.67	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1 2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:3a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2606:4700:10:... 2606:4700:10::6814:b944	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	216.58.207.38 216.58.207.38	15169 (GOOGLE) (GOOGLE)
1	2.17.6.215 2.17.6.215	16625 (AKAMAI-AS) (AKAMAI-AS)
1 3	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
2 2	216.58.207.66 216.58.207.66	15169 (GOOGLE) (GOOGLE)
1 1	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:821::2002	15169 (GOOGLE) (GOOGLE)
1 2	34.249.192.36 34.249.192.36	16509 (AMAZON-02) (AMAZON-02)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 4	185.33.223.218 185.33.223.218	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	95.101.185.51 95.101.185.51	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	18.195.103.23 18.195.103.23	16509 (AMAZON-02) (AMAZON-02)
1 2	147.75.102.200 147.75.102.200	54825 (PACKET) (PACKET)
1	23.45.237.36 23.45.237.36	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	72.251.249.14 72.251.249.14	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	52.58.138.174 52.58.138.174	16509 (AMAZON-02) (AMAZON-02)
1 2	54.93.38.91 54.93.38.91	16509 (AMAZON-02) (AMAZON-02)
1 2	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE)
1 2	3.125.70.222 3.125.70.222	16509 (AMAZON-02) (AMAZON-02)
1	34.241.92.164 34.241.92.164	16509 (AMAZON-02) (AMAZON-02)
2 2	34.249.135.160 34.249.135.160	16509 (AMAZON-02) (AMAZON-02)
1	104.193.83.156 104.193.83.156	63124 (IGNITIONO...) (IGNITIONONE-ASN)
1 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1 1	35.160.67.124 35.160.67.124	16509 (AMAZON-02) (AMAZON-02)
1	2a03:2880:f01... 2a03:2880:f01c:8004:face:b00c:0:8c	32934 (FACEBOOK) (FACEBOOK)
1 1	99.86.3.113 99.86.3.113	16509 (AMAZON-02) (AMAZON-02)
5	99.86.3.118 99.86.3.118	16509 (AMAZON-02) (AMAZON-02)
1 2	18.184.227.62 18.184.227.62	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	23.111.9.64 23.111.9.64	33438 (HIGHWINDS2) (HIGHWINDS2)
4	51.140.6.23 51.140.6.23	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	3.95.53.28 3.95.53.28	14618 (AMAZON-AES) (AMAZON-AES)
1	99.83.219.81 99.83.219.81	16509 (AMAZON-02) (AMAZON-02)
4	52.72.18.87 52.72.18.87	14618 (AMAZON-AES) (AMAZON-AES)
109	59

20 2606:4700::6810:a1a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.mimecast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:800::200e (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:382::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:815::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.29.155.208 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-155-208.eu-central-1.compute.amazonaws.com

cdn.decibelinsight.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.181 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

play.vidyard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.143.82 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-143-82.ams50.r.cloudfront.net

px.airpr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.221.60.75 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-60-75.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.186.247.145 (United Kingdom) 1 redirects

ASN30282 (AS-INAPCDN-OCY, US)

mimecast.netmng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gcm.netmng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 152.195.132.202 (United States)

ASN15133 (EDGECAST, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.179 (United States)

ASN36351 (SOFTLAYER, US)
PTR: b3.89.32a9.ip4.static.sl-reverse.com

tag.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.37.58.95 (Netherlands) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-58-95.deploy.static.akamaitechnologies.com

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.33.223.208 (Netherlands) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 311.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.3.6 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-3-6.fra6.r.cloudfront.net

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.228.164.11 (United Kingdom)

ASN56396 (TURN, GB)

r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.201.47 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-47.fra53.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:11:101::b93f:9001 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9b (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2001:4860:4802:34::75 (United States) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.201.74 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-74.fra53.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.185.203 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-185-203.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.201.67 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-67.fra53.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland) 1 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.207.38 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s24-in-f6.1e100.net

8790468.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.17.6.215 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-17-6-215.deploy.static.akamaitechnologies.com

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 193.0.160.129 (Netherlands) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
20820699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.207.66 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s25-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.98 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.249.192.36 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-192-36.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.223.218 (Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 313.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.101.185.51 (Ascension Island) 1 redirects

ASN20940 (AKAMAI-ASN1, US)
PTR: a95-101-185-51.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.103.23 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-103-23.eu-central-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.75.102.200 (Central, Hong Kong) 1 redirects

ASN54825 (PACKET, US)

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.237.36 (United States)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-237-36.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.249.14 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.58.138.174 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-138-174.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.93.38.91 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-38-91.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.120.147 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 147.120.95.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.125.70.222 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-70-222.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.241.92.164 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-92-164.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.249.135.160 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-135-160.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.193.83.156 (United States)

ASN63124 (IGNITIONONE-ASN, US)

tradedesk2waycm.netmng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.160.67.124 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-160-67-124.us-west-2.compute.amazonaws.com

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:8004:face:b00c:0:8c (Ireland)

ASN32934 (FACEBOOK, US)

cx.atdmt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.3.113 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-99-86-3-113.fra6.r.cloudfront.net

widget.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 99.86.3.118 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-3-118.fra6.r.cloudfront.net

js.intercomcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.184.227.62 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-227-62.eu-central-1.compute.amazonaws.com

dpx.airpr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.9.64 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.140.6.23 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dc.services.visualstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.95.53.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-95-53-28.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.83.219.81 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: ad8b87a22ce463223.awsglobalaccelerator.com

api-iam.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.72.18.87 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-18-87.compute-1.amazonaws.com

scout.us2.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	mimecast.com 1 redirects www.mimecast.com	619 KB
13	adnxs.com 8 redirects secure.adnxs.com ib.adnxs.com	11 KB
8	google-analytics.com 2 redirects www.google-analytics.com ssl.google-analytics.com	35 KB
7	salesloft.com scout-cdn.salesloft.com scout.salesloft.com scout.us2.salesloft.com	5 KB
7	doubleclick.net 6 redirects stats.g.doubleclick.net 8790468.fls.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net	1 KB
5	intercomcdn.com js.intercomcdn.com	205 KB
4	visualstudio.com dc.services.visualstudio.com	2 KB
4	tribalfusion.com 2 redirects a.tribalfusion.com s.tribalfusion.com	4 KB
4	netmng.com 1 redirects mimecast.netmng.com gcm.netmng.com tradedesk2waycm.netmng.com	8 KB
4	gstatic.com fonts.gstatic.com	36 KB
3	rfihub.com 1 redirects p.rfihub.com a.rfihub.com 20820699p.rfihub.com	2 KB
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	google.de www.google.de	328 B
3	google.com 3 redirects www.google.com	643 B
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	2 KB
3	airpr.com 1 redirects px.airpr.com dpx.airpr.com	3 KB
2	intercom.io 1 redirects widget.intercom.io api-iam.intercom.io	3 KB
2	tapad.com 1 redirects pixel.tapad.com	940 B
2	adsrvr.org 2 redirects match.adsrvr.org	916 B
2	eyeota.net 1 redirects ps.eyeota.net	1 KB
2	openx.net 1 redirects us-u.openx.net	346 B
2	bidswitch.net 1 redirects x.bidswitch.net	888 B
2	exelator.com 1 redirects loadm.exelator.com	934 B
2	360yield.com 1 redirects ad.360yield.com	681 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	demdex.net 1 redirects dpm.demdex.net	2 KB
2	facebook.com 1 redirects www.facebook.com	574 B
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	turn.com r.turn.com	980 B
2	cookielaw.org cdn.cookielaw.org	24 KB
2	marketo.net munchkin.marketo.net	6 KB
2	vidyard.com play.vidyard.com	13 KB
2	facebook.net connect.facebook.net	142 KB
2	bing.com bat.bing.com	8 KB
1	twitter.com analytics.twitter.com	388 B
1	atdmt.com cx.atdmt.com	433 B
1	rezync.com 1 redirects live.rezync.com	679 B
1	krxd.net beacon.krxd.net	319 B
1	advertising.com pixel.advertising.com	124 B
1	lijit.com ce.lijit.com	367 B
1	bluekai.com tags.bluekai.com	717 B
1	pubmatic.com image2.pubmatic.com	585 B
1	googleadservices.com 1 redirects www.googleadservices.com	911 B
1	rfihub.net c1.rfihub.net	7 KB
1	onetrust.com geolocation.onetrust.com	221 B
1	jquery.com code.jquery.com	30 KB
1	t.co t.co	449 B
1	demandbase.com tag.demandbase.com	15 KB
1	ml-api.io attr.ml-api.io	484 B
1	ml-attr.com 1 redirects s.ml-attr.com	278 B
1	simpli.fi tag.simpli.fi	790 B
1	decibelinsight.net cdn.decibelinsight.net	62 KB
1	licdn.com snap.licdn.com	2 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	msecnd.net az416426.vo.msecnd.net	22 KB
1	googleapis.com fonts.googleapis.com	908 B
1	googletagmanager.com www.googletagmanager.com	44 KB
109	57

	Domain	Requested by
20	www.mimecast.com	1 redirects www.mimecast.com code.jquery.com
9	secure.adnxs.com	6 redirects www.mimecast.com c1.rfihub.net
6	www.google-analytics.com	2 redirects www.googletagmanager.com www.mimecast.com
5	js.intercomcdn.com	js.intercomcdn.com
4	scout.us2.salesloft.com
4	dc.services.visualstudio.com	az416426.vo.msecnd.net
4	ib.adnxs.com	2 redirects www.mimecast.com
4	fonts.gstatic.com	www.mimecast.com
3	www.google.de	www.mimecast.com
3	www.google.com	3 redirects
2	scout.salesloft.com	az416426.vo.msecnd.net
2	dpx.airpr.com	1 redirects
2	pixel.tapad.com	1 redirects www.mimecast.com
2	match.adsrvr.org	2 redirects
2	ps.eyeota.net	1 redirects www.mimecast.com
2	us-u.openx.net	1 redirects www.mimecast.com
2	x.bidswitch.net	1 redirects www.mimecast.com
2	loadm.exelator.com	1 redirects www.mimecast.com
2	ad.360yield.com	1 redirects www.mimecast.com
2	dsum-sec.casalemedia.com	1 redirects www.mimecast.com
2	dpm.demdex.net	1 redirects www.mimecast.com
2	cm.g.doubleclick.net	2 redirects
2	8790468.fls.doubleclick.net	1 redirects mimecast.netmng.com
2	s.tribalfusion.com	1 redirects a.tribalfusion.com
2	www.facebook.com	1 redirects www.mimecast.com
2	segments.company-target.com	1 redirects www.mimecast.com
2	match.prod.bidr.io	2 redirects
2	stats.g.doubleclick.net	2 redirects
2	px.ads.linkedin.com	1 redirects www.mimecast.com
2	r.turn.com	www.mimecast.com
2	a.tribalfusion.com	1 redirects www.googletagmanager.com
2	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org
2	mimecast.netmng.com	www.mimecast.com mimecast.netmng.com
2	munchkin.marketo.net	www.mimecast.com munchkin.marketo.net
2	play.vidyard.com	www.googletagmanager.com
2	connect.facebook.net	www.mimecast.com connect.facebook.net
2	ssl.google-analytics.com	www.googletagmanager.com www.mimecast.com
2	bat.bing.com	www.googletagmanager.com www.mimecast.com
1	api-iam.intercom.io	js.intercomcdn.com
1	scout-cdn.salesloft.com	www.mimecast.com
1	analytics.twitter.com	static.ads-twitter.com
1	widget.intercom.io	1 redirects
1	cx.atdmt.com	www.mimecast.com
1	live.rezync.com	1 redirects
1	20820699p.rfihub.com	1 redirects
1	a.rfihub.com	c1.rfihub.net
1	tradedesk2waycm.netmng.com	www.mimecast.com
1	beacon.krxd.net	www.mimecast.com
1	pixel.advertising.com	www.mimecast.com
1	ce.lijit.com	www.mimecast.com
1	tags.bluekai.com	www.mimecast.com
1	image2.pubmatic.com	www.mimecast.com
1	googleads.g.doubleclick.net	1 redirects
1	www.googleadservices.com	1 redirects
1	gcm.netmng.com	1 redirects
1	p.rfihub.com	www.mimecast.com
1	c1.rfihub.net	mimecast.netmng.com
1	geolocation.onetrust.com	code.jquery.com
1	code.jquery.com	cdn.cookielaw.org
1	t.co	www.mimecast.com
1	api.company-target.com	az416426.vo.msecnd.net
1	www.linkedin.com	1 redirects
1	tag.demandbase.com	www.mimecast.com
1	attr.ml-api.io	www.mimecast.com
1	s.ml-attr.com	1 redirects
1	tag.simpli.fi	www.googletagmanager.com
1	px.airpr.com	www.mimecast.com
1	cdn.decibelinsight.net	www.mimecast.com
1	snap.licdn.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	az416426.vo.msecnd.net	www.mimecast.com
1	fonts.googleapis.com	www.mimecast.com
1	www.googletagmanager.com	www.mimecast.com
109	73

This site contains links to these domains. Also see Links.

Domain
onetrust.com
www.youtube.com
twitter.com
www.linkedin.com
info.mimecast.com
community.mimecast.com
investors.mimecast.com

Subject Issuer	Validity	Valid
mimecast.com DigiCert SHA2 High Assurance Server CA	`2020-02-12` - `2020-08-04`	6 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.vo.msecnd.net Microsoft IT TLS CA 2	`2018-03-30` - `2020-03-30`	2 years	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.decibelinsight.net RapidSSL TLS RSA CA G1	`2019-12-16` - `2021-02-13`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-03-01` - `2020-05-30`	3 months	crt.sh
p.ssl.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-09-03` - `2021-02-22`	a year	crt.sh
*.airpr.com Amazon	`2020-02-10` - `2021-03-10`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2020-03-14` - `2021-04-13`	a year	crt.sh
*.netmng.com Go Daddy Secure Certificate Authority - G2	`2020-02-10` - `2021-02-23`	a year	crt.sh
sa437gl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2018-05-17` - `2020-08-19`	2 years	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2017-05-11` - `2020-05-10`	3 years	crt.sh
*.tribalfusion.com DigiCert SHA2 Secure Server CA	`2019-02-23` - `2020-05-24`	a year	crt.sh
*.ml-api.io Amazon	`2020-02-06` - `2021-03-06`	a year	crt.sh
*.turn.com DigiCert SHA2 Secure Server CA	`2020-03-18` - `2021-04-19`	a year	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2019-05-29` - `2021-06-29`	2 years	crt.sh
www.google.de GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
*.onetrust.com DigiCert SHA2 Secure Server CA	`2018-03-12` - `2020-06-14`	2 years	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.rfihub.net DigiCert SHA2 Secure Server CA	`2019-01-25` - `2020-04-25`	a year	crt.sh
*.rfihub.com DigiCert SHA2 Secure Server CA	`2019-08-27` - `2020-08-31`	a year	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.360yield.com Amazon	`2019-09-24` - `2020-10-24`	a year	crt.sh
*.exelator.com Go Daddy Secure Certificate Authority - G2	`2019-05-17` - `2021-06-25`	2 years	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2020-01-10` - `2021-04-10`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2019-03-11` - `2020-05-10`	a year	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2017-06-14` - `2020-06-18`	3 years	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2019-04-17` - `2020-05-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
*.eyeota.net Let's Encrypt Authority X3	`2020-02-10` - `2020-05-10`	3 months	crt.sh
beacon.krxd.net DigiCert SHA2 Secure Server CA	`2020-01-30` - `2021-01-30`	a year	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2019-11-02` - `2020-11-06`	a year	crt.sh
*.atlassolutions.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2020-06-03`	3 months	crt.sh
*.intercomcdn.com Amazon	`2019-04-27` - `2020-05-27`	a year	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2020-01-23` - `2021-03-23`	a year	crt.sh
dc.services.visualstudio.com Microsoft IT TLS CA 5	`2020-03-17` - `2022-03-17`	2 years	crt.sh
*.intercom.com Amazon	`2019-06-11` - `2020-07-11`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Frame ID: E931BCE41CFF8A632D15E26016AB0EDB
Requests: 103 HTTP requests in this frame

Frame: https://8790468.fls.doubleclick.net/activityi;dc_pre=CMzent7FqegCFeTluwgdS3sCRg;src=8790468;type=invmedia;cat=g19urpku;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5003285403288.859
Frame ID: 627B4B51CB35811F6A9D89B930B5C839
Requests: 1 HTTP requests in this frame

Frame: https://secure.adnxs.com/seg?add=19924615&t=2
Frame ID: 21E50955BCBA89C87C01BC247F6056C1
Requests: 1 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.eabd1913.js
Frame ID: C9E803F5E4F72FC7434D0031A30B471F
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing= HTTP 301
https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

script /munchkin\.marketo\.net\/munchkin\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

109
Requests

99 %
HTTPS

26 %
IPv6

57
Domains

73
Subdomains

59
IPs

8
Countries

1311 kB
Transfer

3979 kB
Size

2
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

URL: https://www.youtube.com/mimecast
Title: YouTube

Search URL Search Domain Scan URL

URL: https://twitter.com/mimecast
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/mimecast
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://info.mimecast.com/switch-from-Symantec.html
Title: Switching from Symantec Email Security

Search URL Search Domain Scan URL

URL: https://community.mimecast.com/
Title: Mimecaster Central

Search URL Search Domain Scan URL

URL: https://community.mimecast.com/s/knowledge
Title: Knowledge Base

Search URL Search Domain Scan URL

URL: http://investors.mimecast.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://community.mimecast.com/?_ga=2.123449291.1703105999.1566896442-536363365.1559835433
Title: Mimecaster Central

Search URL Search Domain Scan URL

URL: http://investors.mimecast.com/?_ga=2.155222779.1703105999.1566896442-536363365.1559835433
Title: Investor Relations

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing= HTTP 301
https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dmimecast.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dmimecast.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dmimecast.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=mimecast.com&pId=1674949956577944921

Request Chain 42

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8016&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&time=1584724212636 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D8016%26url%3Dhttps%253A%252F%252Fwww.mimecast.com%252Fblog%252F2020%252F03%252Fbeware-of-coronavirus-email-phishing%253D%252F%26time%3D1584724212636%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8016&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&time=1584724212636&liSync=true

Request Chain 44

https://www.google-analytics.com/r/collect?v=1&_v=j81&aip=1&a=1795826915&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&ul=en-us&de=UTF-8&dt=Page%20Not%20Found&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=147046443.1724231974.1584724213.1584724213.1584724213.1&_utmz=147046443.1584724213.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1584724212661&_u=YQBCAEAB~&jid=991026855&gjid=1724111307&cid=1724231974.1584724213&tid=UA-1898620-6&_gid=868629508.1584724213&_r=1&gtm=2wg3b2M2787TN&z=1057417489 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1898620-6&cid=1724231974.1584724213&jid=991026855&_gid=868629508.1584724213&gjid=1724111307&_v=j81&z=1057417489 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1724231974.1584724213&jid=991026855&_v=j81&z=1057417489 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1724231974.1584724213&jid=991026855&_v=j81&z=1057417489&slf_rd=1&random=1015966697

Request Chain 50

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AARgc0686fIAABTY8FYMKw HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AARgc0686fIAABTY8FYMKw&verifyHash=e3444d44bfbf6bd8fdd7759cde76446d817240d

Request Chain 59

https://8790468.fls.doubleclick.net/activityi;src=8790468;type=invmedia;cat=g19urpku;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5003285403288.859 HTTP 302
https://8790468.fls.doubleclick.net/activityi;dc_pre=CMzent7FqegCFeTluwgdS3sCRg;src=8790468;type=invmedia;cat=g19urpku;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5003285403288.859

Request Chain 62

https://cm.g.doubleclick.net/pixel?google_nid=netmng&google_cm&google_sc&google_hm=ZGhqYnVhYnV0Nm56aQ==&vid=dhjbuabut6nzi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=netmng&google_cm=&google_sc=&google_hm=ZGhqYnVhYnV0Nm56aQ==&vid=dhjbuabut6nzi&google_tc= HTTP 302
https://gcm.netmng.com/?id=&vid=dhjbuabut6nzi&google_gid=CAESEDwoy5cgKgWTgwriPJ0OQXA&google_cver=1 HTTP 302
https://www.googleadservices.com/pagead/conversion/1057254703/?label=Uq59CP-34QEQr9qR-AM&guid=ON&script=0 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1057254703/?label=Uq59CP-34QEQr9qR-AM&guid=ON&script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=9vh0XuWtCYjC7gP-2pzYCg&random=2091409328&sscte=1&crd=&gtd= HTTP 302
https://www.google.com/pagead/1p-conversion/1057254703/?label=Uq59CP-34QEQr9qR-AM&guid=ON&script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=2091409328&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=9vh0XuWtCYjC7gP-2pzYCg&random=2692525465 HTTP 302
https://www.google.de/pagead/1p-conversion/1057254703/?label=Uq59CP-34QEQr9qR-AM&guid=ON&script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=2091409328&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=9vh0XuWtCYjC7gP-2pzYCg&random=2692525465&ipr=y

Request Chain 63

https://dpm.demdex.net/ibs:dpid=640&dpuuid=dhjbuabut6nzi HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=640&dpuuid=dhjbuabut6nzi

Request Chain 65

https://ib.adnxs.com/setuid?entity=72&code=dhjbuabut6nzi HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D72%26code%3Ddhjbuabut6nzi

Request Chain 66

https://secure.adnxs.com/mapuid?member=6928&user=dhjbuabut6nzi HTTP 307
https://secure.adnxs.com/bounce?%2Fmapuid%3Fmember%3D6928%26user%3Ddhjbuabut6nzi

Request Chain 67

https://secure.adnxs.com/mapuid?member=9373&user=dhjbuabut6nzi HTTP 307
https://secure.adnxs.com/bounce?%2Fmapuid%3Fmember%3D9373%26user%3Ddhjbuabut6nzi

Request Chain 68

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=61&external_user_id=dhjbuabut6nzi&expiration=1587316212 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=61&external_user_id=dhjbuabut6nzi&expiration=1587316212&C=1

Request Chain 69

https://ad.360yield.com/match?publisher_dsp_id=35&external_user_id=dhjbuabut6nzi HTTP 302
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=35&external_user_id=dhjbuabut6nzi

Request Chain 70

https://loadm.exelator.com/load/?p=204&g=330&buid=dhjbuabut6nzi&j=0 HTTP 302
https://loadm.exelator.com/load/?p=204&g=330&buid=dhjbuabut6nzi&j=0&xl8blockcheck=1

Request Chain 74

https://x.bidswitch.net/sync?dsp_id=14&user_id=dhjbuabut6nzi&expires=30 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=14&user_id=dhjbuabut6nzi&expires=30

Request Chain 75

https://us-u.openx.net/w/1.0/sd?id=537072967&val=dhjbuabut6nzi HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072967&val=dhjbuabut6nzi

Request Chain 76

https://ps.eyeota.net/match?bid=6bmpi0v&uid=dhjbuabut6nzi HTTP 302
https://ps.eyeota.net/match/bounce/?bid=6bmpi0v&uid=dhjbuabut6nzi

Request Chain 78

https://match.adsrvr.org/track/cmf/generic?ttd_pid=su9xcof&ttd_tpi=1&ttd_puid=108521 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=su9xcof&ttd_tpi=1&ttd_puid=108521 HTTP 302
https://tradedesk2waycm.netmng.com/cm/?buid=108521&id=52153624-8d14-4aec-b264-04bf9db3de99

Request Chain 79

https://pixel.tapad.com/idsync/ex/receive?partner_id=3117&partner_device_id=dhjbuabut6nzi HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3117&partner_device_id=dhjbuabut6nzi

Request Chain 81

https://s.tribalfusion.com/insights?%7B%22tagKey%22%3A%221016110424%22%2C%22th%22%3A8720513786%2C%22version%22%3A%221.0%22%2C%22tKey%22%3A%22aymneMnmMLmGrmpWMD2TrgQEiFQZbieZaL%22%2C%22url%22%3A%22https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F%22%2C%22clientName%22%3A%22Mimecast%22%2C%22clientID%22%3A700773%2C%22eventType%22%3A%22insights%22%2C%22segmentNumber%22%3A0%2C%22segmentName%22%3A%22Insights%22%7D HTTP 302
https://ib.adnxs.com/getuidu?https://a.tribalfusion.com/i.match?p=b26&u=$UID&redirect=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D305%26code%3D%24TF_USER_ID_ENC%24 HTTP 302
https://a.tribalfusion.com/i.match?p=b26&u=1674949956577944921&redirect=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D305%26code%3D%24TF_USER_ID_ENC%24 HTTP 302
https://ib.adnxs.com/setuid?entity=305&code=18072662248211432291

Request Chain 82

https://20820699p.rfihub.com/ca.html?rfiidc=1871597494647492248&rfiaid=d8df5d253fe14621914769b54e4bd6f9&ver=9&rb=39926&ca=20820699&_o=39926&_t=20820699&pe=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&pf=&ra=6918556468939387 HTTP 302
https://live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=b0bb64f75dddb29b8254e1710a2d9a4b&k=site&rfiidc=1871597494647492248&ver=9&rfiaid=d8df5d253fe14621914769b54e4bd6f9&pe=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&pf= HTTP 302
https://secure.adnxs.com/seg?add=19924615&t=2

Request Chain 83

https://www.facebook.com/tr/?id=134294853780865&ev=Microdata&dl=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&rl=&if=false&ts=1584724214331&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Page%20Not%20Found%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.15&r=stable&ec=1&o=30&fbp=fb.1.1584724212827.1890204238&it=1584724212676&coo=false&es=automatic&tm=3&rqm=GET HTTP 302
https://cx.atdmt.com/?c=12294493171854460390&f=AYwS-DHYyoyV9foDhKZky0OAy_Bg8_7FDyXnkqNo7KJBLQp1kNN3ECquj_RHEyAfZJhoxS1gjtDpq7j_iBap4fMg&id=134294853780865&l=3&v=0

Request Chain 84

https://widget.intercom.io/widget/cd0hfw1w HTTP 302
https://js.intercomcdn.com/shim.latest.js

Request Chain 85

https://www.google-analytics.com/r/collect?v=1&_v=j81&aip=1&a=1795826915&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&ul=en-us&de=UTF-8&dt=Page%20Not%20Found&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=airpr&ea=visitor%20hit&_utma=147046443.1724231974.1584724213.1584724213.1584724213.1&_utmz=147046443.1584724213.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_u=aTBCCEABB~&jid=1934090177&gjid=474595695&cid=1724231974.1584724213&tid=UA-1898620-6&_gid=868629508.1584724213&_r=1&gtm=2wg3b2M2787TN&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=(Non-Company%20Visitor)&cd8=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=(Non-Company%20Visitor)&cd12=Bot&cd13=HE&cd14=Frankfurt%20am%20Main&cd15=Germany&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&cd19=(Non-Company%20Visitor)&cd20=(Non-Company%20Visitor)&cd3=1724231974.1584724213&z=818841908 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1898620-6&cid=1724231974.1584724213&jid=1934090177&_gid=868629508.1584724213&gjid=474595695&_v=j81&z=818841908 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1724231974.1584724213&jid=1934090177&_v=j81&z=818841908 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1724231974.1584724213&jid=1934090177&_v=j81&z=818841908&slf_rd=1&random=2899245202

Request Chain 86

https://dpx.airpr.com/px?hostname=www.mimecast.com&profile=706121&ga_account_id=UA-1898620-6&ga_account_type=UA&ga_c=1724231974.1584724213&an=true HTTP 302
https://secure.adnxs.com/getuid?https://dpx.airpr.com/anpx?adnxs_uid=$UID&airpr_id=2518362034 HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdpx.airpr.com%2Fanpx%3Fadnxs_uid%3D%24UID%26airpr_id%3D2518362034 HTTP 302
https://dpx.airpr.com/anpx?adnxs_uid=1193058205967645913&airpr_id=2518362034

109 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request / Show response
www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Redirect Chain

https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=
https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

28 KB
7 KB

227ms
227ms

Document
text/html

2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f92f57fd1f3c9c997ff8581974f27a4ca426435fee40efdd2f51cba30b685fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.mimecast.com
:scheme: https
:path: /blog/2020/03/beware-of-coronavirus-email-phishing=/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d76075afdbdf3f112a046948bd46d0bdb1584724211; ARRAffinity=2ef8ea8be600fa51776adcd6d6ea1afc7bf8f226e6099aeee26440d5c371a608
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

status: 404
date: Fri, 20 Mar 2020 17:10:11 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=3600
expires: Fri, 20 Mar 2020 18:10:11 GMT
last-modified: Fri, 20 Mar 2020 17:10:11 GMT
vary: *
set-cookie: ASP.NET_SessionId=n3xndakdyvhdjza4ejtmrxdl; path=/; HttpOnly; SameSite=Lax EPi_NumberOfVisits=1,2020-03-20T17:10:11; expires=Sat, 20-Mar-2021 17:10:11 GMT; path=/ Mimecast=region=Europe; expires=Sat, 20-Jun-2020 17:10:11 GMT; path=/ ASP.NET_SessionId=n3xndakdyvhdjza4ejtmrxdl; path=/; HttpOnly; SameSite=Lax EPi_NumberOfVisits=1,2020-03-20T17:10:11; expires=Sat, 20-Mar-2021 17:10:11 GMT; path=/ Mimecast=region=Europe&cookieflag=3/20/2020 5:10:11 PM; expires=Sat, 20-Jun-2020 17:10:11 GMT; path=/
strict-transport-security: max-age=31536000
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
access-control-expose-headers: Request-Context
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: same-origin
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 57710b935aea1776-FRA
content-encoding: gzip

Redirect headers

status: 301
date: Fri, 20 Mar 2020 17:10:11 GMT
content-type: text/html; charset=UTF-8
content-length: 199
set-cookie: __cfduid=d76075afdbdf3f112a046948bd46d0bdb1584724211; expires=Sun, 19-Apr-20 17:10:11 GMT; path=/; domain=.mimecast.com; HttpOnly; SameSite=Lax ARRAffinity=2ef8ea8be600fa51776adcd6d6ea1afc7bf8f226e6099aeee26440d5c371a608;Path=/;HttpOnly;Domain=www.mimecast.com
location: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: same-origin
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 57710b926fed1776-FRA

GET
H2 200 main-stylesv5
www.mimecast.com/bundles/ 360 KB
89 KB 216ms
215ms Stylesheet
text/css 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/bundles/main-stylesv5?v=jV6mB3ffmrubcsYwbB96rScWjvsa8WIe0RBaFPJ0m_s1

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6178b0fff9f270948a7158978a61f834818c38da436d22380b46b4d25fa8f5cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
status: 200
vary: User-Agent,Accept-Encoding
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
last-modified: Fri, 20 Mar 2020 17:10:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: public
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
cf-ray: 57710b94cfab1776-FRA
expires: Sat, 20 Mar 2021 17:10:12 GMT

GET
H2 200 v4-styles.css
www.mimecast.com/Static/v2016/css/ 349 KB
72 KB 30ms
29ms Stylesheet
text/css 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/Static/v2016/css/v4-styles.css

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e945ecadf56eff95723bfa961a14aa802ceace78de80d5898fa23e7c4137375

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Fri, 20 Mar 2020 17:10:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116591
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
last-modified: Wed, 18 Mar 2020 22:16:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "0c1f1e672fdd51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
content-type: text/css
access-control-expose-headers: Request-Context
cache-control: public, max-age=67132800
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
cf-ray: 57710b94cfaf1776-FRA
expires: Fri, 06 May 2022 17:10:11 GMT

GET
H2 200 v4SolutionDetails-template
www.mimecast.com/bundles/ 930 B
719 B 179ms
177ms Stylesheet
text/css 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/bundles/v4SolutionDetails-template?v=Tn-r-EICuKgYZD2l6_PWKTrCc-tW9tBXRIXO9Db5g6o1

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea72106e4e6a969c84133eced10a50bbac4b6e689324e98e98d571685d117e20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
status: 200
vary: User-Agent,Accept-Encoding
content-length: 560
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
last-modified: Fri, 20 Mar 2020 17:10:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: public
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
cf-ray: 57710b94dfb51776-FRA
expires: Sat, 20 Mar 2021 17:10:12 GMT

GET
H2 200 logo-light.png
www.mimecast.com/globalassets/global/2019/ 2 KB
2 KB 67ms
65ms Image
image/webp 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/globalassets/global/2019/logo-light.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa070d023bccfe3b4708eca50d4b3ca7d3fa700687ae6c91597a07a951af81b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 108465
cf-polished: origFmt=png, origSize=4278
status: 200
content-disposition: inline; filename="logo-light.webp"
strict-transport-security: max-age=31536000
content-length: 2098
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
expires: Fri, 19 Mar 2021 11:02:27 GMT
last-modified: Wed, 04 Mar 2020 16:12:31 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "1D5F23FB4F34180"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-expose-headers: Request-Context
cache-control: public, max-age=31427535
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
accept-ranges: bytes
cf-ray: 57710b94dfb71776-FRA
cf-bgj: imgq:85

GET
H2 200 logo-dark.png
www.mimecast.com/static/v2017/img/assets/ 4 KB
5 KB 29ms
28ms Image
image/webp 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/static/v2017/img/assets/logo-dark.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19bd76d607b43624b27b338da952fdffd359dee19c6e63a85b9dabffaed8e8ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116840
cf-polished: origFmt=png, origSize=10381
status: 200
content-disposition: inline; filename="logo-dark.webp"
strict-transport-security: max-age=31536000
content-length: 4566
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
expires: Fri, 06 May 2022 17:10:11 GMT
last-modified: Wed, 18 Mar 2020 22:16:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "0c1f1e672fdd51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-expose-headers: Request-Context
cache-control: public, max-age=67132800
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
accept-ranges: bytes
cf-ray: 57710b94dfba1776-FRA
cf-bgj: imgq:85

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 213 KB
44 KB 17ms
16ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3e81fc88ae661457fdb4c3aa88919828e0b611c61001020f5950c9b01cd4ca4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 44455
x-xss-protection: 0
last-modified: Fri, 20 Mar 2020 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 20 Mar 2020 17:10:12 GMT

GET
H2 200 soeshamburger_2.jpg
www.mimecast.com/globalassets/global/2018-19-images/state-of-email-security/ 17 KB
18 KB 36ms
35ms Image
image/webp 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/globalassets/global/2018-19-images/state-of-email-security/soeshamburger_2.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1f2e00832420e72c677199df7d91d4d3884af8790a5597a2e79cc6546d05818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-aspnet-version: 4.0.30319
age: 116841
cf-polished: qual=85, origFmt=jpeg, origSize=89332
status: 200
content-disposition: inline; filename="soeshamburger_2.webp"
vary: Accept
content-length: 17742
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
expires: Fri, 19 Mar 2021 08:42:51 GMT
last-modified: Wed, 04 Mar 2020 16:05:04 GMT
server: cloudflare
etag: "1D5F23EAA847800"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-expose-headers: Request-Context
cache-control: public, max-age=31419159
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
accept-ranges: bytes
cf-ray: 57710b969da41776-FRA
cf-bgj: imgq:85

GET
H2 200 main-scripts-v5 Show response
www.mimecast.com/bundles/ 792 KB
309 KB 178ms
177ms Script
text/javascript 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/bundles/main-scripts-v5?v=pkHR_qC4D1V55aGn5HqQBTcfNy0eRljKkFQ3UZwmyuU1

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5791e8648a8fe5044b86dea4f78ecbb75e3e83e73b3dd61e78a8d8a31d45ee14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
status: 200
vary: User-Agent,Accept-Encoding
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
last-modified: Fri, 20 Mar 2020 17:10:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
content-type: text/javascript; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: public
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
cf-ray: 57710b9508591776-FRA
expires: Sat, 20 Mar 2021 17:10:12 GMT

GET
H2 200 forms Show response
www.mimecast.com/bundles/ 22 KB
7 KB 162ms
162ms Script
text/javascript 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/bundles/forms?v=Peyoyntp8UQSDxYRZE-rdlQYT1s7d6QqESuSiDN1Hx41

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5e917184d2544e9cd3684e72efc4be1eaaed10c35313c231ca41021d27b43c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
status: 200
vary: User-Agent,Accept-Encoding
content-length: 7011
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
last-modified: Fri, 20 Mar 2020 17:10:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
content-type: text/javascript; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: public
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
cf-ray: 57710b95392b1776-FRA
expires: Sat, 20 Mar 2021 17:10:12 GMT

GET
H2 200 cookie-popup.js Show response
www.mimecast.com/static/v2016/js/common/ 305 B
339 B 26ms
26ms Script
application/x-javascript 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/static/v2016/js/common/cookie-popup.js

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a242ce0682eb03ac301e048e640db9265d638c6786dafbe423553a80e287aa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116840
status: 200
vary: Accept-Encoding
content-length: 267
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
last-modified: Wed, 18 Mar 2020 22:16:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "0c1f1e672fdd51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
content-type: application/x-javascript
access-control-expose-headers: Request-Context
cache-control: public, max-age=67132800
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
accept-ranges: bytes
cf-ray: 57710b969da91776-FRA
expires: Fri, 06 May 2022 17:10:12 GMT

GET
H2 200 scrollspy.js Show response
www.mimecast.com/Static/v2018/js/ 7 KB
2 KB 27ms
26ms Script
application/x-javascript 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/Static/v2018/js/scrollspy.js

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

010d6936d60e69587a2d2c3f5145331a5c3dc2087b8f50dbb98a3eef243a6a71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116815
status: 200
vary: Accept-Encoding
content-length: 1601
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
last-modified: Wed, 18 Mar 2020 22:16:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "0c1f1e672fdd51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
content-type: application/x-javascript
access-control-expose-headers: Request-Context
cache-control: public, max-age=67132800
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
accept-ranges: bytes
cf-ray: 57710b964c5d1776-FRA
expires: Fri, 06 May 2022 17:10:12 GMT

GET
H2 200 interior.js Show response
www.mimecast.com/Static/v2018/js/ 13 KB
4 KB 38ms
38ms Script
application/x-javascript 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/Static/v2018/js/interior.js

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6acaa8b349780333058e268d6887c83eda0da5c0f41b896d22f0ebd99b82a14a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116815
status: 200
vary: Accept-Encoding
content-length: 3520
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
last-modified: Wed, 18 Mar 2020 22:16:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "0c1f1e672fdd51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
content-type: application/x-javascript
access-control-expose-headers: Request-Context
cache-control: public, max-age=67132800
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
accept-ranges: bytes
cf-ray: 57710b967d0f1776-FRA
expires: Fri, 06 May 2022 17:10:12 GMT

GET
H2 200 css
fonts.googleapis.com/ 10 KB
908 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:816::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,900

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5c06b6329970d1560039f39c4935a041d96fcf0f877b47951d8ece559a1b4dc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 20 Mar 2020 17:10:12 GMT
server: ESF
date: Fri, 20 Mar 2020 17:10:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 20 Mar 2020 17:10:12 GMT

GET
H2 200 logo-light.png
www.mimecast.com/static/v2017/img/assets/ 2 KB
2 KB 45ms
44ms Image
image/webp 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/static/v2017/img/assets/logo-light.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa070d023bccfe3b4708eca50d4b3ca7d3fa700687ae6c91597a07a951af81b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/Static/v2016/css/v4-styles.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116592
cf-polished: origFmt=png, origSize=4278
status: 200
content-disposition: inline; filename="logo-light.webp"
strict-transport-security: max-age=31536000
content-length: 2098
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
expires: Fri, 06 May 2022 17:10:12 GMT
last-modified: Wed, 18 Mar 2020 22:16:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "0c1f1e672fdd51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-expose-headers: Request-Context
cache-control: public, max-age=67132800
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
accept-ranges: bytes
cf-ray: 57710b96ade11776-FRA
cf-bgj: imgq:85

GET
H2 200 logo-dark.png
www.mimecast.com/Static/public/img/assets/ 28 KB
28 KB 256ms
256ms Image
text/html 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/Static/public/img/assets/logo-dark.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/Static/v2016/css/v4-styles.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
status: 200
vary: *, Accept-Encoding
content-length: 10120
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
last-modified: Fri, 20 Mar 2020 17:10:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
content-type: text/html; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: public, max-age=14400
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
accept-ranges: bytes
cf-ray: 57710b96ade31776-FRA
expires: Fri, 20 Mar 2020 21:10:12 GMT

GET
H2 200 search-light.png
www.mimecast.com/static/v2017/img/icons/ 390 B
513 B 46ms
46ms Image
image/webp 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/static/v2017/img/icons/search-light.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6a2d690611cd854fa0a0a0d57c6cd687941dda78af3735fd7ec46eb1ef66245

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/Static/v2016/css/v4-styles.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116836
cf-polished: origFmt=png, origSize=1612
status: 200
content-disposition: inline; filename="search-light.webp"
strict-transport-security: max-age=31536000
content-length: 390
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
expires: Fri, 06 May 2022 17:10:12 GMT
last-modified: Wed, 18 Mar 2020 22:16:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "0c1f1e672fdd51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-expose-headers: Request-Context
cache-control: public, max-age=67132800
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
accept-ranges: bytes
cf-ray: 57710b96bde41776-FRA
cf-bgj: imgq:85

GET
H2 200 menu-light.png
www.mimecast.com/static/v2017/img/icons/ 62 B
330 B 29ms
28ms Image
image/webp 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/static/v2017/img/icons/menu-light.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

725fa18ed2c21f9a1cb9e05a197e4ba6fff85388a91e8f25b9c6e00059a7e910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/Static/v2016/css/v4-styles.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116836
cf-polished: origFmt=png, origSize=15173
status: 200
content-disposition: inline; filename="menu-light.webp"
strict-transport-security: max-age=31536000
content-length: 62
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
expires: Fri, 06 May 2022 17:10:12 GMT
last-modified: Wed, 18 Mar 2020 22:16:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "0c1f1e672fdd51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-expose-headers: Request-Context
cache-control: public, max-age=67132800
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
accept-ranges: bytes
cf-ray: 57710b96bde61776-FRA
cf-bgj: imgq:85

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,900
Origin: https://www.mimecast.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 24 Feb 2020 20:33:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:49 GMT
server: sffe
age: 2147774
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 9132
x-xss-protection: 0
expires: Tue, 23 Feb 2021 20:33:58 GMT

GET
H2 200 fontawesome-webfont.woff2
www.mimecast.com/static/v2016/fonts/fontawesome/fonts/ 70 KB
70 KB 31ms
31ms Font
font/woff2 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/static/v2016/fonts/fontawesome/fonts/fontawesome-webfont.woff2?v=4.3.0

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/bundles/main-stylesv5?v=jV6mB3ffmrubcsYwbB96rScWjvsa8WIe0RBaFPJ0m_s1
Origin: https://www.mimecast.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116601
status: 200
vary: Accept-Encoding
content-length: 71896
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
last-modified: Wed, 18 Mar 2020 22:16:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "0c1f1e672fdd51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-expose-headers: Request-Context
cache-control: public, max-age=67132800
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
accept-ranges: bytes
cf-ray: 57710b96be101776-FRA
expires: Fri, 06 May 2022 17:10:12 GMT

GET
H2 200 mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,900
Origin: https://www.mimecast.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 23:56:14 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:44 GMT
server: sffe
age: 839638
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 9180
x-xss-protection: 0
expires: Wed, 10 Mar 2021 23:56:14 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,900
Origin: https://www.mimecast.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 17:00:48 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:31:11 GMT
server: sffe
age: 864564
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 9080
x-xss-protection: 0
expires: Wed, 10 Mar 2021 17:00:48 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,900
Origin: https://www.mimecast.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 17:19:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:37 GMT
server: sffe
age: 863465
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 9016
x-xss-protection: 0
expires: Wed, 10 Mar 2021 17:19:07 GMT

GET
H2 200 ai.0.js Show response
az416426.vo.msecnd.net/scripts/a/ 94 KB
22 KB 93ms
21ms Script
application/x-javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.19.160 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8FA5) /
Resource Hash: 5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
content-md5: HdY95yzx9wIyQkVEGES+Ew==
age: 1110
x-cache: HIT
status: 200
content-length: 22495
x-ms-lease-status: unlocked
last-modified: Tue, 04 Feb 2020 19:23:51 GMT
server: ECAcc (frc/8FA5)
etag: 0x8D7A9A7C460F06C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 407e585f-201e-0023-61d7-fe8b2f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800
x-ms-version: 2009-09-19

GET
BLOB 200
OK c7dc4e8a-f9d3-458c-bbd2-393a89ce504a
https://www.mimecast.com/ 214 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.mimecast.com/c7dc4e8a-f9d3-458c-bbd2-393a89ce504a
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/bundles/main-scripts-v5?v=pkHR_qC4D1V55aGn5HqQBTcfNy0eRljKkFQ3UZwmyuU1
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95f1e65a47730772e77e1b8d0836aa3dd6077698da753e01cdb28c2f2940c16b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: worker

Response headers

Content-Length: 214

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 1897
date: Fri, 20 Mar 2020 16:38:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 18174
expires: Fri, 20 Mar 2020 18:38:35 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 24 KB
8 KB 29ms
28ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 0d0cbd713d59b1214b24864c2d86699c88d951162983b8e20011a8738be20589

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
last-modified: Thu, 19 Mar 2020 02:21:04 GMT
x-msedge-ref: Ref A: 3278689E65A24DF0943F8E79F98D60B4 Ref B: FRAEDGE0417 Ref C: 2020-03-20T17:10:12Z
access-control-allow-origin: *
etag: "0682da95fdd51:0"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7461

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 133ms
48ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
age: 32145
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-fra19174-FRA
last-modified: Tue, 23 Jan 2018 20:09:00 GMT
x-timer: S1584724213.721490,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 10ms
9ms Script
application/x-javascript 2a02:26f0:10c:382::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Fri, 20 Mar 2020 17:10:12 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=24771
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:815::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 2135
date: Fri, 20 Mar 2020 16:34:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 17168
expires: Fri, 20 Mar 2020 18:34:37 GMT

GET
H/1.1 200
OK di.js Show response
cdn.decibelinsight.net/i/13685/78943/ 153 KB
62 KB 55ms
14ms Script
text/javascript 52.29.155.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.decibelinsight.net/i/13685/78943/di.js

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.29.155.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-29-155-208.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e954fcbeb70a4849e69d65176453069dc68e92eb2ed1aea342fc2d75a958db35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Fri, 20 Mar 2020 17:10:12 GMT
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
ETag: W/131932950-170F8EC7BB1
Vary: Origin
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, X-HTTP-Method-Override
Expires: Fri, 20 Mar 2020 17:40:12 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 126 KB
30 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 30466
x-xss-protection: 0
pragma: public
x-fb-debug: f8dB7B45vlVpsJss1bnUBLZpxTC9v8zxPF3RCbiGUcSAE3ef+dQDYPFa8A7VjZ2Cs3j2RW5XbESIim7SEYKT1Q==
x-fb-trip-id: 2000377899
date: Fri, 20 Mar 2020 17:10:12 GMT, Fri, 20 Mar 2020 17:10:12 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 api.js Show response
play.vidyard.com/v0/ 19 KB
7 KB 29ms
8ms Script
application/javascript 151.101.113.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://play.vidyard.com/v0/api.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.181 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 06f1b17261a97034acecee47795430bbef494e1bb6cc485a0bb2e2706c306212

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
age: 872
x-cache: HIT
status: 200
content-length: 7177
x-served-by: cache-hhn4057-HHN
x-china: 0
last-modified: Thu, 25 Oct 2018 14:39:19 GMT
x-timer: S1584724213.639687,VS0,VE1
etag: "603e57b442d3669220080d39dde2e534"
vary: X-ThumbnailAB, X-China, accept-language, Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 airpr.js Show response
px.airpr.com/ 7 KB
2 KB 77ms
23ms Script
application/javascript 52.222.143.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.airpr.com/airpr.js
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.143.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-143-82.ams50.r.cloudfront.net
Software: nginx /
Resource Hash: 529b9c583e6cf8da02c9cadf8c38b5714198f0fde2dcde01da2d5ee681228738

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 13:06:50 GMT
content-encoding: gzip
last-modified: Sat, 21 Apr 2018 18:03:55 GMT
server: nginx
age: 14602
etag: "5adb7d0b-853"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=43200
x-amz-cf-pop: AMS50-C1
content-length: 2131
via: 1.1 425cbe8f956bdcb8754c19eb873fd2d1.cloudfront.net (CloudFront)
x-amz-cf-id: UJ1fisfAdsGE0AWe06pEYwMu7druPFOjT88rI7vfkaqNzjqGgT4P4g==
expires: Sat, 21 Mar 2020 01:14:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 28ms
9ms Script
application/x-javascript 88.221.60.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.60.75 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-60-75.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 6de8549645c339a95031df376cb1dc18490a258edb6a0892bb4c322b3bd5481f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Fri, 20 Mar 2020 17:10:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 20 Mar 2020 02:11:06 GMT
Server: Apache
ETag: "a97244e012764b34cb1bd3468d3e10b8:1584670266"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 759

GET
H/1.1 200
OK / Show response
mimecast.netmng.com/ 274 B
1 KB 130ms
33ms Script
text/javascript 31.186.247.145
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://mimecast.netmng.com/?aid=5419&siclientid=
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 31.186.247.145 , United Kingdom, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ba64e02116f0c61155b8428dea6893b909404aadd8af913d56db3cc227d60f3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:12 GMT
Last-Modified: Wed, 18 Mar 2020 17:10:12 GMT
Server: nginx
Transfer-Encoding: chunked
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Type: text/javascript; charset=UTF-8
Expires: Wed, 18 Mar 2020 17:10:12 GMT

GET
H2 200 97a0af68-e92b-49df-a3d0-5b3d365b1952.js Show response
cdn.cookielaw.org/consent/ 128 KB
18 KB 240ms
59ms Script
application/x-javascript 152.195.132.202
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/consent/97a0af68-e92b-49df-a3d0-5b3d365b1952.js?20180103x
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.132.202 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8FB3) /
Resource Hash: 6faa35c6183ed9b42308fb20c82506b65e397225d4266dc3ab16a95a2b786d6c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 20 Mar 2020 17:10:13 GMT
content-encoding: gzip
content-md5: cAKGhhzcdM0nbUGAs9igmA==
age: 3618
x-cache: HIT
status: 200
content-length: 18384
x-ms-lease-status: unlocked
last-modified: Thu, 03 Jan 2019 21:10:32 GMT
server: ECAcc (frc/8FB3)
etag: 0x8D671BFE599DA78
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 5745d9fa-201e-0123-48d1-fef178000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Fri, 20 Mar 2020 21:10:13 GMT

GET
H2 200 e1dadd70-00a5-0136-e594-06659b33d47c Show response
tag.simpli.fi/sifitag/ 0
790 B 68ms
18ms Script
application/javascript 169.50.137.179
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.simpli.fi/sifitag/e1dadd70-00a5-0136-e594-06659b33d47c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.179 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b3.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache, no-cache
date: Fri, 20 Mar 2020 17:10:12 GMT
x-content-type-options: nosniff
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 0
x-request-id: 2nv14hjjil71grtqodkvd3c2
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pixel.js Show response
a.tribalfusion.com/pixel/tags/Mimecast/700773/ 8 KB
2 KB 196ms
178ms Script
application/x-javascript 23.37.58.95
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.tribalfusion.com/pixel/tags/Mimecast/700773/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.58.95 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-58-95.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a42b42d151f7fa35af4e8eed7328ef4dbbd1b3e7267e9af9cf56521d9db24e5f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
x-function: 151
x-reuse-index: 1270
etag: 2376908181203765933
vary: Accept-Encoding
p3p: CP="NOI DEVo TAIa OUR BUS"
status: 200
cache-control: max-age=3600, private
last-modified: Wed, 06 Feb 2019 07:01:18 GMT
content-type: application/x-javascript
content-length: 1942
expires: Fri, 20 Mar 2020 18:10:12 GMT

GET
H/1.1

200
OK

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dmimecast.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dmimecast.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dmimecast.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=mimecast.com&pId=1674949956577944921

4 B
484 B

3475ms
310ms

Image
image/jpeg

99.86.3.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=mimecast.com&pId=1674949956577944921
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.3.6 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-3-6.fra6.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 20 Mar 2020 17:10:16 GMT
Via: 1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA6-C1
x-amzn-RequestId: 5264c70c-9663-48bc-95ac-759f447cb799
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
X-Amzn-Trace-Id: Root=1-5e74f8f8-151c69407cb38c60001e67a8;Sampled=0
Connection: keep-alive
x-amz-apigw-id: JsvW3ELEIAMFvqw=
Content-Length: 4
X-Amz-Cf-Id: DBDvS2ZSw-9SUz5pmDwvcbeMPe5ov_tIhlXoHuM96otNGUTVuH5fGA==

Redirect headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:15 GMT
AN-X-Request-Uuid: 6fb461d1-d0cd-4dfc-9a80-32e4ff23d611
Content-Type: text/html; charset=utf-8
Server: nginx/1.13.4
Location: https://attr.ml-api.io/?domain=mimecast.com&pId=1674949956577944921
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 89.249.65.68; 89.249.65.68; 311.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.179:80
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK beacon
r.turn.com/r/ 43 B
490 B 265ms
67ms Image
image/gif 46.228.164.11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/beacon?b2=9oFm33dHwxtfedNK7ZyzVlnGSMHpF-wmeVevym3cAre6oN0K41UXhpEZ6Ms7F02rdWj15vQ2o_3--nPWNkLuGA&cid=
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.228.164.11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:12 GMT
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Server: Apache-Coyote/1.1
Content-Type: image/gif
Content-Length: 43
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1 200
OK beacon
r.turn.com/r/ 43 B
490 B 271ms
72ms Image
image/gif 46.228.164.11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/beacon?b2=5FqNnkI9iDrxZvjOLlJbX-WMDFjfvRyHZfAV7W15d3W6oN0K41UXhpEZ6Ms7F02rVS5MbWqpUowAU2pzjEzkDA&cid=
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.228.164.11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:12 GMT
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Server: Apache-Coyote/1.1
Content-Type: image/gif
Content-Length: 43
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 d6f8cbc5.min.js Show response
tag.demandbase.com/ 57 KB
15 KB 48ms
16ms Script
application/javascript 143.204.201.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/d6f8cbc5.min.js
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.47 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-47.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ca4e2da8885614e727d928ea64e95e67ca2fef152c525fbbd87d8ecf12044245

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: 9.gKG6EUpMtAHYl_nTBJkoh2kFyr8b4G
content-encoding: gzip
last-modified: Thu, 16 Jan 2020 17:50:13 GMT
server: AmazonS3
age: 664
date: Fri, 20 Mar 2020 16:59:09 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
status: 200
cache-control: public, max-age=3600
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: KcfOvsAEDR9ZZ_EMS1E9bLWfq-46yGBeakvj9sO-rSss5B7IQ81rRA==
via: 1.1 c5c25772c7f14e267596e0f8ce51d9bc.cloudfront.net (CloudFront)

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8016&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&time=1584724212636
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D8016%26url%3Dhttps%253A%252F%252Fwww.mimecast.com%252Fblog%252F2020%252F03%252Fbe...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8016&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&time=1584724212636&liSync=true

0
69 B

165ms
165ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8016&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&time=1584724212636&liSync=true
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 20 Mar 2020 17:10:13 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: j6zViEYS/hVQTEz+9SoAAA==

Redirect headers

date: Fri, 20 Mar 2020 17:10:12 GMT
x-content-type-options: nosniff
linkedin-action: 1
status: 302
strict-transport-security: max-age=2592000
content-length: 0
x-li-uuid: SjvyfkYS/hWAATgOMisAAA==
server: Play
pragma: no-cache
x-li-pop: prod-tln1
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8016&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&time=1584724212636&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
101 B 20ms
20ms Image
image/gif 2a00:1450:4001:815::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1397211624&utmhn=www.mimecast.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Page%20Not%20Found&utmhid=1795826915&utmr=-&utmp=%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&utmht=1584724212645&utmac=UA-1898620-9&utmgtm=2wg3b2M2787TN&utmcc=__utma%3D147046443.1724231974.1584724213.1584724213.1584724213.1%3B%2B__utmz%3D147046443.1584724213.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=1277106054&utmredir=1&utmu=qmAgAABAAAGBAAAAAgAAAAAE~

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Fri, 20 Mar 2020 17:10:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j81&aip=1&a=1795826915&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&ul=en-us&d...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1898620-6&cid=1724231974.1584724213&jid=991026855&_gid=868629508.1584724213&gjid=1724111307&_v=j81&z=1057417489
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1724231974.1584724213&jid=991026855&_v=j81&z=1057417489
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1724231974.1584724213&jid=991026855&_v=j81&z=1057417489&slf_rd=1&random=1015966697

42 B
109 B

26ms
25ms

Image
image/gif

2001:4860:4802:34::75
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1724231974.1584724213&jid=991026855&_v=j81&z=1057417489&slf_rd=1&random=1015966697

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::75 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Mar 2020 17:10:12 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 20 Mar 2020 17:10:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1724231974.1584724213&jid=991026855&_v=j81&z=1057417489&slf_rd=1&random=1015966697
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 134294853780865 Show response
connect.facebook.net/signals/config/ 447 KB
112 KB 67ms
67ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/134294853780865?v=2.9.15&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a00c5fd28963f0a0f312d9227195d666ce32b5b55d9e1e971e4a1ae84582c44f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: fJUqqzups/mUPJ2ARfxB2SI9C9IFvc4/1WBGjnw4mrm+MYRcxVGdJIL3GfCjUw79XC/Mw0z/ReCIyaR2umRmZA==
x-fb-trip-id: 2000377899
date: Fri, 20 Mar 2020 17:10:12 GMT, Fri, 20 Mar 2020 17:10:12 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
135 B 30ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5435866&Ver=2&mid=2904facf-0105-9c97-59cf-c070716cffef&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Page%20Not%20Found&p=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&r=&lt=985&evt=pageLoad&msclkid=N&rn=400593
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 204
pragma: no-cache
date: Fri, 20 Mar 2020 17:10:12 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: DE31C1C5FD5449649A24F4B9752FBFE4 Ref B: FRAEDGE0417 Ref C: 2020-03-20T17:10:12Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/158/ 11 KB
5 KB 9ms
9ms Script
application/x-javascript 88.221.60.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/158/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.60.75 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-60-75.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5f967fd41346c0fc1b9b44fa69c52bf1e754420c59c8017cefb0a14a764cafa4

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Fri, 20 Mar 2020 17:10:12 GMT
Content-Encoding: gzip
Last-Modified: Tue, 28 Jan 2020 03:01:21 GMT
Server: Apache
ETag: "67df7eb9e9e68638308f14367dddec10:1580180481"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4686
Expires: Sun, 28 Jun 2020 17:10:12 GMT

GET
H2 200 progress-events.js Show response
play.vidyard.com/v1/ 14 KB
5 KB 377ms
377ms Script
application/javascript 151.101.113.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://play.vidyard.com/v1/progress-events.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.181 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6d41161f7d77d059a8d35b55c36d765021a1300521eeffd57097df8df3322a90

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:13 GMT
content-encoding: gzip
age: 0
x-cache: HIT
status: 200
content-length: 5481
x-served-by: cache-hhn4057-HHN
x-china: 0
last-modified: Thu, 25 Oct 2018 14:39:19 GMT
x-timer: S1584724213.688922,VS0,VE364
etag: "5823d0929a8e2e520236508c08ba757c"
vary: X-ThumbnailAB, X-China, accept-language, Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 432 B
940 B 134ms
91ms XHR
application/json 143.204.201.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&page_title=Page%20Not%20Found&key=2e268f6c154669b42bbb61fb54bdf78f&src=tag
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.74 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-74.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: 517fb0b39e011cb79fb2fb230778cc6d54c548c243364f5a6aa6e69772b1021e

Request headers

Origin: https://www.mimecast.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
status: 200
request-id: 5db30a25-690b-49c0-8492-051c14545703
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://www.mimecast.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 b073c20359d711b751afd124dda34076.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: KOpDOL5XFivbvqImYGhE5TBCZa6ccvelloXrO8M7l4kn9P0fhI590Q==
expires: Thu, 19 Mar 2020 17:10:12 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AARgc0686fIAABTY8FYMKw
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AARgc0686fIAABTY8FYMKw&verifyHash=e3444d44bfbf6bd8fdd7759cde76446d817240d

26 B
409 B

114ms
112ms

Image
image/gif

143.204.201.67
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AARgc0686fIAABTY8FYMKw&verifyHash=e3444d44bfbf6bd8fdd7759cde76446d817240d
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.67 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-67.fra53.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 20 Mar 2020 17:10:13 GMT
Via: 1.1 b073c20359d711b751afd124dda34076.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 384c2c8376a196bd
X-Amz-Cf-Id: bGfD2zc0TMWbc42_Q1GDTm0lI60RhHyjDBGc1tVTndVkVbpRFha4NA==

Redirect headers

Date: Fri, 20 Mar 2020 17:10:13 GMT
Via: 1.1 b073c20359d711b751afd124dda34076.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AARgc0686fIAABTY8FYMKw&verifyHash=e3444d44bfbf6bd8fdd7759cde76446d817240d
Connection: keep-alive
trace-id: 6af14c4b73f9fa0f
Content-Length: 0
X-Amz-Cf-Id: gD6JNXEZfijR_CMIcplS_FlBP7PAi1odSttYlAf59zNl7LJAUCjA4g==

GET
H2 200 adsct
t.co/i/ 43 B
449 B 175ms
139ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nxcdp&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=0
content-length: 65
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Fri, 20 Mar 2020 17:10:12 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: e9ac92a347fa5f87e922ab4b09147096
x-transaction: 00a71f52003f6366
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 200
OK / Show response
mimecast.netmng.com/ 5 KB
6 KB 135ms
135ms Script
text/javascript 31.186.247.145
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://mimecast.netmng.com/?aid=5419&siclientid=&cch
Requested by: Host: mimecast.netmng.com
URL: https://mimecast.netmng.com/?aid=5419&siclientid=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 31.186.247.145 , United Kingdom, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3634f4de462021d9967c467c137a3b4cee75df384aadef369ded44780809eb7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:12 GMT
Last-Modified: Wed, 18 Mar 2020 17:10:12 GMT
Server: nginx
Transfer-Encoding: chunked
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Type: text/javascript; charset=UTF-8
Expires: Wed, 18 Mar 2020 17:10:12 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
249 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=134294853780865&ev=PageView&dl=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&rl=&if=false&ts=1584724212828&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=30&fbp=fb.1.1584724212827.1890204238&it=1584724212676&coo=false&rqm=GET

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT, Fri, 20 Mar 2020 17:10:12 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 20 Mar 2020 17:10:12 GMT

GET
H2 200 optanon.css
cdn.cookielaw.org/skins/4.1.0/default_flat_bottom_two_button_black/v2/css/ 23 KB
6 KB 59ms
58ms Stylesheet
text/css 152.195.132.202
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/skins/4.1.0/default_flat_bottom_two_button_black/v2/css/optanon.css
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/97a0af68-e92b-49df-a3d0-5b3d365b1952.js?20180103x
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.132.202 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F8B) /
Resource Hash: 0bd0bc4edd5e4b256b9c40ce082680ad16a78ac5faf4d3337d39cf9605518bfe

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 20 Mar 2020 17:10:12 GMT
content-encoding: gzip
content-md5: NykJrqLeRNKuKFC+EuOOxA==
age: 8716
x-cache: HIT
status: 200
content-length: 5556
x-ms-lease-status: unlocked
last-modified: Thu, 19 Sep 2019 20:24:52 GMT
server: ECAcc (frc/8F8B)
etag: 0x8D73D3F6DA3052A
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: f33c3a46-301e-0038-44c6-fe99bf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Fri, 20 Mar 2020 21:10:12 GMT

GET
H/1.1 200
OK jquery-3.3.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 27ms
9ms Script
application/javascript 2001:4de0:ac19::1:b:3a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.min.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/97a0af68-e92b-49df-a3d0-5b3d365b1952.js?20180103x
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Origin: https://www.mimecast.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Fri, 20 Mar 2020 17:10:12 GMT
Content-Encoding: gzip
Last-Modified: Sat, 20 Jan 2018 17:26:44 GMT
Server: nginx
ETag: W/"5a637bd4-1538f"
Vary: Accept-Encoding
X-HW: 1584724212.dop123.fr8.shc,1584724212.dop123.fr8.t,1584724212.cds057.fr8.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 30288

GET
H2 200 displayAd.js Show response
s.tribalfusion.com/ 679 B
780 B 165ms
161ms Script
application/x-javascript 23.37.58.95
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/displayAd.js?dver=0.8&th=8720513786
Requested by: Host: a.tribalfusion.com
URL: https://a.tribalfusion.com/pixel/tags/Mimecast/700773/pixel.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.58.95 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-58-95.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: dda0d3a45e7c8e1d713720ad5e1f2de7a0439b5a12affcad6ab91a6b9952d156

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:13 GMT
content-encoding: gzip
x-function: 153
x-reuse-index: 490
vary: Accept-Encoding
p3p: CP="NOI DEVo TAIa OUR BUS"
status: 200
cache-control: private
last-modified: Tue, 04 Apr 2017 05:09:56 GMT
content-type: application/x-javascript
content-length: 329
expires: Thu, 18 Jun 2020 17:10:12 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
110 B 6ms
6ms Image
image/gif 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j81&aip=1&a=1795826915&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&ul=en-us&de=UTF-8&dt=Page%20Not%20Found&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_utma=147046443.1724231974.1584724213.1584724213.1584724213.1&_utmz=147046443.1584724213.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1584724212882&_u=aTBCCEABB~&jid=&gjid=&cid=1724231974.1584724213&tid=UA-1898620-6&_gid=868629508.1584724213&gtm=2wg3b2M2787TN&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=(Non-Company%20Visitor)&cd8=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=(Non-Company%20Visitor)&cd12=Bot&cd13=HE&cd14=Frankfurt%20am%20Main&cd15=Germany&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&cd19=(Non-Company%20Visitor)&cd20=(Non-Company%20Visitor)&z=1006467959

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Mon, 02 Mar 2020 07:39:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1589444
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 EU Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/ 32 B
221 B 27ms
26ms Script
text/javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/EU?callback=jQuery33106239344439686043_1584724212919&_=1584724212920

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 57710b9acb59d6b1-FRA
content-length: 32

GET
H2

200

activityi;dc_pre=CMzent7FqegCFeTluwgdS3sCRg;src=8790468;type=invmedia;cat=g19urpku;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5003285403288.859
8790468.fls.doubleclick.net/ Frame 627B
Redirect Chain

https://8790468.fls.doubleclick.net/activityi;src=8790468;type=invmedia;cat=g19urpku;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5003285403288.859?
https://8790468.fls.doubleclick.net/activityi;dc_pre=CMzent7FqegCFeTluwgdS3sCRg;src=8790468;type=invmedia;cat=g19urpku;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=500328540328...

0
0

29ms
28ms

Document
text/html

216.58.207.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8790468.fls.doubleclick.net/activityi;dc_pre=CMzent7FqegCFeTluwgdS3sCRg;src=8790468;type=invmedia;cat=g19urpku;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5003285403288.859?

Requested by

Host: mimecast.netmng.com
URL: https://mimecast.netmng.com/?aid=5419&siclientid=&cch

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.207.38 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s24-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8790468.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CMzent7FqegCFeTluwgdS3sCRg;src=8790468;type=invmedia;cat=g19urpku;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5003285403288.859?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Fri, 20 Mar 2020 17:10:12 GMT
expires: Fri, 20 Mar 2020 17:10:12 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 326
x-xss-protection: 0
set-cookie: IDE=AHWqTUkQXL8R38EuCCJ4uhJl5ZkjrdgeyZWXOuWK3gDHG9EMLIC_qC2dic_5N0Ly; expires=Wed, 14-Apr-2021 17:10:12 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Fri, 20 Mar 2020 17:10:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8790468.fls.doubleclick.net/activityi;dc_pre=CMzent7FqegCFeTluwgdS3sCRg;src=8790468;type=invmedia;cat=g19urpku;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5003285403288.859?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 20-Mar-2020 17:25:12 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H/1.1 200
OK tc.min.js Show response
c1.rfihub.net/js/ 20 KB
7 KB 68ms
20ms Script
application/x-javascript 2.17.6.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: mimecast.netmng.com
URL: https://mimecast.netmng.com/?aid=5419&siclientid=&cch
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.17.6.215 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-17-6-215.deploy.static.akamaitechnologies.com
Software: Jetty(9.0.6.v20130930) /
Resource Hash: cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Fri, 20 Mar 2020 17:10:12 GMT
Content-Encoding: gzip
Last-Modified: Sat, 14 Mar 2020 14:54:06 GMT
Server: Jetty(9.0.6.v20130930)
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 6375
Expires: Fri, 20 Mar 2020 18:10:12 GMT

GET
H/1.1 200
OK cm
p.rfihub.com/ 42 B
868 B 256ms
63ms Image
image/gif 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?pub=40519&in=1&userid=dhjbuabut6nzi
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , Netherlands, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.0.6.v20130930) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Cache-Control: no-cache
Server: Jetty(9.0.6.v20130930)
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 42
Content-Type: image/gif

GET
H2

200

/
www.google.de/pagead/1p-conversion/1057254703/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=netmng&google_cm&google_sc&google_hm=ZGhqYnVhYnV0Nm56aQ==&vid=dhjbuabut6nzi
https://cm.g.doubleclick.net/pixel?google_nid=netmng&google_cm=&google_sc=&google_hm=ZGhqYnVhYnV0Nm56aQ==&vid=dhjbuabut6nzi&google_tc=
https://gcm.netmng.com/?id=&vid=dhjbuabut6nzi&google_gid=CAESEDwoy5cgKgWTgwriPJ0OQXA&google_cver=1
https://www.googleadservices.com/pagead/conversion/1057254703/?label=Uq59CP-34QEQr9qR-AM&guid=ON&script=0
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1057254703/?label=Uq59CP-34QEQr9qR-AM&guid=ON&script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=9vh0XuWtCYjC7g...
https://www.google.com/pagead/1p-conversion/1057254703/?label=Uq59CP-34QEQr9qR-AM&guid=ON&script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=2091409328&sscte=1&crd=&gtd=&is_vtc...
https://www.google.de/pagead/1p-conversion/1057254703/?label=Uq59CP-34QEQr9qR-AM&guid=ON&script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=2091409328&sscte=1&crd=&gtd=&is_vtc=...

42 B
110 B

27ms
27ms

Image
image/gif

2001:4860:4802:34::75
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1057254703/?label=Uq59CP-34QEQr9qR-AM&guid=ON&script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=2091409328&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=9vh0XuWtCYjC7gP-2pzYCg&random=2692525465&ipr=y

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::75 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Mar 2020 17:10:14 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 20 Mar 2020 17:10:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-conversion/1057254703/?label=Uq59CP-34QEQr9qR-AM&guid=ON&script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=2091409328&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=9vh0XuWtCYjC7gP-2pzYCg&random=2692525465&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

https://dpm.demdex.net/ibs:dpid=640&dpuuid=dhjbuabut6nzi
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=640&dpuuid=dhjbuabut6nzi

42 B
915 B

31ms
31ms

Image
image/gif

34.249.192.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=640&dpuuid=dhjbuabut6nzi

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.249.192.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-249-192-36.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v064-0743774d2.edge-irl1.demdex.com 5.66.0.20200310121811 1ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: HmKXXQ/TS4s=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Osaxhy1pT9M=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=640&dpuuid=dhjbuabut6nzi
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK Pug
image2.pubmatic.com/AdServer/ 42 B
585 B 18ms
17ms Image
image/gif 185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxMTQmdGw9NDMyMDA=&piggybackCookie=dhjbuabut6nzi
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:12 GMT
X-lat: Pug22028:0:410
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Cache-Control: no-store, no-cache, private
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
X-Cnection: close
Content-Type: image/gif; charset=utf-8
Content-Length: 42

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://ib.adnxs.com/setuid?entity=72&code=dhjbuabut6nzi
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D72%26code%3Ddhjbuabut6nzi

43 B
1 KB

21ms
21ms

Image
image/gif

185.33.223.218
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D72%26code%3Ddhjbuabut6nzi

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.218 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

313.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:15 GMT
AN-X-Request-Uuid: e2d2def7-32fb-4166-98f6-b1ea92473810
Content-Type: image/gif
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 89.249.65.68; 89.249.65.68; 313.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.14:80
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:15 GMT
AN-X-Request-Uuid: 1640d0ca-6a88-461f-b80c-6f4cce4616e8
Content-Type: text/html; charset=utf-8
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D72%26code%3Ddhjbuabut6nzi
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 89.249.65.68; 89.249.65.68; 313.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.45:80
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/mapuid?member=6928&user=dhjbuabut6nzi
https://secure.adnxs.com/bounce?%2Fmapuid%3Fmember%3D6928%26user%3Ddhjbuabut6nzi

43 B
843 B

65ms
46ms

Image
image/gif

185.33.223.208
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fmapuid%3Fmember%3D6928%26user%3Ddhjbuabut6nzi

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.208 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

311.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:15 GMT
AN-X-Request-Uuid: b7334662-5e01-4d1c-8f92-bf2c1fe9da29
Content-Type: image/gif
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 89.249.65.68; 89.249.65.68; 311.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.49:80
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:15 GMT
AN-X-Request-Uuid: 6fd59074-b187-4d93-a390-625c7fbead73
Content-Type: text/html; charset=utf-8
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fmapuid%3Fmember%3D6928%26user%3Ddhjbuabut6nzi
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 89.249.65.68; 89.249.65.68; 311.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.18:80
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/mapuid?member=9373&user=dhjbuabut6nzi
https://secure.adnxs.com/bounce?%2Fmapuid%3Fmember%3D9373%26user%3Ddhjbuabut6nzi

43 B
1 KB

92ms
56ms

Image
image/gif

185.33.223.208
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fmapuid%3Fmember%3D9373%26user%3Ddhjbuabut6nzi

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.208 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

311.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:15 GMT
AN-X-Request-Uuid: fb193090-79e9-4f61-801d-b4021dcba492
Content-Type: image/gif
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 89.249.65.68; 89.249.65.68; 311.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.42:80
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:15 GMT
AN-X-Request-Uuid: a2699095-ce12-47c2-bfab-e6b5672f375c
Content-Type: text/html; charset=utf-8
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fmapuid%3Fmember%3D9373%26user%3Ddhjbuabut6nzi
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 89.249.65.68; 89.249.65.68; 311.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.164:80
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=61&external_user_id=dhjbuabut6nzi&expiration=1587316212
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=61&external_user_id=dhjbuabut6nzi&expiration=1587316212&C=1

43 B
973 B

17ms
16ms

Image
image/gif

95.101.185.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=61&external_user_id=dhjbuabut6nzi&expiration=1587316212&C=1
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:13 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2020 17:10:13 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:13 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=61&external_user_id=dhjbuabut6nzi&expiration=1587316212&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 302
Expires: Fri, 20 Mar 2020 17:10:13 GMT

GET
H2

200

match
ad.360yield.com/ul_cb/
Redirect Chain

https://ad.360yield.com/match?publisher_dsp_id=35&external_user_id=dhjbuabut6nzi
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=35&external_user_id=dhjbuabut6nzi

43 B
295 B

8ms
8ms

Image
image/gif

18.195.103.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=35&external_user_id=dhjbuabut6nzi
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.103.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-103-23.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Fri, 20 Mar 2020 17:10:13 GMT
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 43
content-type: image/gif

Redirect headers

status: 302
date: Fri, 20 Mar 2020 17:10:13 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 0
location: https://ad.360yield.com:443/ul_cb/match?publisher_dsp_id=35&external_user_id=dhjbuabut6nzi
content-type: text/plain

GET
H2

204

/
loadm.exelator.com/load/
Redirect Chain

https://loadm.exelator.com/load/?p=204&g=330&buid=dhjbuabut6nzi&j=0
https://loadm.exelator.com/load/?p=204&g=330&buid=dhjbuabut6nzi&j=0&xl8blockcheck=1

0
69 B

1021ms
1021ms

Image
text/plain

147.75.102.200
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=330&buid=dhjbuabut6nzi&j=0&xl8blockcheck=1
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.102.200 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS
Software: nginx/1.14.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
date: Fri, 20 Mar 2020 17:10:14 GMT
server: nginx/1.14.0
etag: "5b3a8727-0"

Redirect headers

date: Fri, 20 Mar 2020 17:10:13 GMT
server: nginx/1.14.0
x-powered-by: Undertow/1
location: https://loadm.exelator.com/load/?p=204&g=330&buid=dhjbuabut6nzi&j=0&xl8blockcheck=1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
status: 302
cache-control: no-cache
access-control-allow-credentials: true
content-type: image/gif
content-length: 0

GET
H/1.1 200
OK 13209
tags.bluekai.com/site/ 62 B
717 B 202ms
185ms Image
image/gif 23.45.237.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/13209?id=dhjbuabut6nzi
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.237.36 , United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-237-36.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Fri, 20 Mar 2020 17:10:13 GMT
Connection: keep-alive
Content-Type: image/gif
Content-Length: 62
BK-Server: 3af5
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H/1.1 204
No Content merge
ce.lijit.com/ 0
367 B 1080ms
26ms Image
text/plain 72.251.249.14
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=15&3pid=dhjbuabut6nzi&cb=1584724212
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:14 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap1ams1
X-Application-Context: application:prod:9080
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2 204 sync
pixel.advertising.com/ups/55948/ 0
124 B 294ms
16ms Image
text/plain 52.58.138.174
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/55948/sync?uid=dhjbuabut6nzi&_origin=1

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.58.138.174 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-58-138-174.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 204
date: Fri, 20 Mar 2020 17:10:13 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=14&user_id=dhjbuabut6nzi&expires=30
https://x.bidswitch.net/ul_cb/sync?dsp_id=14&user_id=dhjbuabut6nzi&expires=30

43 B
378 B

10ms
10ms

Image
image/gif

54.93.38.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=14&user_id=dhjbuabut6nzi&expires=30
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.38.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-38-91.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Fri, 20 Mar 2020 17:10:14 GMT
cache-control: no-cache, no-store, must-revalidate
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 43
content-type: image/gif

Redirect headers

status: 302
date: Fri, 20 Mar 2020 17:10:14 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?dsp_id=14&user_id=dhjbuabut6nzi&expires=30
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://us-u.openx.net/w/1.0/sd?id=537072967&val=dhjbuabut6nzi
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072967&val=dhjbuabut6nzi

43 B
109 B

17ms
17ms

Image
image/gif

34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072967&val=dhjbuabut6nzi
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Mar 2020 17:10:13 GMT
via: 1.1 google
server: OXGW/16.179.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Fri, 20 Mar 2020 17:10:13 GMT
via: 1.1 google
server: OXGW/16.179.0
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072967&val=dhjbuabut6nzi
p3p: CP="CUR ADM OUR NOR STA NID"
status: 302
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

/
ps.eyeota.net/match/bounce/
Redirect Chain

https://ps.eyeota.net/match?bid=6bmpi0v&uid=dhjbuabut6nzi
https://ps.eyeota.net/match/bounce/?bid=6bmpi0v&uid=dhjbuabut6nzi

70 B
440 B

21ms
20ms

Image
image/gif

3.125.70.222
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match/bounce/?bid=6bmpi0v&uid=dhjbuabut6nzi
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.125.70.222 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-70-222.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 20 Mar 2020 17:10:13 GMT
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Content-Length: 70
Content-Type: image/gif

Redirect headers

Location: /match/bounce/?bid=6bmpi0v&uid=dhjbuabut6nzi
Date: Fri, 20 Mar 2020 17:10:13 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H2 204 usermatch.gif
beacon.krxd.net/ 0
319 B 357ms
31ms Image
text/plain 34.241.92.164
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=ignitionone&partner_uid=dhjbuabut6nzi
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.92.164 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-92-164.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 204
date: Fri, 20 Mar 2020 17:10:13 GMT
cache-control: private, no-cache, no-store
x-request-time: D=24 t=1584724213
x-served-by: beacon-n018-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

/
tradedesk2waycm.netmng.com/cm/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=su9xcof&ttd_tpi=1&ttd_puid=108521
https://match.adsrvr.org/track/cmb/generic?ttd_pid=su9xcof&ttd_tpi=1&ttd_puid=108521
https://tradedesk2waycm.netmng.com/cm/?buid=108521&id=52153624-8d14-4aec-b264-04bf9db3de99

42 B
190 B

701ms
111ms

Image
image/gif

104.193.83.156
IGNITIONONE-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tradedesk2waycm.netmng.com/cm/?buid=108521&id=52153624-8d14-4aec-b264-04bf9db3de99
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.193.83.156 , United States, ASN63124 (IGNITIONONE-ASN, US),
Reverse DNS
Software: nginx/1.11.10 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 20 Mar 2020 17:10:13 GMT
Server: nginx/1.11.10
Connection: keep-alive
Content-Length: 42
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 20 Mar 2020 17:10:13 GMT
x-aspnet-version: 4.0.30319
location: https://tradedesk2waycm.netmng.com/cm/?buid=108521&id=52153624-8d14-4aec-b264-04bf9db3de99
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status: 302
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 211

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3117&partner_device_id=dhjbuabut6nzi
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3117&partner_device_id=dhjbuabut6nzi

95 B
450 B

18ms
18ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3117&partner_device_id=dhjbuabut6nzi

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.227.248.159 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Jetty(8.1.13.v20130916) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 google
server: Jetty(8.1.13.v20130916)
date: Fri, 20 Mar 2020 17:10:13 GMT
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
status: 200
content-type: image/png
alt-svc: clear
content-length: 95

Redirect headers

strict-transport-security: max-age=31536000
via: 1.1 google
server: Jetty(8.1.13.v20130916)
date: Fri, 20 Mar 2020 17:10:13 GMT
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3117&partner_device_id=dhjbuabut6nzi
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
status: 302
alt-svc: clear
content-length: 0

GET
H/1.1 200
OK idr.js Show response
a.rfihub.com/ 83 B
682 B 256ms
62ms Script
application/javascript 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://a.rfihub.com/idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , Netherlands, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.0.6.v20130930) /
Resource Hash: 089e576634761f2afd6324b0d941f672f8325a9368c9a0e0ed33b88e2a824891

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Expires: Wed, 14 Apr 2021 17:10:13 GMT
Cache-Control: public, max-age=33696000
Server: Jetty(9.0.6.v20130930)
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 83
Content-Type: application/javascript

GET
H/1.1

200
OK

setuid
ib.adnxs.com/
Redirect Chain

https://s.tribalfusion.com/insights?%7B%22tagKey%22%3A%221016110424%22%2C%22th%22%3A8720513786%2C%22version%22%3A%221.0%22%2C%22tKey%22%3A%22aymneMnmMLmGrmpWMD2TrgQEiFQZbieZaL%22%2C%22url%22%3A%22h...
https://ib.adnxs.com/getuidu?https://a.tribalfusion.com/i.match?p=b26&u=$UID&redirect=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D305%26code%3D%24TF_USER_ID_ENC%24
https://a.tribalfusion.com/i.match?p=b26&u=1674949956577944921&redirect=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D305%26code%3D%24TF_USER_ID_ENC%24
https://ib.adnxs.com/setuid?entity=305&code=18072662248211432291

43 B
1 KB

23ms
23ms

Image
image/gif

185.33.223.218
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=305&code=18072662248211432291

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.218 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

313.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:15 GMT
AN-X-Request-Uuid: d023b1a7-34c7-4bc4-a4bc-42815c3fc43a
Content-Type: image/gif
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 89.249.65.68; 89.249.65.68; 313.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.155:80
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 20 Mar 2020 17:10:13 GMT
x-function: 209
x-reuse-index: 1570
location: https://ib.adnxs.com/setuid?entity=305&code=18072662248211432291
p3p: CP="NOI DEVo TAIa OUR BUS"
status: 302
cache-control: no-cache, private
content-type: text/html
content-length: 36
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

Cookie set seg
secure.adnxs.com/ Frame 21E5
Redirect Chain

https://20820699p.rfihub.com/ca.html?rfiidc=1871597494647492248&rfiaid=d8df5d253fe14621914769b54e4bd6f9&ver=9&rb=39926&ca=20820699&_o=39926&_t=20820699&pe=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F20...
https://live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=b0bb64f75dddb29b8254e1710a2d9a4b&k=site&rfiidc=1871597494647492248&ver=9&rfiaid=d8df5d253fe14621914769b54e4bd6f9&pe=https%3A%2F%2Fw...
https://secure.adnxs.com/seg?add=19924615&t=2

0
0

54ms
53ms

Document
image/gif

185.33.223.208
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/seg?add=19924615&t=2

Requested by

Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.208 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

311.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Host: secure.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=1674949956577944921; anj=dTM7k!M4/0DunaTF']wIg2In@sfgpz!]tbPl1M-3!n*zB*R5t<@e6]D?NGyoC@-q@uU*^-_YztV1@DYaShse?3xnZl5dr3J4/C-l4/PlF5HZUuOMM:=PlZ[C[-o>NE/qY-99:@R
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe

Response headers

Server: nginx/1.13.4
Date: Fri, 20 Mar 2020 17:10:16 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 0ee03400-0639-4bc7-b3d1-9eb6cc022436
Set-Cookie: anj=dTM7k!M40]DYRWSF']wIg2In@sfgpz!fsuh#/SAMnP'H200oO!T-+$2V`D(]D`>+a1Mi?woo4#D%x*PoS)(7Aa6ue['-]cXge'OW2?xzL=tT)o21L%J!_6-zQEVk`VQ_sFS%AjR; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 18-Jun-2020 17:10:16 GMT; Domain=.adnxs.com; Secure; HttpOnly uuid2=1674949956577944921; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 18-Jun-2020 17:10:16 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 89.249.65.68; 89.249.65.68; 311.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.235:80

Redirect headers

Content-Type: text/html; charset=utf-8
Date: Fri, 20 Mar 2020 17:10:14 GMT
Location: https://secure.adnxs.com/seg?add=19924615&t=2
Server: lighttpd/1.4.33
Set-Cookie: zync-uuid=e4f86113-84be-469b-8164-ab20bb58a9bc:1584724214.75; Domain=rezync.com; Expires=Mon, 18-Mar-2030 10:10:14 GMT; Path=/; SameSite=None; Secure sd-session-id=eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjp7IiBiIjoiWlRSbU9EWXhNVE10T0RSaVpTMDBOamxpTFRneE5qUXRZV0l5TUdKaU5UaGhPV0pqT2pFMU9EUTNNalF5TVRRdU56VT0ifX0.EVaKdg.u9Tj1BC_TzjIsdk_FsNcSuJf3Jc; Expires=Wed, 19-Mar-2025 17:10:14 GMT; HttpOnly; Path=/; SameSite=None; Secure
Content-Length: 305
Connection: keep-alive

GET
H2

200

/
cx.atdmt.com/
Redirect Chain

https://www.facebook.com/tr/?id=134294853780865&ev=Microdata&dl=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&rl=&if=false&ts=1584724214331&cd[DataL...
https://cx.atdmt.com/?c=12294493171854460390&f=AYwS-DHYyoyV9foDhKZky0OAy_Bg8_7FDyXnkqNo7KJBLQp1kNN3ECquj_RHEyAfZJhoxS1gjtDpq7j_iBap4fMg&id=134294853780865&l=3&v=0

42 B
433 B

52ms
39ms

Image
image/gif

2a03:2880:f01c:8004:face:b00c:0:8c
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cx.atdmt.com/?c=12294493171854460390&f=AYwS-DHYyoyV9foDhKZky0OAy_Bg8_7FDyXnkqNo7KJBLQp1kNN3ECquj_RHEyAfZJhoxS1gjtDpq7j_iBap4fMg&id=134294853780865&l=3&v=0
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f01c:8004:face:b00c:0:8c , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Fri, 20 Mar 2020 17:10:14 GMT, Fri, 20 Mar 2020 17:10:14 GMT, Fri, 20 Mar 2020 17:10:14 GMT
p3p: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
alt-svc: h3-27=":443"; ma=3600
content-length: 42
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 20 Mar 2020 17:10:14 GMT, Fri, 20 Mar 2020 17:10:14 GMT
server: proxygen-bolt
location: https://cx.atdmt.com/?c=12294493171854460390&f=AYwS-DHYyoyV9foDhKZky0OAy_Bg8_7FDyXnkqNo7KJBLQp1kNN3ECquj_RHEyAfZJhoxS1gjtDpq7j_iBap4fMg&id=134294853780865&l=3&v=0
content-type: text/plain
status: 302
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=3600
content-length: 0
expires: 0

GET
H2

200

shim.latest.js Show response
js.intercomcdn.com/
Redirect Chain

https://widget.intercom.io/widget/cd0hfw1w
https://js.intercomcdn.com/shim.latest.js

7 KB
3 KB

29ms
9ms

Script
application/javascript

99.86.3.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/shim.latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.3.118 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-3-118.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: decacd12fbc6bc3d1e50c233748d86beb3961b4610fba3be768c6f7fd3cbb55c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 20 Mar 2020 17:09:58 GMT
content-encoding: gzip
age: 20
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
content-length: 2829
last-modified: Tue, 10 Mar 2020 11:11:33 GMT
server: AmazonS3
etag: "1edc888126af1a4f7693f77a458b2ec6"
content-type: application/javascript; charset=UTF-8
via: 1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
cache-control: max-age=300, s-maxage=300, public
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: bBpgOBvfBYZWIeZtYTyoB-HVvO__-E8df08EpNJYxSz2Y5zOPly_Lw==

Redirect headers

date: Sat, 08 Feb 2020 10:21:07 GMT
via: 1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server: AmazonS3
age: 3566950
location: https://js.intercomcdn.com/shim.latest.js
x-cache: Hit from cloudfront
status: 302
x-amz-cf-pop: FRA6-C1
content-length: 0
x-amz-cf-id: 16B52IpV8ygvuLlbAEIuLQfd9R_rCfKF0OSGmEbwnuonrncSV0_6Sw==

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j81&aip=1&a=1795826915&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&ul=en-us...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1898620-6&cid=1724231974.1584724213&jid=1934090177&_gid=868629508.1584724213&gjid=474595695&_v=j81&z=818841908
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1724231974.1584724213&jid=1934090177&_v=j81&z=818841908
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1724231974.1584724213&jid=1934090177&_v=j81&z=818841908&slf_rd=1&random=2899245202

42 B
109 B

35ms
34ms

Image
image/gif

2001:4860:4802:34::75
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1724231974.1584724213&jid=1934090177&_v=j81&z=818841908&slf_rd=1&random=2899245202

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::75 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Mar 2020 17:10:16 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 20 Mar 2020 17:10:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1724231974.1584724213&jid=1934090177&_v=j81&z=818841908&slf_rd=1&random=2899245202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

anpx
dpx.airpr.com/
Redirect Chain

https://dpx.airpr.com/px?hostname=www.mimecast.com&profile=706121&ga_account_id=UA-1898620-6&ga_account_type=UA&ga_c=1724231974.1584724213&an=true
https://secure.adnxs.com/getuid?https://dpx.airpr.com/anpx?adnxs_uid=$UID&airpr_id=2518362034
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdpx.airpr.com%2Fanpx%3Fadnxs_uid%3D%24UID%26airpr_id%3D2518362034
https://dpx.airpr.com/anpx?adnxs_uid=1193058205967645913&airpr_id=2518362034

0
63 B

9ms
9ms

Image
text/plain

18.184.227.62
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpx.airpr.com/anpx?adnxs_uid=1193058205967645913&airpr_id=2518362034
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.227.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-227-62.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
date: Fri, 20 Mar 2020 17:10:16 GMT
cache-control: private
server: nginx

Redirect headers

Pragma: no-cache
Date: Fri, 20 Mar 2020 17:10:18 GMT
AN-X-Request-Uuid: ac19e080-dd6f-4321-a2e5-b242e8924f25
Content-Type: text/html; charset=utf-8
Server: nginx/1.13.4
Location: https://dpx.airpr.com/anpx?adnxs_uid=1193058205967645913&airpr_id=2518362034
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 89.249.65.68; 89.249.65.68; 311.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.101:80
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
388 B 144ms
143ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nxcdp&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 121
pragma: no-cache
last-modified: Fri, 20 Mar 2020 17:10:16 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 0d805d75900951df29843c7fa6203e48
x-transaction: 0076be20005a52fb
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 12ae01d498fd998263b555e99880c6838ef6acca33fcd2e1cb12367a99e928f4

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 close-white.png
www.mimecast.com/static/v2017/img/icons/ 258 B
620 B 30ms
30ms Image
image/webp 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/static/v2017/img/icons/close-white.png

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a45aa46c16c2ba6d3ed2988fe1c52385af2a3c72a5bdb19e3d9595150d1d075

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/Static/v2016/css/v4-styles.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:16 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116833
cf-polished: origFmt=png, origSize=1467
status: 200
content-disposition: inline; filename="close-white.webp"
strict-transport-security: max-age=31536000
content-length: 258
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
expires: Fri, 06 May 2022 17:10:16 GMT
last-modified: Wed, 18 Mar 2020 22:16:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "0c1f1e672fdd51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-expose-headers: Request-Context
cache-control: public, max-age=67132800
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
accept-ranges: bytes
cf-ray: 57710bb2cace1776-FRA
cf-bgj: imgq:85

GET
H2 200 search-white.png
www.mimecast.com/static/v2017/img/icons/ 390 B
495 B 43ms
43ms Image
image/webp 2606:4700::6810:a1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/static/v2017/img/icons/search-white.png

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:4700::6810:a1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6a2d690611cd854fa0a0a0d57c6cd687941dda78af3735fd7ec46eb1ef66245

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/Static/v2016/css/v4-styles.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:16 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116595
cf-polished: origFmt=png, origSize=1612
status: 200
content-disposition: inline; filename="search-white.webp"
strict-transport-security: max-age=31536000
content-length: 390
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:c040aa1b-aabf-46ed-8f89-8743f6404d87
referrer-policy: same-origin
expires: Fri, 06 May 2022 17:10:16 GMT
last-modified: Wed, 18 Mar 2020 22:16:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "0c1f1e672fdd51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-expose-headers: Request-Context
cache-control: public, max-age=67132800
feature-policy: geolocation 'self' https://www.mimecast.com; camera 'none'; microphone 'none'
accept-ranges: bytes
cf-ray: 57710bb2cad01776-FRA
cf-bgj: imgq:85

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 63ms
11ms Script
application/javascript 23.111.9.64
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://scout-cdn.salesloft.com/sl.js
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2020/03/beware-of-coronavirus-email-phishing=/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.64 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 91f45811a83ee1bd3005eb6df52ef0bf69c1ee66ce0a3b812bc1fbca392473ee

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:10:16 GMT
content-encoding: gzip
last-modified: Mon, 07 Jan 2019 19:21:23 GMT
server: NetDNA-cache/2.2
x-amz-request-id: BBC9230ED9254BEC
etag: W/"5ae62e3d1adb9aa509b61aed2f35d9d2"
x-cache: HIT
content-type: application/javascript
status: 200
x-amz-id-2: pIyftBaos2lnAU908oWowwIF+6UZiJhVokPfx/JE5RLKLOw0GUcRAbO6BilvZPzDHiWMJVlMc6c=

GET
H2 200 collect
www.google-analytics.com/ 35 B
110 B 6ms
5ms Image
image/gif 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j81&aip=1&a=1795826915&t=timing&_s=4&dl=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&ul=en-us&de=UTF-8&dt=Page%20Not%20Found&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=5181&pdt=25&dns=0&rrt=175&srt=226&tcp=0&dit=958&clt=958&_gst=1047&_gbt=1091&_cst=411&_cbt=1012&_utma=147046443.1724231974.1584724213.1584724213.1584724213.1&_utmz=147046443.1584724213.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_u=aTBCCEABB~&jid=&gjid=&cid=1724231974.1584724213&tid=UA-1898620-6&_gid=868629508.1584724213&gtm=2wg3b2M2787TN&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=(Non-Company%20Visitor)&cd8=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=(Non-Company%20Visitor)&cd12=Bot&cd13=HE&cd14=Frankfurt%20am%20Main&cd15=Germany&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&cd19=(Non-Company%20Visitor)&cd20=(Non-Company%20Visitor)&z=1252975246

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Mon, 02 Mar 2020 07:39:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1589448
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H/1.1 200
OK track Show response
dc.services.visualstudio.com/v2/ 0
311 B 112ms
23ms XHR
text/plain 51.140.6.23
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Access-Control-Request-Method: POST
Origin: https://www.mimecast.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type,sdk-context

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 20 Mar 2020 17:10:16 GMT
X-Content-Type-Options: nosniff
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
Content-Length: 0
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: POST

GET
H2 200 frame-modern.eabd1913.js Show response
js.intercomcdn.com/ Frame C9E8 196 KB
55 KB 19ms
18ms Script
application/javascript 99.86.3.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/frame-modern.eabd1913.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/shim.latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.3.118 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-3-118.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7eb8bcb02cbf69757bb851daca26e46b4ddef223430ede6d2d16a687111f57b2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:09:21 GMT
content-encoding: gzip
age: 60
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
content-length: 55622
last-modified: Tue, 10 Mar 2020 11:03:48 GMT
server: AmazonS3
etag: "478460c6d398105aea4ea07554173dbe"
content-type: application/javascript; charset=UTF-8
via: 1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, s-maxage=7200, public
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: 3FLqvFWn81sGf4FbmyVUG3ulwF_7Pa7HDFS5vnWDf3uovqj_VwkbrQ==

GET
H2 200 vendor-modern.b44097f3.js Show response
js.intercomcdn.com/ Frame C9E8 153 KB
46 KB 39ms
39ms Script
application/javascript 99.86.3.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/vendor-modern.b44097f3.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/shim.latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.3.118 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-3-118.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e4c74fc1c6e1746857c589a7dce4c123715c942eec464fb9ce4d894d3e601876

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:09:21 GMT
content-encoding: gzip
age: 60
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
content-length: 46566
last-modified: Tue, 10 Mar 2020 11:03:49 GMT
server: AmazonS3
etag: "badc3f3a05921b12bad394d1096f9168"
content-type: application/javascript; charset=UTF-8
via: 1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, s-maxage=7200, public
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: SII8AeTdX3T_NCwmzKpaVouoTHKGPrnC2DIWWVSJlT2UD4P7xI3XrQ==

GET
H2 200 collect
www.google-analytics.com/ 35 B
103 B 6ms
5ms Image
image/gif 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j81&aip=1&a=1795826915&t=event&ni=1&_s=5&dl=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&ul=en-us&de=UTF-8&dt=Page%20Not%20Found&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Decibel%20Insight&ea=Session&_utma=147046443.1724231974.1584724213.1584724213.1584724213.1&_utmz=147046443.1584724213.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_u=aTBCCEABB~&jid=&gjid=&cid=1724231974.1584724213&tid=UA-1898620-6&_gid=868629508.1584724213&gtm=2wg3b2M2787TN&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=(Non-Company%20Visitor)&cd8=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=(Non-Company%20Visitor)&cd12=Bot&cd13=HE&cd14=Frankfurt%20am%20Main&cd15=Germany&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&cd19=(Non-Company%20Visitor)&cd20=(Non-Company%20Visitor)&cd4=di-78943-57D77B98BDBDAE8E0252AA1344AE946985&z=2049560480

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Mon, 02 Mar 2020 07:39:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1589448
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK r Show response
scout.salesloft.com/ 41 B
435 B 404ms
100ms XHR
application/json 3.95.53.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDA2Nzh9.2NKabo6_Rtun4zVLh_7mjY9vQitxlKkLRQrpE2z-Zc8
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.95.53.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-95-53-28.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362

Request headers

Origin: https://www.mimecast.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

date: Fri, 20 Mar 2020 17:10:16 GMT
server: Cowboy
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mimecast.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: 2nv14hs5nlq08jr89sve8sf1

GET
H2 200 vendors~app-modern.cbcf51d6.js Show response
js.intercomcdn.com/ Frame C9E8 264 KB
82 KB 10ms
9ms Script
application/javascript 99.86.3.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/vendors~app-modern.cbcf51d6.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.eabd1913.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.3.118 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-3-118.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bddc8274f21faf42728bffe6a29e60f62340c2ef7109d0c597bb97b5a2ed6bb9

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:09:21 GMT
content-encoding: gzip
age: 62
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
content-length: 83198
last-modified: Tue, 10 Mar 2020 11:03:49 GMT
server: AmazonS3
etag: "3cb267cc1afb2cb8e5d00ec53cf1ea70"
content-type: application/javascript; charset=UTF-8
via: 1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, s-maxage=7200, public
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: ZS9tgKJSSiEZSqStB_cUnm8RrlezPgrBTPTEV4-EzKuyqYlrz7mcWw==

GET
H2 200 app-modern.a19adab9.js Show response
js.intercomcdn.com/ Frame C9E8 65 KB
19 KB 14ms
14ms Script
application/javascript 99.86.3.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/app-modern.a19adab9.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.eabd1913.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.3.118 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-3-118.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a6fe863c8daf58dae1a31048a1ccabae2f4171be732475a1b57f40284384e156

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 20 Mar 2020 17:09:21 GMT
content-encoding: gzip
age: 62
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
content-length: 19057
last-modified: Tue, 10 Mar 2020 11:03:48 GMT
server: AmazonS3
etag: "d94f62cee712bbc1ecde963e220e4bd8"
content-type: application/javascript; charset=UTF-8
via: 1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
cache-control: max-age=31536000, s-maxage=7200, public
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: Tj61e3r_3x6rSqQXevsLt9eXF_292WyvEzYCycaOBayhywT9TVfymQ==

POST
H2 200 ping Show response
api-iam.intercom.io/messenger/web/ Frame C9E8 6 KB
2 KB 1101ms
911ms XHR
application/json 99.83.219.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/ping

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.eabd1913.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.219.81 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ad8b87a22ce463223.awsglobalaccelerator.com

Software

nginx /

Resource Hash

74e127d0f353ac791fc30dc540cb71a72ae0c33b7634c012a7b110bfa369f9d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.mimecast.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 20 Mar 2020 17:10:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
strict-transport-security: max-age=31556952; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 0006d4sjv2glbbkd24jg
x-runtime: 0.804147
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"74e127d0f353ac791fc30dc540cb71a7"
x-ratelimit-remaining: 19983
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mimecast.com
x-intercom-version: 7635e85cf909065ba665516dfbf39d0cd7aa6c2e
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-ratelimit-reset: 1584724260
x-ratelimit-limit: 20000
access-control-allow-headers: Content-Type

POST
H/1.1 200
OK track Show response
dc.services.visualstudio.com/v2/ 96 B
519 B 159ms
159ms XHR
application/json 51.140.6.23
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

91f965a6ea5d3356628ad52d4a4e91f66f3c04a986142d9f4da9b0a00d4640a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.mimecast.com
Sec-Fetch-Dest: empty
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: application/json

Response headers

x-ms-session-id: A0D181C7-E7BC-406D-9EF6-99A4D57681F3
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 20 Mar 2020 17:10:16 GMT
Access-Control-Max-Age: 3600
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
Content-Length: 96

GET
H/1.1 200
OK i Show response
scout.salesloft.com/ 48 B
581 B 102ms
100ms XHR
application/json 3.95.53.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://scout.salesloft.com/i
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.95.53.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-95-53-28.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: b7a1e52c3a3899beea5e29741a58cdb69d200282b0caf2ccd878d80c60869358

Request headers

Origin: https://www.mimecast.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

date: Fri, 20 Mar 2020 17:10:17 GMT
server: Cowboy
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mimecast.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: 2nv14hschpmlcjr89sm1ti03

GET
H/1.1 200
OK us
scout.us2.salesloft.com/ 42 B
371 B 411ms
96ms Image
image/gif 52.72.18.87
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scout.us2.salesloft.com/us?type=landed&hitId=1972551884&rand=2012494087&monitorResolution=1600x1200&viewportResolution=1600x1200&pageTitle=Page%20Not%20Found&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&sessionCount=1&hasWS=true&time=522&userAgent=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&guid=a731d564-1169-418a-b15e-7cab91341bb6&tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDA2Nzh9.2NKabo6_Rtun4zVLh_7mjY9vQitxlKkLRQrpE2z-Zc8
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.18.87 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-18-87.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:17 GMT
server: Cowboy
content-type: image/gif; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 42
x-request-id: 2nv14ht58m4dppn7t8692d56

GET
H/1.1 200
OK us
scout.us2.salesloft.com/ 42 B
371 B 97ms
96ms Image
image/gif 52.72.18.87
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scout.us2.salesloft.com/us?type=tick&hitId=1972551884&rand=871612721&monitorResolution=1600x1200&viewportResolution=1600x1200&pageTitle=Page%20Not%20Found&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&sessionCount=2&hasWS=true&time=5522&userAgent=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&guid=a731d564-1169-418a-b15e-7cab91341bb6&tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDA2Nzh9.2NKabo6_Rtun4zVLh_7mjY9vQitxlKkLRQrpE2z-Zc8
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.18.87 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-18-87.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:22 GMT
server: Cowboy
content-type: image/gif; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 42
x-request-id: 2nv14i5sjjoc7pn7t8692j96

GET
H/1.1 200
OK us
scout.us2.salesloft.com/ 42 B
371 B 97ms
97ms Image
image/gif 52.72.18.87
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scout.us2.salesloft.com/us?type=tick&hitId=1972551884&rand=1076482246&monitorResolution=1600x1200&viewportResolution=1600x1200&pageTitle=Page%20Not%20Found&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&sessionCount=3&hasWS=true&time=10522&userAgent=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&guid=a731d564-1169-418a-b15e-7cab91341bb6&tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDA2Nzh9.2NKabo6_Rtun4zVLh_7mjY9vQitxlKkLRQrpE2z-Zc8
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.18.87 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-18-87.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:27 GMT
server: Cowboy
content-type: image/gif; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 42
x-request-id: 2nv14if6jnfrvpn7t8692po6

OPTIONS
H/1.1 200
OK track Show response
dc.services.visualstudio.com/v2/ 0
311 B 23ms
22ms XHR
text/plain 51.140.6.23
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Access-Control-Request-Method: POST
Origin: https://www.mimecast.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type,sdk-context

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 20 Mar 2020 17:10:31 GMT
X-Content-Type-Options: nosniff
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
Content-Length: 0
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: POST

POST
H/1.1 200
OK track Show response
dc.services.visualstudio.com/v2/ 96 B
519 B 309ms
309ms XHR
application/json 51.140.6.23
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

ad0abc994e754b6f8287c04ddc83ff5697c61383cd8d5c3784d7ac14bf88be3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.mimecast.com
Sec-Fetch-Dest: empty
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: application/json

Response headers

x-ms-session-id: 649C5476-5C6C-4A6E-82B5-6264BBC3C6A3
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 20 Mar 2020 17:10:32 GMT
Access-Control-Max-Age: 3600
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
Content-Length: 96

GET
H/1.1 200
OK us
scout.us2.salesloft.com/ 42 B
371 B 98ms
97ms Image
image/gif 52.72.18.87
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scout.us2.salesloft.com/us?type=tick&hitId=1972551884&rand=1224027699&monitorResolution=1600x1200&viewportResolution=1600x1200&pageTitle=Page%20Not%20Found&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2020%2F03%2Fbeware-of-coronavirus-email-phishing%3D%2F&sessionCount=4&hasWS=true&time=15522&userAgent=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&guid=a731d564-1169-418a-b15e-7cab91341bb6&tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDA2Nzh9.2NKabo6_Rtun4zVLh_7mjY9vQitxlKkLRQrpE2z-Zc8
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.18.87 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-18-87.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 20 Mar 2020 17:10:32 GMT
server: Cowboy
content-type: image/gif; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 42
x-request-id: 2nv14ioglqn6bpn7t884cpl3

Verdicts & Comments Add Verdict or Comment

217 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.mimecast.com/	1970-01-19 16:57:40	Name: OptanonConsent Value: groups=0_169734%3A1%2C0_169772%3A1%2C1%3A1%2C0_169691%3A1%2C0_169755%3A1%2C0_169713%3A1%2C2%3A1%2C0_169732%3A1%2C0_169718%3A1%2C0_169773%3A1%2C3%3A1%2C0_169697%3A1%2C0_169726%3A1%2C0_169730%3A1%2C4%3A1%2C0_169731%3A1%2C0_169754%3A1%2C0_169774%3A1%2C0_169733%3A1%2C0_169693%3A1%2C0_169722%3A1%2C0_169689%3A1%2C0_169685%3A1%2C0_169714%3A1%2C0_169680%3A1%2C0_169775%3A1%2C0_169709%3A1%2C0_169676%3A1%2C0_169705%3A1%2C0_169672%3A1%2C0_169701%3A1%2C0_169694%3A1%2C0_169723%3A1%2C0_169690%3A1%2C0_169719%3A1%2C0_169686%3A1%2C0_169715%3A1%2C0_169682%3A1%2C0_169681%3A1%2C0_169776%3A1%2C0_169710%3A1%2C0_169677%3A1%2C0_169706%3A1%2C0_169673%3A1%2C0_169735%3A1%2C0_169702%3A1%2C0_169698%3A1%2C0_169695%3A1%2C0_169724%3A1%2C0_169720%3A1%2C0_169687%3A1%2C0_169716%3A1%2C0_169683%3A1%2C0_169711%3A1%2C0_169678%3A1%2C0_169707%3A1%2C0_169674%3A1%2C0_169736%3A1%2C0_169703%3A1%2C0_169670%3A1%2C0_169699%3A1%2C0_169696%3A1%2C0_169725%3A1%2C0_169692%3A1%2C0_169721%3A1%2C0_169688%3A1%2C0_169717%3A1%2C0_169684%3A1%2C0_169712%3A1%2C0_169679%3A1%2C0_169708%3A1%2C0_169675%3A1%2C0_169704%3A1%2C0_169671%3A1%2C0_169700%3A1&datestamp=Fri+Mar+20+2020+18%3A10%3A16+GMT%2B0100+(Central+European+Standard+Time)&version=4.1.0
			.mimecast.com/	1970-01-19 08:12:04	Name: _gat_UA-1898620-6 Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js(Line 1) Message: AI: CannotSerializeObjectNonSerializable message:"Attempting to serialize an object which does not implement ISerializable" props:"{name:baseData}"
console-api	warning	URL: https://play.vidyard.com/v1/progress-events.js(Line 1) Message: No Vidyard Players found. (include this script below player embed codes)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20820699p.rfihub.com
8790468.fls.doubleclick.net
a.rfihub.com
a.tribalfusion.com
ad.360yield.com
analytics.twitter.com
api-iam.intercom.io
api.company-target.com
attr.ml-api.io
az416426.vo.msecnd.net
bat.bing.com
beacon.krxd.net
c1.rfihub.net
cdn.cookielaw.org
cdn.decibelinsight.net
ce.lijit.com
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
cx.atdmt.com
dc.services.visualstudio.com
dpm.demdex.net
dpx.airpr.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
gcm.netmng.com
geolocation.onetrust.com
googleads.g.doubleclick.net
ib.adnxs.com
image2.pubmatic.com
js.intercomcdn.com
live.rezync.com
loadm.exelator.com
match.adsrvr.org
match.prod.bidr.io
mimecast.netmng.com
munchkin.marketo.net
p.rfihub.com
pixel.advertising.com
pixel.tapad.com
play.vidyard.com
ps.eyeota.net
px.ads.linkedin.com
px.airpr.com
r.turn.com
s.ml-attr.com
s.tribalfusion.com
scout-cdn.salesloft.com
scout.salesloft.com
scout.us2.salesloft.com
secure.adnxs.com
segments.company-target.com
snap.licdn.com
ssl.google-analytics.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tag.demandbase.com
tag.simpli.fi
tags.bluekai.com
tradedesk2waycm.netmng.com
us-u.openx.net
widget.intercom.io
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.mimecast.com
x.bidswitch.net
104.193.83.156
104.244.42.133
104.244.42.67
143.204.201.47
143.204.201.67
143.204.201.74
147.75.102.200
151.101.113.181
151.101.12.157
152.195.132.202
152.199.19.160
169.50.137.179
172.217.18.98
18.184.227.62
18.195.103.23
185.33.223.208
185.33.223.218
185.64.189.110
193.0.160.129
2.17.6.215
2001:4860:4802:34::75
2001:4de0:ac19::1:b:3a
216.58.207.38
216.58.207.66
23.111.9.64
23.37.58.95
23.45.237.36
2606:4700:10::6814:b944
2606:4700::6810:a1a
2620:1ec:c11::200
2a00:1450:4001:800::2008
2a00:1450:4001:800::200e
2a00:1450:4001:814::2003
2a00:1450:4001:815::2008
2a00:1450:4001:816::200a
2a00:1450:4001:821::2002
2a00:1450:400c:c06::9b
2a02:26f0:10c:382::25ea
2a03:2880:f01c:8004:face:b00c:0:8c
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:11:101::b93f:9001
2a05:f500:11:101::b93f:9005
3.125.70.222
3.95.53.28
31.186.247.145
34.241.92.164
34.249.135.160
34.249.192.36
34.95.120.147
35.160.67.124
35.227.248.159
46.228.164.11
51.140.6.23
52.222.143.82
52.29.155.208
52.49.185.203
52.58.138.174
52.72.18.87
54.93.38.91
68.67.153.60
72.251.249.14
88.221.60.75
95.101.185.51
99.83.219.81
99.86.3.113
99.86.3.118
99.86.3.6
010d6936d60e69587a2d2c3f5145331a5c3dc2087b8f50dbb98a3eef243a6a71
06f1b17261a97034acecee47795430bbef494e1bb6cc485a0bb2e2706c306212
089e576634761f2afd6324b0d941f672f8325a9368c9a0e0ed33b88e2a824891
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0bd0bc4edd5e4b256b9c40ce082680ad16a78ac5faf4d3337d39cf9605518bfe
0d0cbd713d59b1214b24864c2d86699c88d951162983b8e20011a8738be20589
0e945ecadf56eff95723bfa961a14aa802ceace78de80d5898fa23e7c4137375
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
12ae01d498fd998263b555e99880c6838ef6acca33fcd2e1cb12367a99e928f4
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
19bd76d607b43624b27b338da952fdffd359dee19c6e63a85b9dabffaed8e8ba
1a242ce0682eb03ac301e048e640db9265d638c6786dafbe423553a80e287aa9
1a45aa46c16c2ba6d3ed2988fe1c52385af2a3c72a5bdb19e3d9595150d1d075
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3e81fc88ae661457fdb4c3aa88919828e0b611c61001020f5950c9b01cd4ca4f
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f92f57fd1f3c9c997ff8581974f27a4ca426435fee40efdd2f51cba30b685fa
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
517fb0b39e011cb79fb2fb230778cc6d54c548c243364f5a6aa6e69772b1021e
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
529b9c583e6cf8da02c9cadf8c38b5714198f0fde2dcde01da2d5ee681228738
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
5791e8648a8fe5044b86dea4f78ecbb75e3e83e73b3dd61e78a8d8a31d45ee14
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
5ba64e02116f0c61155b8428dea6893b909404aadd8af913d56db3cc227d60f3
5c06b6329970d1560039f39c4935a041d96fcf0f877b47951d8ece559a1b4dc6
5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00
5f967fd41346c0fc1b9b44fa69c52bf1e754420c59c8017cefb0a14a764cafa4
5fa070d023bccfe3b4708eca50d4b3ca7d3fa700687ae6c91597a07a951af81b
6178b0fff9f270948a7158978a61f834818c38da436d22380b46b4d25fa8f5cc
6acaa8b349780333058e268d6887c83eda0da5c0f41b896d22f0ebd99b82a14a
6d41161f7d77d059a8d35b55c36d765021a1300521eeffd57097df8df3322a90
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6de8549645c339a95031df376cb1dc18490a258edb6a0892bb4c322b3bd5481f
6faa35c6183ed9b42308fb20c82506b65e397225d4266dc3ab16a95a2b786d6c
725fa18ed2c21f9a1cb9e05a197e4ba6fff85388a91e8f25b9c6e00059a7e910
74e127d0f353ac791fc30dc540cb71a72ae0c33b7634c012a7b110bfa369f9d2
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
7eb8bcb02cbf69757bb851daca26e46b4ddef223430ede6d2d16a687111f57b2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
91f45811a83ee1bd3005eb6df52ef0bf69c1ee66ce0a3b812bc1fbca392473ee
91f965a6ea5d3356628ad52d4a4e91f66f3c04a986142d9f4da9b0a00d4640a2
95f1e65a47730772e77e1b8d0836aa3dd6077698da753e01cdb28c2f2940c16b
a00c5fd28963f0a0f312d9227195d666ce32b5b55d9e1e971e4a1ae84582c44f
a42b42d151f7fa35af4e8eed7328ef4dbbd1b3e7267e9af9cf56521d9db24e5f
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
a6fe863c8daf58dae1a31048a1ccabae2f4171be732475a1b57f40284384e156
aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad0abc994e754b6f8287c04ddc83ff5697c61383cd8d5c3784d7ac14bf88be3f
b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f2e00832420e72c677199df7d91d4d3884af8790a5597a2e79cc6546d05818
b7a1e52c3a3899beea5e29741a58cdb69d200282b0caf2ccd878d80c60869358
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
bddc8274f21faf42728bffe6a29e60f62340c2ef7109d0c597bb97b5a2ed6bb9
ca4e2da8885614e727d928ea64e95e67ca2fef152c525fbbd87d8ecf12044245
cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84
dda0d3a45e7c8e1d713720ad5e1f2de7a0439b5a12affcad6ab91a6b9952d156
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
decacd12fbc6bc3d1e50c233748d86beb3961b4610fba3be768c6f7fd3cbb55c
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3634f4de462021d9967c467c137a3b4cee75df384aadef369ded44780809eb7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4c74fc1c6e1746857c589a7dce4c123715c942eec464fb9ce4d894d3e601876
e5e917184d2544e9cd3684e72efc4be1eaaed10c35313c231ca41021d27b43c9
e954fcbeb70a4849e69d65176453069dc68e92eb2ed1aea342fc2d75a958db35
ea72106e4e6a969c84133eced10a50bbac4b6e689324e98e98d571685d117e20
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6a2d690611cd854fa0a0a0d57c6cd687941dda78af3735fd7ec46eb1ef66245

www.mimecast.com Open in urlscan Pro 2606:4700::6810:a1a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

109 Requests

99 %HTTPS

26 %IPv6

57 Domains

73 Subdomains

59 IPs

8 Countries

1311 kBTransfer

3979 kBSize

2 Cookies

10 Outgoing links

Page URL History

Redirected requests

109 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.mimecast.com Open in urlscan Pro
2606:4700::6810:a1a Public Scan

Screenshot
Live screenshot

Full Image

109
Requests

99 %
HTTPS

26 %
IPv6

57
Domains

73
Subdomains

59
IPs

8
Countries

1311 kB
Transfer

3979 kB
Size

2
Cookies

109 HTTP transactions
1 data transactions