www.mimecast.com Open in urlscan Pro
146.101.202.134 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Submission: On August 31 via manual (August 31st 2017, 9:29:45 pm UTC) from US

Summary HTTP 107 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 39 IPs in 6 countries across 31 domains to perform 107 HTTP transactions. The main IP is 146.101.202.134, located in London, United Kingdom and belongs to TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB. The main domain is www.mimecast.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on April 9th 2015. Valid for: 3 years.

This is the only time www.mimecast.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
42	146.101.202.134 146.101.202.134	1290 (TELSTRAEU...) (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd)
2	184.31.82.197 184.31.82.197	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	52.85.89.46 52.85.89.46	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:81d::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
2	35.157.42.240 35.157.42.240	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
2	204.79.197.200 204.79.197.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	104.244.43.176 104.244.43.176	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	2a02:26f0:10c... 2a02:26f0:10c:382::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:815::2008	15169 (GOOGLE) (GOOGLE - Google Inc.)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	92.123.93.60 92.123.93.60	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	151.101.113.181 151.101.113.181	54113 (FASTLY) (FASTLY - Fastly)
1	192.229.233.175 192.229.233.175	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1	46.228.164.11 46.228.164.11	56396 (TURN) (TURN)
2	37.252.172.40 37.252.172.40	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1	81.95.155.130 81.95.155.130	36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.)
1	52.85.90.71 52.85.90.71	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	74.217.253.60 74.217.253.60	10913 (INTERNAP-BLK) (INTERNAP-BLK - Internap Network Services Corporation)
2	92.123.92.132 92.123.92.132	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:401... 2a00:1450:401b:801::2003	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	185.31.128.208 185.31.128.208	54312 (ROCKETFUEL) (ROCKETFUEL - Rocket Fuel Inc.)
2	95.100.190.236 95.100.190.236	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
3	23.9.213.71 23.9.213.71	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	52.29.211.156 52.29.211.156	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a03:2880:f11... 2a03:2880:f11b:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
6	95.100.185.64 95.100.185.64	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	94.236.119.24 94.236.119.24	15395 (RACKSPACE...) (RACKSPACE-LON)
1	2a00:1450:400... 2a00:1450:4001:81d::2001	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	199.16.156.232 199.16.156.232	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	74.217.253.90 74.217.253.90	10913 (INTERNAP-BLK) (INTERNAP-BLK - Internap Network Services Corporation)
1	176.34.123.68 176.34.123.68	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	54.225.73.95 54.225.73.95	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
3	208.146.36.215 208.146.36.215	14744 (INTERNAP-...) (INTERNAP-BLOCK-4 - Internap Network Services Corporation)
1	176.34.228.191 176.34.228.191	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
107	39

42 146.101.202.134 (London, United Kingdom)

ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB)

www.mimecast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.31.82.197 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-82-197.deploy.static.akamaitechnologies.com

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2008 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.89.46 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-89-46.jfk6.r.cloudfront.net

d3c3cq33003psk.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.157.42.240 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-42-240.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81d::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 204.79.197.200 (Redmond, United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
PTR: a-0001.a-msedge.net

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.43.176 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:382::25ea (European Union)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:815::2008 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.123.93.60 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a92-123-93-60.deploy.akamaitechnologies.com

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.181 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

play.vidyard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.229.233.175 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

analytics.po.st	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.11 (United Kingdom)

ASN56396 (TURN, GB)

r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.40 (European Union)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 155.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.95.155.130 (Amsterdam, Netherlands)

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: 82.9b.5f51.ip4.static.sl-reverse.com

tags.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.90.71 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-90-71.jfk6.r.cloudfront.net

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.217.253.60 (United States)

ASN10913 (INTERNAP-BLK - Internap Network Services Corporation, US)

rs.gwallet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 92.123.92.132 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a92-123-92-132.deploy.akamaitechnologies.com

cdn.livechatinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:401b:801::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.31.128.208 (United States)

ASN54312 (ROCKETFUEL - Rocket Fuel Inc., US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.100.190.236 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-100-190-236.deploy.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.9.213.71 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-9-213-71.deploy.static.akamaitechnologies.com

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.29.211.156 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-211-156.eu-central-1.compute.amazonaws.com

cdn.decibelinsight.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11b:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 95.100.185.64 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-100-185-64.deploy.akamaitechnologies.com

secure.livechatinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.236.119.24 (United Kingdom)

ASN15395 (RACKSPACE-LON, GB)

336-tau-594.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2001 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

themes.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.16.156.232 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.217.253.90 (United States)

ASN10913 (INTERNAP-BLK - Internap Network Services Corporation, US)

po.st	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 176.34.123.68 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-176-34-123-68.eu-west-1.compute.amazonaws.com

dc.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.225.73.95 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-225-73-95.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 208.146.36.215 (Chesterfield, United States)

ASN14744 (INTERNAP-BLOCK-4 - Internap Network Services Corporation, US)

p.po.st	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 176.34.228.191 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-176-34-228-191.eu-west-1.compute.amazonaws.com

imp2.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	mimecast.com www.mimecast.com	5 MB
8	livechatinc.com cdn.livechatinc.com secure.livechatinc.com	71 KB
7	sharethis.com platform-api.sharethis.com buttons-config.sharethis.com l.sharethis.com ws.sharethis.com	76 KB
5	po.st analytics.po.st po.st p.po.st	9 KB
5	gstatic.com fonts.gstatic.com	91 KB
3	google-analytics.com www.google-analytics.com ssl.google-analytics.com	29 KB
2	linkedin.com dc.ads.linkedin.com imp2.ads.linkedin.com	262 B
2	facebook.com www.facebook.com	106 B
2	marketo.net munchkin.marketo.net	4 KB
2	adnxs.com secure.adnxs.com
2	vidyard.com play.vidyard.com	3 KB
2	facebook.net connect.facebook.net	23 KB
2	bing.com bat.bing.com	3 KB
1	chartbeat.net ping.chartbeat.net	43 B
1	twitter.com analytics.twitter.com	66 B
1	googleusercontent.com themes.googleusercontent.com	41 KB
1	mktoresp.com 336-tau-594.mktoresp.com	43 B
1	decibelinsight.net cdn.decibelinsight.net	44 KB
1	t.co t.co	74 B
1	rfihub.com a.rfihub.com 20768311p.rfihub.com Failed	83 B
1	google.de www.google.de	60 B
1	ml-api.io attr.ml-api.io	4 B
1	w55c.net tags.w55c.net	43 B
1	turn.com r.turn.com	43 B
1	gwallet.com rs.gwallet.com Failed rp.gwallet.com Failed	68 B
1	rfihub.net c1.rfihub.net	20 KB
1	licdn.com snap.licdn.com	8 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	googleapis.com fonts.googleapis.com	515 B
1	cloudfront.net d3c3cq33003psk.cloudfront.net
1	googletagmanager.com www.googletagmanager.com	31 KB
107	31

	Domain	Requested by
42	www.mimecast.com	www.mimecast.com
6	secure.livechatinc.com	cdn.livechatinc.com www.mimecast.com
5	fonts.gstatic.com	www.mimecast.com
3	p.po.st	analytics.po.st
3	ws.sharethis.com	www.mimecast.com ws.sharethis.com
2	www.facebook.com	www.mimecast.com
2	munchkin.marketo.net	www.mimecast.com munchkin.marketo.net
2	cdn.livechatinc.com	www.mimecast.com
2	secure.adnxs.com	www.mimecast.com
2	play.vidyard.com	www.googletagmanager.com
2	connect.facebook.net	www.mimecast.com connect.facebook.net
2	ssl.google-analytics.com	www.googletagmanager.com www.mimecast.com
2	bat.bing.com	www.googletagmanager.com www.mimecast.com
2	l.sharethis.com	www.mimecast.com
1	imp2.ads.linkedin.com
1	ping.chartbeat.net
1	dc.ads.linkedin.com
1	po.st	analytics.po.st
1	analytics.twitter.com	static.ads-twitter.com
1	themes.googleusercontent.com	www.mimecast.com
1	336-tau-594.mktoresp.com	munchkin.marketo.net
1	cdn.decibelinsight.net	www.mimecast.com
1	t.co	www.mimecast.com
1	a.rfihub.com	c1.rfihub.net
1	www.google.de	www.mimecast.com
1	attr.ml-api.io	www.mimecast.com
1	tags.w55c.net	www.mimecast.com
1	r.turn.com	www.mimecast.com
1	analytics.po.st	www.mimecast.com
1	rs.gwallet.com	www.mimecast.com
1	c1.rfihub.net	www.mimecast.com
1	snap.licdn.com	www.mimecast.com
1	static.ads-twitter.com	www.googletagmanager.com
1	www.google-analytics.com	www.googletagmanager.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	fonts.googleapis.com	www.mimecast.com
1	d3c3cq33003psk.cloudfront.net	www.mimecast.com
1	www.googletagmanager.com	www.mimecast.com
1	platform-api.sharethis.com	www.mimecast.com
0	rp.gwallet.com Failed
0	20768311p.rfihub.com Failed	c1.rfihub.net
107	41

This site contains links to these domains. Also see Links.

Domain
community.mimecast.com
investors.mimecast.com
goo.gl
www.linkedin.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
*.mimecast.com DigiCert SHA2 High Assurance Server CA	`2015-04-09` - `2018-06-27`	3 years	crt.sh
*.sharethis.com Symantec Class 3 Secure Server CA - G4	`2016-11-04` - `2017-11-04`	a year	crt.sh
*.google-analytics.com Google Internet Authority G2	`2017-08-22` - `2017-11-14`	3 months	crt.sh
*.cloudfront.net Symantec Class 3 Secure Server CA - G4	`2016-10-26` - `2017-12-17`	a year	crt.sh
*.googleapis.com Google Internet Authority G2	`2017-08-22` - `2017-11-14`	3 months	crt.sh
*.google.com Google Internet Authority G2	`2017-08-22` - `2017-11-14`	3 months	crt.sh
www.bing.com Microsoft IT TLS CA 5	`2017-07-20` - `2019-07-10`	2 years	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2016-06-08` - `2019-06-13`	3 years	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2016-02-16` - `2019-04-17`	3 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2016-12-09` - `2018-01-25`	a year	crt.sh
*.rfihub.net Symantec Class 3 Secure Server CA - G4	`2016-10-29` - `2017-10-29`	a year	crt.sh
p.ssl.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2017-05-12` - `2018-12-28`	2 years	crt.sh
*.po.st DigiCert SHA2 High Assurance Server CA	`2015-10-15` - `2019-01-09`	3 years	crt.sh
*.turn.com DigiCert SHA2 Secure Server CA	`2016-12-21` - `2018-01-30`	a year	crt.sh
*.adnxs.com GeoTrust SSL CA - G3	`2016-02-25` - `2018-05-26`	2 years	crt.sh
*.w55c.net GeoTrust SHA256 SSL CA	`2015-11-02` - `2017-11-01`	2 years	crt.sh
*.ml-api.io COMODO RSA Organization Validation Secure Server CA	`2017-02-27` - `2019-03-27`	2 years	crt.sh
*.gwallet.com DigiCert SHA2 High Assurance Server CA	`2017-05-02` - `2018-08-02`	a year	crt.sh
*.livechatinc.com Symantec Class 3 ECC 256 bit SSL CA - G2	`2016-11-16` - `2017-11-16`	a year	crt.sh
www.google.de Google Internet Authority G2	`2017-08-22` - `2017-11-14`	3 months	crt.sh
*.rfihub.com DigiCert SHA2 Secure Server CA	`2016-07-20` - `2019-09-03`	3 years	crt.sh
*.marketo.net Symantec Class 3 Secure Server CA - G4	`2016-11-02` - `2017-11-02`	a year	crt.sh
t.co DigiCert SHA2 Extended Validation Server CA	`2017-07-25` - `2018-11-05`	a year	crt.sh
*.decibelinsight.net RapidSSL SHA256 CA - G2	`2017-05-02` - `2018-07-01`	a year	crt.sh
*.mktoresp.com Go Daddy Secure Certificate Authority - G2	`2015-12-02` - `2018-12-02`	3 years	crt.sh
*.googleusercontent.com Google Internet Authority G2	`2017-08-22` - `2017-11-14`	3 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2016-09-24` - `2017-12-05`	a year	crt.sh
ads.linkedin.com DigiCert SHA2 Secure Server CA	`2017-05-15` - `2019-07-15`	2 years	crt.sh
*.chartbeat.net Gandi Standard SSL CA 2	`2017-08-09` - `2018-08-19`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Frame ID: 17878.1
Requests: 100 HTTP requests in this frame

Frame: https://rs.gwallet.com/r1/pixeltag/x201r275712941
Frame ID: 17878.3
Requests: 1 HTTP requests in this frame

Frame: https://20768311p.rfihub.com/ca.html?rfiidc=1048283196196729352&rfiaid=3d39cdf71fa94d0a8f27ea145a081f89&ver=9&rb=30788&ca=20768311&_o=30788&_t=20768311&pe=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&pf=&ra=23706432402807298
Frame ID: 17878.4
Requests: 1 HTTP requests in this frame

Frame: https://secure.livechatinc.com/licence/7096611/open_chat.cgi?groups=0&embedded=1&newWebserv=undefined&__lc_vv=2&session_id=S1504214974.be825d8f87&server=secure.livechatinc.com
Frame ID: 17878.6
Requests: 1 HTTP requests in this frame

Frame: https://cdn.livechatinc.com/fonts/modern/livechat-modern_7cf45543dc.ttf?ekgvz6
Frame ID: 17878.5
Requests: 2 HTTP requests in this frame

Frame: https://rp.gwallet.com/r1/bcm/p23
Frame ID: 17878.7
Requests: 1 HTTP requests in this frame

Frame: https://ws.sharethis.com/secure/index.html
Frame ID: 17878.8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

script /munchkin\.marketo\.net\/munchkin\.js/i

Page Statistics

107
Requests

95 %
HTTPS

26 %
IPv6

31
Domains

41
Subdomains

39
IPs

6
Countries

5068 kB
Transfer

6293 kB
Size

30
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://community.mimecast.com/community/knowledge-base
Title: Knowledgebase

Search URL Search Domain Scan URL

URL: https://community.mimecast.com/
Title: Mimecaster Central

Search URL Search Domain Scan URL

URL: http://investors.mimecast.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://goo.gl/ke7PVi
Title: security advisory

Search URL Search Domain Scan URL

URL: https://goo.gl/dG9jhD
Title: attack vector for email

Search URL Search Domain Scan URL

URL: https://goo.gl/xDzFRK
Title: targeted attacks

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/mimecast
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/mimecast
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/mimecast
Title:

Search URL Search Domain Scan URL

URL: https://community.mimecast.com/welcome
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 31

https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&fpc=303c07d-15e3a32ff12-2ed1bd06-1&sessionID=1504214974227.34845&hostname=www.mimecast.com&location=%2Fblog%2F2017%2F08%2Fin...
https://l.sharethis.com/sc?cm=CvQEBFmof74AAAARNtZrAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F

Request 41

https://www.mimecast.com/link/7cef604d593247df8c855c9f6f8dfa81.aspx
https://www.mimecast.com/globalassets/blog/backgrounds/interet_minute_blog_detail_v2.jpg

Request 42

https://www.mimecast.com/link/661523b5f4ce41d691b7b1b000e4cd4a.aspx
https://www.mimecast.com/globalassets/blog/backgrounds/esra_cover_notext.png

Request 50

https://sjs.bizographics.com/insight.min.js
https://snap.licdn.com/li.lms-analytics/insight.min.js

Request 60

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=UmdCS1RYU2sxRE54MVEy&google_cm=&google_sc=&google_tc=
https://tags.w55c.net/match-result?id=8bb138bc0446417c9a4df9a0136d0caf8a93328592bf4d059bfc856c256fbc33&ei=GOOGLE&euid=&google_gid=CAESEAKHNfxRb04y-jfYWTb6A5Q&google_cver=1

Request 61

https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dmimecast.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=mimecast.com&pId=2150875399220012646

Request 64

https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1922182523.1504214974&jid=33113766&_v=j60&z=2069762857
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1922182523.1504214974&jid=33113766&_v=j60&z=2069762857&slf_rd=1&random=791769470

Request 72

https://www.mimecast.com/link/0955de99096e4434ab48879375670aac.aspx
https://www.mimecast.com/globalassets/blog/main/2017/ropemaker_blank.jpg

Request 97

https://www.linkedin.com/csp/dtag?p=9&_x=%2526opid%253D8016%2526fmt%253Djs%2526ref%253D%2526ck%253D%2526url%253Dhttps%25253A%25252F%25252Fwww.mimecast.com%25252Fblog%25252F2017%25252F08%25252Fintro...
https://dc.ads.linkedin.com/collect/?pid=6883&opid=8016&fmt=js&ref=&ck=&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&s=1&pageUrl=https%3A%2F%2F...

Request 102

https://rp.gwallet.com/r1/pixel/x8208r897410514
https://rp.gwallet.com/r1/bcm/p23

107 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/ 69 KB
18 KB 807ms
593ms Document
text/html 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

c90e62946e937d68b8202f58713e4affd532d2a46744dc72250ee8193ee0eb43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Thu, 31 Aug 2017 21:29:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Cache-Control: private
Vary: Accept-Encoding
Content-Length: 18432
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK main-stylesv4
www.mimecast.com/bundles/ 248 KB
60 KB 72ms
51ms Stylesheet
text/css 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/bundles/main-stylesv4?v=DTVoMIYSkBgxI7Dri1EOfXd7nzta2d3xY-z6hho1uw01

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

b9d204c70830b9b4b1792ee57156293e317a1149e5c22b4996eccdb083ac5c78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 31 Aug 2017 21:29:34 GMT
Date: Thu, 31 Aug 2017 21:29:33 GMT
X-Served-By: IIS02
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Cache-Control: public
Vary: Accept-Encoding
Content-Length: 61656
X-XSS-Protection: 1; mode=block
Expires: Fri, 31 Aug 2018 21:29:34 GMT

GET
H/1.1 200
OK blog-article
www.mimecast.com/bundles/ 9 KB
3 KB 147ms
75ms Stylesheet
text/css 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/bundles/blog-article?v=bbpoRKU8ZtOcmVdO6ZlkNMxnxcrE_dxuaA7fIOh3ICM1

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

a795bccb24de6a50998ad96fde368ad87b47b227feb48538b4587e18c39caf9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 31 Aug 2017 21:29:34 GMT
Date: Thu, 31 Aug 2017 21:29:33 GMT
X-Served-By: IIS02
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Cache-Control: public
Vary: Accept-Encoding
Content-Length: 3019
X-XSS-Protection: 1; mode=block
Expires: Fri, 31 Aug 2018 21:29:34 GMT

GET
H/1.1 200
OK sharethis.js Show response
platform-api.sharethis.com/js/ 115 KB
38 KB 21ms
6ms Script
text/javascript 184.31.82.197
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.82.197 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-82-197.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9eb347e2aee96bdcc7f0d62e9db2c0e52480fa71c1be8f141c7b5b1c42fb8517

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Content-Encoding: gzip
ETag: W/"1ca6c-KFDBgKSlUHusLPMlDimv2w"
Vary: Accept-Encoding
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, POST, PUT
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 39126

GET
H/1.1 200
OK mimecast_logo_color.svg
www.mimecast.com/content/img/svg/ 6 KB
6 KB 72ms
72ms Image
image/svg+xml 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/content/img/svg/mimecast_logo_color.svg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

d6ee6d74038ac06d43ea7778db90ac3b223904b1fcd6d155ef602c3a6fc26cd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:40 GMT
ETag: "0fcc77e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 5686
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK logo-mimecast.png
www.mimecast.com/content/img/ 3 KB
3 KB 152ms
51ms Image
image/png 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/content/img/logo-mimecast.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

6375fd5a3eb99e2dac3e91b45633c81ad40aa155f94d3d1318d5d6bcad2278a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:38 GMT
ETag: "0cf966e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 3156
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK logo-mimecast-m.png
www.mimecast.com/content/img/ 1 KB
1 KB 176ms
62ms Image
image/png 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/content/img/logo-mimecast-m.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

0b926d2e9e6057025b9088413fb3fde286e52eadc5f34b8051182d818846e2d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:38 GMT
ETag: "0cf966e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 1113
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK navigation-esra.jpg
www.mimecast.com/assets/img/nav-featured/ 34 KB
34 KB 233ms
106ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/nav-featured/navigation-esra.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

57419900b070f3c07f4346a4d35c88b7e15f12617975ae987d54a4808a7224ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 15 Mar 2017 14:40:39 GMT
ETag: "698dc51d9a9dd21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 34982
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK navigation-product.jpg
www.mimecast.com/assets/img/nav-featured/ 35 KB
35 KB 58ms
58ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/nav-featured/navigation-product.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

d84859b75faf57a4884af570cd1f32ffcbc10fd1024380a093a2345f22c4e92f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:36 GMT
ETag: "0a2655e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 35740
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK navigation-partners.jpg
www.mimecast.com/assets/img/nav-featured/ 54 KB
54 KB 46ms
46ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/nav-featured/navigation-partners.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

3113365e1217e0d6977bd072fd191164922f0d0fe38fbb4741206ca4374fd53f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:36 GMT
ETag: "0a2655e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 55307
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK navigation-forrester.jpg
www.mimecast.com/assets/img/nav-featured/ 21 KB
21 KB 70ms
70ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/nav-featured/navigation-forrester.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

ffbb48e70e9584d346e6e19477752db705653693625e928a30b491c37405bfe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 15 Mar 2017 14:41:06 GMT
ETag: "1d4b42e9a9dd21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 21188
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK navigation-customer-success.jpg
www.mimecast.com/assets/img/nav-featured/ 32 KB
32 KB 49ms
49ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/nav-featured/navigation-customer-success.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

f1ce6b635e9320197895ccf90417ab2554bc9c5d4ec8e0ce2d9a5e792165334c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:36 GMT
ETag: "0a2655e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 32541
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK navigation-news-events.jpg
www.mimecast.com/assets/img/nav-featured/ 37 KB
37 KB 39ms
39ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/nav-featured/navigation-news-events.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

f1cd4c228f8beeafbcbd6d2bc2f40a7153101ae6c2779e598adfadf3fbbcf1b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:36 GMT
ETag: "0a2655e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 37525
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK navigation-company.jpg
www.mimecast.com/assets/img/nav-featured/ 31 KB
31 KB 42ms
42ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/nav-featured/navigation-company.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

9e9c8a043e1bf1f733d74e45fcb6356e51b2a7259c3ce3674badca52e0a3ec31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:36 GMT
ETag: "0a2655e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 31309
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK mgardiner.jpg
www.mimecast.com/globalassets/sitev3/blog/portraits/ 8 KB
8 KB 100ms
65ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/globalassets/sitev3/blog/portraits/mgardiner.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

e5e507f21ce85c202374b3c65a7de4085ea65655493ae669624a49b98198c32c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Aug 2016 15:00:24 GMT
ETag: "1D1F89814E93400"
X-Served-By: IIS02
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 7818
X-XSS-Protection: 1; mode=block
Expires: Fri, 31 Aug 2018 21:29:34 GMT

GET
H/1.1 200
OK its-not-just-the-ransom-youre-losing.jpg
www.mimecast.com/globalassets/blog/backgrounds/ 2 MB
2 MB 153ms
97ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/globalassets/blog/backgrounds/its-not-just-the-ransom-youre-losing.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

8ac78f8be0e32dcc7ec3c1a218d0228d37ccc4e488320b1d87d2b36e09c78f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 04 Apr 2017 16:25:36 GMT
ETag: "1D2AD6016E90000"
X-Served-By: IIS02
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 1878777
X-XSS-Protection: 1; mode=block
Expires: Fri, 31 Aug 2018 21:29:34 GMT

GET
H/1.1 200
OK switch-email-goodurl---edited-002.jpg
www.mimecast.com/globalassets/blog/main/2017/ 87 KB
87 KB 78ms
78ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/globalassets/blog/main/2017/switch-email-goodurl---edited-002.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

884ba10d1d5dc22b8ed639cb80e228d555384947835db88d689b1739fa3b7626

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 23 Aug 2017 16:30:17 GMT
ETag: "1D31C2D1AA4F280"
X-Served-By: IIS02
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 89527
X-XSS-Protection: 1; mode=block
Expires: Fri, 31 Aug 2018 21:29:34 GMT

GET
H/1.1 200
OK switch-email-badurl---edited-002.jpg
www.mimecast.com/globalassets/blog/main/2017/ 87 KB
87 KB 95ms
95ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/globalassets/blog/main/2017/switch-email-badurl---edited-002.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

8e1bb2ee0cfc58e51b719578b8a23e789e5b38e5be14487cfd676f1673ae98a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 23 Aug 2017 16:30:17 GMT
ETag: "1D31C2D1AA4F280"
X-Served-By: IIS02
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Content-Length: 88749
X-XSS-Protection: 1; mode=block
Expires: Fri, 31 Aug 2018 21:29:34 GMT

GET
H/1.1 200
OK footer---ropemaker-learn-more.jpg
www.mimecast.com/globalassets/blog/banner-footer/ 48 KB
48 KB 90ms
90ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/globalassets/blog/banner-footer/footer---ropemaker-learn-more.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

6607422d88429d241663bc8d56156acbad25ca653f608515628c4fd15ee3d299

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Thu, 17 Aug 2017 17:11:22 GMT
ETag: "1D3177BD96B9900"
X-Served-By: IIS02
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Content-Length: 49012
X-XSS-Protection: 1; mode=block
Expires: Fri, 31 Aug 2018 21:29:34 GMT

GET
H/1.1 200
OK untitled-design-42.jpg
www.mimecast.com/globalassets/blog/author/ 9 KB
9 KB 72ms
72ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/globalassets/blog/author/untitled-design-42.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

01ad9892aa93628962d6695c41d667c9c8507809326bcb719b2887cfc47921fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 07 Jun 2017 20:15:35 GMT
ETag: "1D2DFCAD2314D80"
X-Served-By: IIS02
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Content-Length: 9519
X-XSS-Protection: 1; mode=block
Expires: Fri, 31 Aug 2018 21:29:34 GMT

GET
H/1.1 200
OK partner-logos-2017.png
www.mimecast.com/assets/img/ 61 KB
61 KB 43ms
43ms Image
image/png 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/partner-logos-2017.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

c8aff554af86844bee6a4dda40e9f6bf5b08826ad96dadc9ceeb1a764b52b846

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:36 GMT
ETag: "0a2655e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Content-Length: 62666
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK blogrss.png
www.mimecast.com/images/icons/ 2 KB
2 KB 44ms
42ms Image
image/png 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/images/icons/blogrss.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

aa23d7843b1e2807f2e92c315484dc16ec2a916dc7fc461052f879d73397a727

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Aug 2015 14:45:46 GMT
ETag: "0938bb8ddad01:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Content-Length: 1979
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK linkedin.png
www.mimecast.com/images/icons/ 2 KB
2 KB 48ms
48ms Image
image/png 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/images/icons/linkedin.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

22fdd87b9eb01469a9a3b9839c400bed75073a1f857b4f81ae159d0b9bc57a27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Aug 2015 14:45:46 GMT
ETag: "0938bb8ddad01:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Content-Length: 1545
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK twitter00.png
www.mimecast.com/images/icons/ 2 KB
2 KB 39ms
39ms Image
image/png 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/images/icons/twitter00.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

955175524ed2d05fc72af794c0aa778fc6ff42a2b1b746b86dadee5a6f8403b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Aug 2015 14:45:46 GMT
ETag: "0938bb8ddad01:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Content-Length: 1655
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK youtube.png
www.mimecast.com/images/icons/ 2 KB
2 KB 36ms
36ms Image
image/png 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/images/icons/youtube.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

99dfaef92b1ac4f0705419bb0e8066ba5aa6775e4fd04344f6279e6f206a4dff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Aug 2015 14:45:46 GMT
ETag: "0938bb8ddad01:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Content-Length: 2036
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK main-scripts Show response
www.mimecast.com/bundles/ 293 KB
116 KB 57ms
57ms Script
text/javascript 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/bundles/main-scripts?v=G5XtyiMMxlnvoP6P2g9dV7Tr3nC8UABp880ILM-wUlU1

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

7c5475aec3024333e1b029da18390c46818c35c7bcf5cf8222ef4589df48d877

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 31 Aug 2017 21:29:34 GMT
Date: Thu, 31 Aug 2017 21:29:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=utf-8
Expires: Fri, 31 Aug 2018 21:29:34 GMT
Cache-Control: public
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK cookie-popup.js Show response
www.mimecast.com/assets/js/common/ 305 B
267 B 42ms
42ms Script
application/x-javascript 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/assets/js/common/cookie-popup.js

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

1a242ce0682eb03ac301e048e640db9265d638c6786dafbe423553a80e287aa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 02 Jun 2017 10:02:22 GMT
ETag: "04bca5387dbd21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 267
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK blogv4-scripts Show response
www.mimecast.com/bundles/ 83 KB
36 KB 91ms
90ms Script
text/javascript 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/bundles/blogv4-scripts?v=yjt-cmMvXFORXFgA4VW3U0_d5LzUYrifekxCkxzSXjY1

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

d25978fe55134fca5809658f72b3db84b7cbb754e5760e5c2f21cf23ea627790

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 31 Aug 2017 21:29:34 GMT
Date: Thu, 31 Aug 2017 21:29:33 GMT
X-Served-By: IIS02
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Vary: Accept-Encoding
Content-Length: 36770
X-XSS-Protection: 1; mode=block
Expires: Fri, 31 Aug 2018 21:29:34 GMT

GET
S 200 gtm.js Show response
www.googletagmanager.com/ 102 KB
31 KB 29ms
15ms Script
application/javascript 2a00:1450:4001:81d::2008
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81d::2008 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

e7ec67482d682c67173abae0f94bee9dfb3d314d78989a1e705f73ed4c6f5dc1

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date: Thu, 31 Aug 2017 21:29:34 GMT
content-encoding: gzip
server: Google Tag Manager (scaffolding)
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 31992
x-xss-protection: 1; mode=block
expires: Thu, 31 Aug 2017 21:29:34 GMT

GET
H/1.1 403
Forbidden opentag-88459-936800.js
d3c3cq33003psk.cloudfront.net/ 0
0 615ms
87ms Script
application/xml 52.85.89.46
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d3c3cq33003psk.cloudfront.net/opentag-88459-936800.js
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.85.89.46 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-89-46.jfk6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:25:54 GMT
Via: 1.1 9865fbd5c61131fde861cc79a5ba4ead.cloudfront.net (CloudFront)
Server: AmazonS3
Age: 220
Transfer-Encoding: chunked
X-Cache: Error from cloudfront
Content-Type: application/xml
Connection: keep-alive
X-Amz-Cf-Id: RYJ7ipKQwyyMJAkaQ0vlHTRMu8y5Aj7F1C1l1PPyGkmieONxvqtCJw==

GET
S 200 css
fonts.googleapis.com/ 2 KB
515 B 27ms
15ms Stylesheet
text/css 2a00:1450:4001:81d::200a
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,300,700,600,400italic,700italic,300italic

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81d::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

ESF /

Resource Hash

ce3bbd0bb71df903c9a88a8b7d737d127360bc360f527ef7ce69a3629e57a4a3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date: Thu, 31 Aug 2017 21:29:34 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
x-xss-protection: 1; mode=block
expires: Thu, 31 Aug 2017 21:29:34 GMT

GET
H/1.1 200
OK 58de21103862000012172638.js Show response
buttons-config.sharethis.com/js/ 660 B
660 B 22ms
7ms Script
text/javascript 184.31.82.197
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/58de21103862000012172638.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.82.197 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-82-197.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 9c31fa7f6862edfdbe3ba9f19aef76940950a1ab03bb9b431b6cdc954321e921

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Last-Modified: Tue, 04 Apr 2017 09:50:56 GMT
Server: AmazonS3
x-amz-request-id: D20E71798ED2DFC2
ETag: "f9fd25e902d770f79a116d1f10059793"
Content-Type: text/javascript
Cache-Control: public, max-age=60
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 660
x-amz-id-2: I2FtaK6NPcUIHzq4YnCkE89M4E4bGr5QAdaa4bsJMkZODy7qiB/+jiRmTUgwbOuwHW9QmDyGU2c=

GET
H/1.1

301
Moved Permanently

sc Show response
l.sharethis.com/
Redirect Chain

https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&fpc=303c07d-15e3a32ff12-2ed1bd06-1&sessionID=1504214974227.34845&hostname=www.mimecast.com&location=%2Fblog%2F2017%2F08%2Fin...
https://l.sharethis.com/sc?cm=CvQEBFmof74AAAARNtZrAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F

0
0

30ms
7ms

XHR
text/html

35.157.42.240
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/sc?cm=CvQEBFmof74AAAARNtZrAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.42.240 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-157-42-240.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Access-Control-Allow-Origin: https://www.mimecast.com
Access-Control-Max-Age: 1728000
P3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location: /sc?cm=CvQEBFmof74AAAARNtZrAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: *
Content-Length: 186
Stid: CvQEBFmof74AAAARNtZrAw==

Redirect headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Access-Control-Allow-Origin: https://www.mimecast.com
Access-Control-Max-Age: 1728000
P3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location: /sc?cm=CvQEBFmof74AAAARNtZrAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: *
Content-Length: 186
Stid: CvQEBFmof74AAAARNtZrAw==

GET
S 200 toadOcfmlt9b38dHJxOBGNNE-IuDiR70wI4zXaKqWCM.ttf
fonts.gstatic.com/s/sourcesanspro/v10/ 36 KB
18 KB 25ms
12ms Font
font/ttf 2a00:1450:4001:81d::2003
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v10/toadOcfmlt9b38dHJxOBGNNE-IuDiR70wI4zXaKqWCM.ttf

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81d::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

6b6b427cf76ccb7453b094cb9e524edc61aa392ab13fd7af2b1b5b27af825db8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,300,700,600,400italic,700italic,300italic
Origin: https://www.mimecast.com

Response headers

date: Mon, 07 Aug 2017 16:02:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2093203
status: 200
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 18873
x-xss-protection: 1; mode=block
last-modified: Mon, 05 Jun 2017 20:32:13 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Aug 2018 16:02:51 GMT

GET
H/1.1 200
OK icon-login-blue-20x20.png
www.mimecast.com/assets/img/layout-icons/ 325 B
325 B 64ms
51ms Image
image/png 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/layout-icons/icon-login-blue-20x20.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

a0d0af3148c1142dd9316de8c96dab4ff18e2bd082b71ef3dfb840dcb449af30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/bundles/main-stylesv4?v=DTVoMIYSkBgxI7Dri1EOfXd7nzta2d3xY-z6hho1uw01
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:36 GMT
ETag: "0a2655e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 325
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK search-icon-white-20x20.png
www.mimecast.com/assets/img/layout-icons/ 436 B
436 B 90ms
35ms Image
image/png 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/layout-icons/search-icon-white-20x20.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

d9e21e1e973999172343adc77be3bffc3a31655a96d40e52a053ba32c4dccc86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/bundles/main-stylesv4?v=DTVoMIYSkBgxI7Dri1EOfXd7nzta2d3xY-z6hho1uw01
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:36 GMT
ETag: "0a2655e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 436
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK generic.jpg
www.mimecast.com/assets/img/ 38 KB
38 KB 54ms
42ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/generic.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

0ec64c389adb6cd42c9211265d06f220d29cb9ec8033abb7f800369ae3876a74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/bundles/main-stylesv4?v=DTVoMIYSkBgxI7Dri1EOfXd7nzta2d3xY-z6hho1uw01
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:34 GMT
ETag: "075344e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 39414
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
S 200 toadOcfmlt9b38dHJxOBGMw1o1eFRj7wYC6JbISqOjY.ttf
fonts.gstatic.com/s/sourcesanspro/v10/ 36 KB
19 KB 17ms
6ms Font
font/ttf 2a00:1450:4001:81d::2003
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v10/toadOcfmlt9b38dHJxOBGMw1o1eFRj7wYC6JbISqOjY.ttf

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81d::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

fdb705288e6566e631455d2a0f4f3c531ba0d41af5c2e42c897abe2710049544

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,300,700,600,400italic,700italic,300italic
Origin: https://www.mimecast.com

Response headers

date: Mon, 07 Aug 2017 11:03:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2111166
status: 200
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 18952
x-xss-protection: 1; mode=block
last-modified: Mon, 05 Jun 2017 20:31:56 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Aug 2018 11:03:28 GMT

GET
S 200 toadOcfmlt9b38dHJxOBGLsbIrGiHa6JIepkyt5c0A0.ttf
fonts.gstatic.com/s/sourcesanspro/v10/ 36 KB
18 KB 28ms
18ms Font
font/ttf 2a00:1450:4001:81d::2003
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v10/toadOcfmlt9b38dHJxOBGLsbIrGiHa6JIepkyt5c0A0.ttf

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81d::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

82b6e56775893fcdd12ae7b9036b0a21514314ce5dc5ac40f2c1221707fa2291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,300,700,600,400italic,700italic,300italic
Origin: https://www.mimecast.com

Response headers

date: Mon, 07 Aug 2017 13:33:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2102169
status: 200
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 18683
x-xss-protection: 1; mode=block
last-modified: Mon, 05 Jun 2017 20:32:47 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Aug 2018 13:33:25 GMT

GET
H/1.1 200
OK fontawesome-webfont.woff2
www.mimecast.com/content/fonts/fontawesome/fonts/ 70 KB
70 KB 120ms
80ms Font
application/font-woff2 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/content/fonts/fontawesome/fonts/fontawesome-webfont.woff2?v=4.6.3

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer: https://www.mimecast.com/bundles/main-stylesv4?v=DTVoMIYSkBgxI7Dri1EOfXd7nzta2d3xY-z6hho1uw01
Origin: https://www.mimecast.com

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:38 GMT
ETag: "0cf966e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/font-woff2
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 71896
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
S 200 ODelI1aHBYDBqgeIAH2zlNzbP97U9sKh0jjxbPbfOKg.ttf
fonts.gstatic.com/s/sourcesanspro/v10/ 36 KB
19 KB 26ms
16ms Font
font/ttf 2a00:1450:4001:81d::2003
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v10/ODelI1aHBYDBqgeIAH2zlNzbP97U9sKh0jjxbPbfOKg.ttf

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81d::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

589305780e339b3b6a64b600d5405105325f48804f590b9a366b4b7b9dae2414

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,300,700,600,400italic,700italic,300italic
Origin: https://www.mimecast.com

Response headers

date: Mon, 07 Aug 2017 15:03:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2096744
status: 200
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 18985
x-xss-protection: 1; mode=block
last-modified: Mon, 05 Jun 2017 20:31:54 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Aug 2018 15:03:50 GMT

GET
H/1.1 200
OK icon-ebooks.png
www.mimecast.com/assets/img/resource-backgrounds/icons/65x65/ 2 KB
2 KB 42ms
41ms Image
image/png 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/resource-backgrounds/icons/65x65/icon-ebooks.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

bb5819a637c2d5bc2f66c84a9d8659bcc0024f407d83c5b81a568438fc1c7009

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/bundles/main-stylesv4?v=DTVoMIYSkBgxI7Dri1EOfXd7nzta2d3xY-z6hho1uw01
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:36 GMT
ETag: "0a2655e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Content-Length: 1771
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1

200
OK

interet_minute_blog_detail_v2.jpg
www.mimecast.com/globalassets/blog/backgrounds/
Redirect Chain

https://www.mimecast.com/link/7cef604d593247df8c855c9f6f8dfa81.aspx
https://www.mimecast.com/globalassets/blog/backgrounds/interet_minute_blog_detail_v2.jpg

102 KB
102 KB

61ms
61ms

Image
image/jpeg

146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/globalassets/blog/backgrounds/interet_minute_blog_detail_v2.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

40d71c948b96c97c603b01cc330a7b49c83ea02977218686d1b40afd0d771499

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 15 Aug 2017 20:02:07 GMT
ETag: "1D316015F170980"
X-Served-By: IIS02
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Content-Length: 104326
X-XSS-Protection: 1; mode=block
Expires: Fri, 31 Aug 2018 21:29:34 GMT

Redirect headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 31 Aug 2017 21:29:34 GMT
X-Frame-Options: SAMEORIGIN
Location: /globalassets/blog/backgrounds/interet_minute_blog_detail_v2.jpg
Content-Length: 181
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1

200
OK

esra_cover_notext.png
www.mimecast.com/globalassets/blog/backgrounds/
Redirect Chain

https://www.mimecast.com/link/661523b5f4ce41d691b7b1b000e4cd4a.aspx
https://www.mimecast.com/globalassets/blog/backgrounds/esra_cover_notext.png

2 MB
2 MB

90ms
90ms

Image
image/png

146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/globalassets/blog/backgrounds/esra_cover_notext.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

f958b546026df6a575adebea1a50a9feec14841a93a2b26cd94fd85c42b0ef7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 02 Aug 2017 21:18:22 GMT
ETag: "1D30BD4DEA1E300"
X-Served-By: IIS02
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Content-Length: 1628221
X-XSS-Protection: 1; mode=block
Expires: Fri, 31 Aug 2018 21:29:34 GMT

Redirect headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 31 Aug 2017 21:29:34 GMT
X-Frame-Options: SAMEORIGIN
Location: /globalassets/blog/backgrounds/esra_cover_notext.png
Content-Length: 169
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK icon-chat-sales-white-20x20.png
www.mimecast.com/assets/img/layout-icons/ 307 B
307 B 56ms
44ms Image
image/png 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/layout-icons/icon-chat-sales-white-20x20.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

d44800a2f4db04ec142c65557ab71ed547ebd28c11855d57e769b61319caade1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/bundles/main-stylesv4?v=DTVoMIYSkBgxI7Dri1EOfXd7nzta2d3xY-z6hho1uw01
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:36 GMT
ETag: "0a2655e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 307
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK icon-demo-white-20x20.png
www.mimecast.com/assets/img/layout-icons/ 242 B
242 B 54ms
41ms Image
image/png 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/layout-icons/icon-demo-white-20x20.png

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

dfd6209cd5513fd0419c8928f3cdf1eeca23e53152f0558e732af7b0a8f7eb15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/bundles/main-stylesv4?v=DTVoMIYSkBgxI7Dri1EOfXd7nzta2d3xY-z6hho1uw01
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:36 GMT
ETag: "0a2655e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:33 GMT
Accept-Ranges: bytes
Content-Length: 242
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
S 200 fpTVHK8qsXbIeTHTrnQH6Edtd7Dq2ZflsctMEexj2lw.ttf
fonts.gstatic.com/s/sourcesanspro/v10/ 33 KB
17 KB 6ms
6ms Font
font/ttf 2a00:1450:4001:81d::2003
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v10/fpTVHK8qsXbIeTHTrnQH6Edtd7Dq2ZflsctMEexj2lw.ttf

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81d::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

42c99176a52bb64d5df004fb91326ff6b28bfbe2939ec88244a224f7321e565d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,300,700,600,400italic,700italic,300italic
Origin: https://www.mimecast.com

Response headers

date: Mon, 07 Aug 2017 13:33:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2102169
status: 200
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 17769
x-xss-protection: 1; mode=block
last-modified: Mon, 05 Jun 2017 20:33:11 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Aug 2018 13:33:25 GMT

GET
H/1.1 200
OK sc Show response
l.sharethis.com/ 80 B
80 B 10ms
10ms XHR
application/json 35.157.42.240
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/sc?cm=CvQEBFmof74AAAARNtZrAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.42.240 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-157-42-240.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 843e231dae5df0fd1a4515bbd5a256b7d9c33d4feadde6d63b852fad36c9d4cc

Request headers

X-DevTools-Emulate-Network-Conditions-Client-Id: bf1271db-3a47-4b56-a587-21a31c2ec126
Origin: https://www.mimecast.com
Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Access-Control-Max-Age: 1728000
Content-Type: application/json
Access-Control-Allow-Origin: https://www.mimecast.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Stid: CvQEBFmof74AAAARNtZrAw==
Access-Control-Allow-Headers: *
Content-Length: 80

GET
S 200 analytics.js Show response
www.google-analytics.com/ 32 KB
13 KB 18ms
6ms Script
text/javascript 2a00:1450:4001:81d::200e
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81d::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

522cc831f77209aa434abd05e5a9a114ec3aab233232394877ea5446130584de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 17 Aug 2017 01:11:09 GMT
server: Golfe2
age: 819
date: Thu, 31 Aug 2017 21:15:55 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 13472
expires: Thu, 31 Aug 2017 23:15:55 GMT

GET
S 200 bat.js Show response
bat.bing.com/ 9 KB
3 KB 52ms
35ms Script
application/javascript 204.79.197.200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.79.197.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: 1e616b6c247a49d421851c467056873dd9aaa9e1cf3900bb161ae1b1889f84ac

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date: Thu, 31 Aug 2017 21:29:34 GMT
content-encoding: gzip
last-modified: Thu, 17 Aug 2017 20:46:03 GMT
x-msedge-ref: Ref A: FFF9CF1948CB42F784486489C77E4CF7 Ref B: FRAEDGE0313 Ref C: 2017-08-31T21:29:34Z
status: 200
etag: "803718d79917d31:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 3324

GET
H/1.1 200
OK uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 21ms
6ms Script
application/javascript 104.244.43.176
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.43.176 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software: /
Resource Hash: 4f87c2b0b342c2382eb83be1b1426678e85e786249cf7ba876cf79c77b85f661

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Content-Encoding: gzip
Age: 77547
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 1963
X-Served-By: cache-tw-fra1-cr1-19-TWFRA1
Last-Modified: Wed, 28 Dec 2016 23:53:52 GMT
X-Timer: S1504214974.337450,VS0,VE0
Etag: "d5d9df51a4d7293c6a63d37d9b36655a+gzip"
Vary: Accept-Encoding,Host
Content-Type: application/javascript; charset=utf-8
Via: 1.1 varnish
Cache-Control: no-cache
Accept-Ranges: bytes

GET
H/1.1

200
OK

insight.min.js Show response
snap.licdn.com/li.lms-analytics/
Redirect Chain

https://sjs.bizographics.com/insight.min.js
https://snap.licdn.com/li.lms-analytics/insight.min.js

22 KB
8 KB

26ms
9ms

Script
application/x-javascript

2a02:26f0:10c:382::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:10c:382::25ea , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 3c380bc0bfd98df4685c69bb15c6b483d6c471007f9b95e25529fcd6e1ec6fb1

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Aug 2017 18:09:23 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=48585
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7812

Redirect headers

Date: Thu, 31 Aug 2017 19:20:42 GMT
Via: 1.1 ac34121093afdc7c5e89263bece028e1.cloudfront.net (CloudFront)
Server: AmazonS3
Age: 7732
X-Cache: Hit from cloudfront
Location: https://snap.licdn.com/li.lms-analytics/insight.min.js
Connection: keep-alive
Content-Length: 0
X-Amz-Cf-Id: 8z78effadRUyhSf2-ln389UCmKvTXSdxCv9cwhK2S9lRw9e9v2POhw==

GET
S 200 ga.js Show response
ssl.google-analytics.com/ 42 KB
16 KB 19ms
6ms Script
text/javascript 2a00:1450:4001:815::2008
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:815::2008 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

4e2ed635abf0b2dcbac3ea04d16ccf58bb2195364d65b76190f03da0f43255c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 17 Aug 2017 01:11:09 GMT
server: Golfe2
age: 2277
date: Thu, 31 Aug 2017 20:51:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 16022
expires: Thu, 31 Aug 2017 22:51:37 GMT

GET
S 200 fbevents.js Show response
connect.facebook.net/en_US/ 34 KB
11 KB 19ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

b8033185bc513faee7e0bfd577f89c1581faf25d6c66b2d135ffb47b89da6120

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com .fbcdn.net .facebook.net .spotilocal.com:* .akamaihd.net wss://.facebook.com:* https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=15552000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 11298
x-xss-protection: 0
pragma: public
x-fb-debug: 5WzP4QWJLPjs4sWzK6KXNhryquEWZzYjGYwEr2r1z9+VDmuAOROwZ29LoUY/8KK0TUEIrnYdDA3f8Cb8qB4Jmg==
x-frame-options: DENY
date: Thu, 31 Aug 2017 21:29:34 GMT
strict-transport-security: max-age=15552000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
access-control-allow-method: OPTIONS
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK tc.min.js Show response
c1.rfihub.net/js/ 20 KB
20 KB 23ms
6ms Script
application/x-javascript 92.123.93.60
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.93.60 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a92-123-93-60.deploy.akamaitechnologies.com
Software: Jetty(9.0.6.v20130930) /
Resource Hash: cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Last-Modified: Mon, 12 Jun 2017 17:33:31 GMT
Server: Jetty(9.0.6.v20130930)
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 20028
Expires: Thu, 31 Aug 2017 22:29:34 GMT

GET
S 200 api.js Show response
play.vidyard.com/v0/ 7 KB
2 KB 37ms
17ms Script
text/javascript 151.101.113.181
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/v0/api.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.113.181 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

d208c0d94a012545757abf8afa609f3212405c488f4cfad5b87630913989af29

Security Headers

Name	Value
X-Frame-Options	ALLOWALL

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date: Thu, 31 Aug 2017 21:29:34 GMT
content-encoding: gzip
age: 9863552
x-cache: HIT
status: 200
content-length: 1924
vy-wt: true
x-served-by: cache-hhn1521-HHN
x-runtime: 0.001754
x-request-id: a9514656-5b66-462c-b549-f4e38f108526
x-timer: S1504214974.366417,VS0,VE0
x-frame-options: ALLOWALL
etag: W/"c17d7b649b919bd9264a394737597701"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
via: 1.1 varnish
cache-control: max-age=15, public
accept-ranges: bytes
x-cache-hits: 16

GET x201r275712941
rs.gwallet.com/r1/pixeltag/ Frame 1787 0
0

GET
S 200 wa.js Show response
analytics.po.st/static/v1/ 26 KB
8 KB 127ms
6ms Script
application/x-javascript 192.229.233.175
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.po.st/static/v1/wa.js
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.229.233.175 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41ED) /
Resource Hash: 84653b32c7338bb1917bb9fef13886defc941a7e26e40cd1027da969a71ef97e

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date: Thu, 31 Aug 2017 21:29:34 GMT
content-encoding: gzip
last-modified: Thu, 17 Aug 2017 07:19:34 GMT
server: ECS (fcn/41ED)
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: max-age=604800
accept-ranges: bytes
content-length: 8687
expires: Thu, 31 Aug 2017 21:29:34 GMT

GET
H/1.1 200
OK beacon
r.turn.com/r/ 43 B
43 B 59ms
16ms Image
image/gif 46.228.164.11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/beacon?b2=H6fXQktjX5sIj4IuY6T06jLi1haEJlQwyRMdaqipq9C6oN0K41UXhpEZ6Ms7F02rYhajScz4Y8Wz5n4bfsTLbw&cid=&gtmcb=2019474912
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.228.164.11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2017 21:29:34 GMT
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK px
secure.adnxs.com/ 0
0 29ms
8ms Image
text/html 37.252.172.40
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=765275&seg=6357364&t=2&gtmcb=1775173223

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

37.252.172.40 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

155.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.11.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2017 21:29:36 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 155.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.18:80
AN-X-Request-Uuid: 1d8278c5-8062-43a7-aab4-43c2d4c63e69
Server: nginx/1.11.5
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK px
secure.adnxs.com/ 0
0 18ms
5ms Image
text/html 37.252.172.40
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=880741&seg=9735696&t=2&gtmcb=635245749

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

37.252.172.40 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

155.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.11.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2017 21:29:36 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 155.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.4:80
AN-X-Request-Uuid: ede1018b-3a49-4a09-aab2-f105f17f4a23
Server: nginx/1.11.5
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

match-result
tags.w55c.net/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=UmdCS1RYU2sxRE54MVEy&google_cm=&google_sc=&google_tc=
https://tags.w55c.net/match-result?id=8bb138bc0446417c9a4df9a0136d0caf8a93328592bf4d059bfc856c256fbc33&ei=GOOGLE&euid=&google_gid=CAESEAKHNfxRb04y-jfYWTb6A5Q&google_cver=1

43 B
43 B

12ms
12ms

Image
image/gif

81.95.155.130
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.w55c.net/match-result?id=8bb138bc0446417c9a4df9a0136d0caf8a93328592bf4d059bfc856c256fbc33&ei=GOOGLE&euid=&google_gid=CAESEAKHNfxRb04y-jfYWTb6A5Q&google_cver=1
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.95.155.130 Amsterdam, Netherlands, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 82.9b.5f51.ip4.static.sl-reverse.com
Software: Apache /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2017 21:29:34 GMT
Server: Apache
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2017 21:29:34 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://tags.w55c.net/match-result?id=8bb138bc0446417c9a4df9a0136d0caf8a93328592bf4d059bfc856c256fbc33&ei=GOOGLE&euid=&google_gid=CAESEAKHNfxRb04y-jfYWTb6A5Q&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 384
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

/
attr.ml-api.io/
Redirect Chain

https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dmimecast.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=mimecast.com&pId=2150875399220012646

4 B
4 B

360ms
166ms

Image
image/jpeg

52.85.90.71
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=mimecast.com&pId=2150875399220012646
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.85.90.71 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-90-71.jfk6.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Via: 1.1 6ddeb72bd0522678e37bacf079348a81.cloudfront.net (CloudFront)
x-amzn-RequestId: 7be2b075-8e93-11e7-8508-f9b562607d48
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
X-Amzn-Trace-Id: sampled=0;root=1-59a87fbe-646ae3180a55a0f24794c587
Connection: keep-alive
Content-Length: 4
X-Amz-Cf-Id: CPI5dgK_v5jpudJ3bAe3c9q2G7WpAb7gYhWy2_3VDOiPGEdxXaWEfg==

Redirect headers

Pragma: no-cache
Date: Thu, 31 Aug 2017 21:29:36 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 153.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.133:80
AN-X-Request-Uuid: b401d602-c9e5-43ad-b404-a14b1118005f
Server: nginx/1.11.5
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://attr.ml-api.io/?domain=mimecast.com&pId=2150875399220012646
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK x44114r777637757
rs.gwallet.com/r1/pixel/ 43 B
68 B 403ms
100ms Image
image/gif 74.217.253.60
Internap Network ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rs.gwallet.com/r1/pixel/x44114r777637757
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.217.253.60 , United States, ASN10913 (INTERNAP-BLK - Internap Network Services Corporation, US),
Reverse DNS
Software: nginx/1.10.2 /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2017 21:29:34 GMT
content-encoding: gzip
Server: nginx/1.10.2
Transfer-Encoding: chunked
P3p: CP="PSAo PSDo OUR BUS DSP NON COR"
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Expires: Tue, 29 Oct 2002 19:50:44 GMT

GET
H/1.1 200
OK tracking.js Show response
cdn.livechatinc.com/ 222 KB
63 KB 192ms
176ms Script
text/javascript 92.123.92.132
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.livechatinc.com/tracking.js?_=1504214974361
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/bundles/main-scripts?v=G5XtyiMMxlnvoP6P2g9dV7Tr3nC8UABp880ILM-wUlU1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 92.123.92.132 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a92-123-92-132.deploy.akamaitechnologies.com
Software: Apache /
Resource Hash: 8ae34a320182bfbaec83a2bb0658da0c0c1cc34920b4d138505109c65315ea61

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Content-Encoding: gzip
Last-Modified: Thu, 31 Aug 2017 12:12:18 GMT
Server: Apache
ETag: "41813-3790a-5580b8e400c80"
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Accept-Ranges: bytes
Expires: Fri, 01 Sep 2017 21:29:34 GMT

GET
S

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1922182523.1504214974&jid=33113766&_v=j60&z=2069762857
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1922182523.1504214974&jid=33113766&_v=j60&z=2069762857&slf_rd=1&random=791769470

42 B
60 B

41ms
41ms

Image
image/gif

2a00:1450:401b:801::2003
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1922182523.1504214974&jid=33113766&_v=j60&z=2069762857&slf_rd=1&random=791769470

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:401b:801::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2017 21:29:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2017 21:29:34 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1898620-6&cid=1922182523.1504214974&jid=33113766&_v=j60&z=2069762857&slf_rd=1&random=791769470
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
53 B 13ms
13ms Image
image/gif 2a00:1450:4001:815::2008
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=1911272036&utmhn=www.mimecast.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1185&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Introducing%20the%20ROPEMAKER%20Email%20Exploit%20%7C%20Mimecast%20Blog&utmhid=595379362&utmr=-&utmp=%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&utmht=1504214974437&utmac=UA-1898620-9&utmgtm=GTM-M2787TN&utmcc=__utma%3D147046443.1922182523.1504214974.1504214974.1504214974.1%3B%2B__utmz%3D147046443.1504214974.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=126802143&utmredir=1&utmu=qmAgAABAAAGBAAAAAgABAAAE~

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:815::2008 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2017 21:29:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 134294853780865 Show response
connect.facebook.net/signals/config/ 41 KB
12 KB 149ms
149ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/134294853780865?v=2.7.21

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

213b79b07d63865366cad20de716e42200526881ac648137e894922422a26850

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com .fbcdn.net .facebook.net .spotilocal.com:* .akamaihd.net wss://.facebook.com:* https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=15552000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
x-xss-protection: 0
pragma: public
x-fb-debug: 1ua0zmjdIFV/CtXoDF5kCaHIZ70MBrKRJ2QsffTafXQIATiEURWloVZT4xDRxcvs5E+me6SXi/ap99S3OpwC8w==
x-frame-options: DENY
date: Thu, 31 Aug 2017 21:29:34 GMT
strict-transport-security: max-age=15552000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
access-control-allow-method: OPTIONS
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK idr.js Show response
a.rfihub.com/ 83 B
83 B 40ms
10ms Script
application/javascript 185.31.128.208
Rocket Fuel Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://a.rfihub.com/idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.31.128.208 , United States, ASN54312 (ROCKETFUEL - Rocket Fuel Inc., US),
Reverse DNS
Software: Jetty(9.0.6.v20130930) /
Resource Hash: c1e4c83635e841c3e7c6c0c3fe867c286af6c6d5ba3b6177adb1aaa797f3ceb4

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Expires: Tue, 25 Sep 2018 21:29:34 GMT
Cache-Control: public, max-age=33696000
Server: Jetty(9.0.6.v20130930)
Content-Type: application/javascript
Content-Length: 83
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
S 204 0
bat.bing.com/action/ 0
0 35ms
35ms Image
text/plain 204.79.197.200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5435866&Ver=2&mid=aa32a222-8c7d-6b90-6a9d-bb08f78cd1b9&evt=pageLoad&sid=d973451b-1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Introducing%20the%20ROPEMAKER%20Email%20Exploit%20|%20Mimecast%20Blog&kw=email%20security,%20email%20security%20risk,%20email%20exploit,%20email-based%20attack,%20cybercrime,%20cyberattack,%20email%20threat,%20targeted%20email%20attack,%20email-borne%20attack,%20software%20vulnerability,&p=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&r=&rn=723687
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.79.197.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Thu, 31 Aug 2017 21:29:34 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 246E4B75D6FD4946959457EE954E2450 Ref B: FRAEDGE0313 Ref C: 2017-08-31T21:29:34Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 progress-events.js Show response
play.vidyard.com/v1/ 3 KB
1 KB 7ms
7ms Script
text/javascript 151.101.113.181
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/v1/progress-events.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2787TN

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.113.181 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

a71321e48c03e7f8856b4002730ecc657ad76d8cd33f27565265e7481002cf02

Security Headers

Name	Value
X-Frame-Options	ALLOWALL

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date: Thu, 31 Aug 2017 21:29:34 GMT
content-encoding: gzip
age: 9863460
x-cache: HIT
status: 200
content-length: 1140
vy-wt: true
x-served-by: cache-hhn1521-HHN
x-runtime: 0.004386
x-request-id: 0030fe8d-f7cf-4c37-830e-4b2eaa6ef45b
x-timer: S1504214975.603917,VS0,VE0
x-frame-options: ALLOWALL
etag: W/"44cfb1f3fe5fef63d16c85a4da5e83fe"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
via: 1.1 varnish
cache-control: max-age=15, public
accept-ranges: bytes
x-cache-hits: 1

GET
H/1.1 200
OK 22.jpg
www.mimecast.com/assets/img/resource-backgrounds/normal/ 5 KB
5 KB 45ms
45ms Image
image/jpeg 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/assets/img/resource-backgrounds/normal/22.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/bundles/blogv4-scripts?v=yjt-cmMvXFORXFgA4VW3U0_d5LzUYrifekxCkxzSXjY1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

95028aca0145e0c1b278fb20162f29625ef72123f35e11c25502da27b121f879

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2017 16:52:36 GMT
ETag: "0a2655e4b2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Content-Length: 4672
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK GetBitlyLink Show response
www.mimecast.com/ajax/ 21 B
140 B 583ms
583ms XHR
text/html 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/ajax/GetBitlyLink?path=/blog/2017/08/introducing-the-ropemaker-email-exploit/

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/bundles/main-scripts?v=G5XtyiMMxlnvoP6P2g9dV7Tr3nC8UABp880ILM-wUlU1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

dead5437d08b4c7785db3968807f36a624d558e3d8d68fd275879fe31475ac6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Thu, 31 Aug 2017 21:29:34 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Cache-Control: private
Vary: Accept-Encoding
Content-Length: 140
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1

200
OK

ropemaker_blank.jpg
www.mimecast.com/globalassets/blog/main/2017/
Redirect Chain

https://www.mimecast.com/link/0955de99096e4434ab48879375670aac.aspx
https://www.mimecast.com/globalassets/blog/main/2017/ropemaker_blank.jpg

171 KB
171 KB

94ms
92ms

Image
image/jpeg

146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mimecast.com/globalassets/blog/main/2017/ropemaker_blank.jpg

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

0947688a72892e7191820bfa1ead857cbe2b79a544b7598154f25aecfd1416e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Thu, 17 Aug 2017 16:59:02 GMT
ETag: "1D3177A20588F00"
X-Served-By: IIS02
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Content-Length: 174672
X-XSS-Protection: 1; mode=block
Expires: Fri, 31 Aug 2018 21:29:34 GMT

Redirect headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 31 Aug 2017 21:29:33 GMT
X-Frame-Options: SAMEORIGIN
Location: /globalassets/blog/main/2017/ropemaker_blank.jpg
Content-Length: 165
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
708 B 25ms
7ms Script
application/x-javascript 95.100.190.236
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.190.236 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-190-236.deploy.akamaitechnologies.com
Software: Apache /
Resource Hash: 3ff29d0e937c5180321601fad67d8fa4a911e59147321a1c79f29fffff6ef32c

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 17 May 2017 17:22:06 GMT
Server: Apache
ETag: "b546970ab6767ca502690d7810adb72f:1495041726"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 708

GET
H/1.1 200
OK buttons.js Show response
ws.sharethis.com/button/ 54 KB
15 KB 235ms
220ms Script
application/javascript 23.9.213.71
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/buttons.js?_=1504214974362
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/bundles/main-scripts?v=G5XtyiMMxlnvoP6P2g9dV7Tr3nC8UABp880ILM-wUlU1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.9.213.71 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-9-213-71.deploy.static.akamaitechnologies.com
Software: nginx/1.10.2 /
Resource Hash: e015dc170388550ad7d668f700089b0237a8109dcd8a51954ac4cbbb9b216282

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Content-Encoding: gzip
Server: nginx/1.10.2
ETag: W/"595fc548-d67d"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 14929
Expires: Fri, 01 Sep 2017 21:29:34 GMT

GET
H/1.1 200
OK pagetrack Show response
www.mimecast.com/ajax/ 0
0 613ms
590ms XHR
text/plain 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/ajax/pagetrack?pageId=28930

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/bundles/main-scripts?v=G5XtyiMMxlnvoP6P2g9dV7Tr3nC8UABp880ILM-wUlU1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 31 Aug 2017 21:29:34 GMT
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Content-Length: 0
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
S 200 adsct
t.co/i/ 43 B
74 B 119ms
118ms Image
image/gif 104.244.42.5
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nxcdp&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date: Thu, 31 Aug 2017 21:29:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 1; mode=block
x-response-time: 112
pragma: no-cache
last-modified: Thu, 31 Aug 2017 21:29:34 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 563d77f1387cb65815062b11270ab2f4
x-transaction: 00d1251d00f53957
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 200
OK di.js Show response
cdn.decibelinsight.net/i/13685/78943/ 108 KB
44 KB 48ms
9ms Script
text/javascript 52.29.211.156
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.decibelinsight.net/i/13685/78943/di.js
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.29.211.156 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-211-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 0fc9da422494d9e509cfd4c79fb6357dc048dbfc6c3550ac8e8c746122489298

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Content-Encoding: gzip
Server: nginx
ETag: W/098314581-15E3A330100
Vary: Origin
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, X-HTTP-Method-Override
Expires: Thu, 31 Aug 2017 21:59:34 GMT

GET ca.html
20768311p.rfihub.com/ Frame 1787 0
0

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/151/ 8 KB
3 KB 7ms
6ms Script
application/x-javascript 95.100.190.236
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/151/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.190.236 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-190-236.deploy.akamaitechnologies.com
Software: Apache /
Resource Hash: 585107ada7f42329cd4d6ab1d1e87fdf26f4994e8f47d72a44ee8ab5bd291288

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Aug 2015 02:19:08 GMT
Server: Apache
ETag: "bd3daad4a1e88a1196d76b6dd3c9deed:1440037148"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3503
Expires: Sat, 09 Dec 2017 21:29:34 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
53 B 36ms
11ms Image
image/gif 2a03:2880:f11b:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=134294853780865&ev=PageView&dl=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&rl=&if=false&ts=1504214974671&v=2.7.21&ec=0&o=30&it=1504214974444
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a03:2880:f11b:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date: Thu, 31 Aug 2017 21:29:34 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 31 Aug 2017 21:29:34 GMT

GET
H/1.1 200
OK get_dynamic_config.js Show response
secure.livechatinc.com/licence/7096611/ 1 KB
497 B 170ms
156ms Script
application/x-javascript 95.100.185.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.livechatinc.com/licence/7096611/get_dynamic_config.js?t=1504214974802&referrer=&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&params=&jsonp=__lc_data_145766
Requested by: Host: cdn.livechatinc.com
URL: https://cdn.livechatinc.com/tracking.js?_=1504214974361
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.100.185.64 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-185-64.deploy.akamaitechnologies.com
Software: Cowboy /
Resource Hash: 76d5ca1388a4ae1d85c2aab13a16b25ef24f26b90fd8fb2020b7b223422a6fd6

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2017 21:29:34 GMT
Content-Encoding: gzip
Server: Cowboy
Vary: Accept-Encoding
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 497
Expires: Thu, 31 Aug 2017 21:29:34 GMT

GET
H/1.1 200
OK visitWebPage Show response
336-tau-594.mktoresp.com/webevents/ 43 B
43 B 260ms
22ms XHR
image/gif 94.236.119.24
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://336-tau-594.mktoresp.com/webevents/visitWebPage?_mchNc=1504214974807&_mchCn=&_mchId=336-TAU-594&_mchTk=_mch-mimecast.com-1504214974807-39604&_mchHo=www.mimecast.com&_mchPo=&_mchRu=%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&_mchPc=https%3A&_mchVr=151&_mchHa=&_mchRe=&_mchQp=

Requested by

Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/151/munchkin.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

94.236.119.24 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache /

Resource Hash

cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Origin: https://www.mimecast.com

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2017 21:29:35 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 31 Aug 2017 16:29:35 -0500
Server: Apache
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: Keep-Alive
Content-Type: image/gif
Keep-Alive: timeout=5, max=100
Content-Length: 43
Expires: -1

GET
H/1.1 200
OK async-buttons.js Show response
ws.sharethis.com/button/ 90 KB
19 KB 6ms
6ms Script
application/javascript 23.9.213.71
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/async-buttons.js
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js?_=1504214974362
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.9.213.71 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-9-213-71.deploy.static.akamaitechnologies.com
Software: nginx/1.10.2 /
Resource Hash: 380052c28e5780e9159fe062a34f914a6cbe05edd40ae2b16dd9795b28557e3a

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Content-Encoding: gzip
Server: nginx/1.10.2
ETag: W/"595fc597-168ce"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=67820
Connection: keep-alive
Content-Length: 19074
Expires: Fri, 01 Sep 2017 16:19:54 GMT

GET
H/1.1 200
OK buttons-secure.css
ws.sharethis.com/button/css/ 23 KB
4 KB 6ms
6ms Stylesheet
text/css 23.9.213.71
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/css/buttons-secure.css
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/async-buttons.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.9.213.71 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-9-213-71.deploy.static.akamaitechnologies.com
Software: nginx/1.10.2 /
Resource Hash: 95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Content-Encoding: gzip
Last-Modified: Fri, 07 Jul 2017 17:32:07 GMT
Server: nginx/1.10.2
ETag: W/"595fc597-5a76"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Content-Length: 3851

GET
H/1.1 200
OK get_static_config.0.617.3.3.465.27.68.34.4.2.2.2.2.js Show response
secure.livechatinc.com/licence/7096611/v2/ 6 KB
2 KB 16ms
16ms Script
application/json 95.100.185.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.livechatinc.com/licence/7096611/v2/get_static_config.0.617.3.3.465.27.68.34.4.2.2.2.2.js?&jsonp=__lc_data_static_config
Requested by: Host: cdn.livechatinc.com
URL: https://cdn.livechatinc.com/tracking.js?_=1504214974361
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.100.185.64 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-185-64.deploy.akamaitechnologies.com
Software: /
Resource Hash: 4c166688b96cb29d936f7de6c642d73ea9741e62790905f1e3673c812bb46a82

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=UTF-8
Cache-Control: public, max-age=384
Connection: keep-alive
Content-Length: 2099
Expires: Thu, 31 Aug 2017 21:35:58 GMT

GET
H/1.1 200
OK localization.en.0.06a3584c688737c3e35f4146584405cf_019b1c453f1a574e0771a3dd120b09b1.js Show response
secure.livechatinc.com/licence/7096611/ 7 KB
3 KB 13ms
13ms Script
application/x-javascript 95.100.185.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.livechatinc.com/licence/7096611/localization.en.0.06a3584c688737c3e35f4146584405cf_019b1c453f1a574e0771a3dd120b09b1.js?jsonp=__lc_lang
Requested by: Host: cdn.livechatinc.com
URL: https://cdn.livechatinc.com/tracking.js?_=1504214974361
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.100.185.64 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-185-64.deploy.akamaitechnologies.com
Software: Cowboy /
Resource Hash: cac8d715ba7a4bc080278fa2050a12c13d74b1ff63cbe44742a2b65c645310d3

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Thu, 31 Aug 2017 21:29:35 GMT
Content-Encoding: gzip
Server: Cowboy
ETag: 279109729237575983675567960009733944814
Vary: Accept-Encoding
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 2690
Expires: Thu, 31 Aug 2017 21:37:23 GMT

GET
H/1.1 200
OK ping Show response
secure.livechatinc.com/licence/7096611/v2/ 74 B
74 B 156ms
144ms Script
application/json 95.100.185.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.livechatinc.com/licence/7096611/v2/ping?t=1504214974996&data=%7B%22visitor%22%3A%7B%22id%22%3A%22S1504214974.be825d8f87%22%2C%22group%22%3A0%7D%2C%22page%22%3A%7B%22title%22%3A%22Introducing%20the%20ROPEMAKER%20Email%20Exploit%20%7C%20Mimecast%20Blog%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fwww.mimecast.com%5C%2Fblog%5C%2F2017%5C%2F08%5C%2Fintroducing-the-ropemaker-email-exploit%5C%2F%22%7D%2C%22script_version%22%3A%7B%22tracking_env%22%3A%22production%22%2C%22tracking_version%22%3A%2220170831121150%22%7D%7D&jsonp=__lc_ping_965363
Requested by: Host: cdn.livechatinc.com
URL: https://cdn.livechatinc.com/tracking.js?_=1504214974361
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.100.185.64 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-185-64.deploy.akamaitechnologies.com
Software: /
Resource Hash: bce2fd7b0792404f6e63f61c8b1e9dd20eb26226e18d4dc6a202868867dcc62b

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2017 21:29:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Expires: Thu, 31 Aug 2017 21:29:35 GMT
Connection: keep-alive
Content-Length: 74
Content-Type: application/json; charset=UTF-8

GET open_chat.cgi
secure.livechatinc.com/licence/7096611/ Frame 1787 0
0

GET
H/1.1 200
OK chat_widget_init
secure.livechatinc.com/licence/7096611/v2/metrics/ 0
0 164ms
153ms Image
text/plain 95.100.185.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.livechatinc.com/licence/7096611/v2/metrics/chat_widget_init?data=%7B%22script_load_duration_ms%22%3A190%2C%22license_number%22%3A7096611%2C%22lc_version%22%3A%222%22%2C%22chat_widget_type%22%3A%22embedded%22%2C%22timezone_offset%22%3A%220%22%2C%22region%22%3A%22dal%22%2C%22script_version%22%3A%2220170831121150%22%2C%22navigation_load_duration_ms%22%3A1731%7D
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.100.185.64 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-185-64.deploy.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2017 21:29:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Expires: Thu, 31 Aug 2017 21:29:35 GMT
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain; charset=utf-8

GET
H/1.1 200
OK livechat-modern_7cf45543dc.ttf
cdn.livechatinc.com/fonts/modern/ Frame 1787 3 KB
3 KB 20ms
6ms Font
font/ttf 92.123.92.132
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.livechatinc.com/fonts/modern/livechat-modern_7cf45543dc.ttf?ekgvz6
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 92.123.92.132 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a92-123-92-132.deploy.akamaitechnologies.com
Software: Apache /
Resource Hash: 3e6d079eea043aa38cccfec91d99c47d3e29624727efcc91f2d4dd90bf66f01e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Origin: https://www.mimecast.com

Response headers

Date: Thu, 31 Aug 2017 21:29:35 GMT
Last-Modified: Mon, 22 May 2017 11:30:04 GMT
Server: Apache
ETag: "1c2cdc-b30-5501b313d6700"
Content-Type: font/ttf
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=23837643
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2864
Expires: Sun, 03 Jun 2018 19:03:38 GMT

GET
S 200 9k-RPmcnxYEPm8CNFsH2gg.woff
themes.googleusercontent.com/static/fonts/lato/v6/ Frame 1787 49 KB
41 KB 22ms
6ms Font
font/woff 2a00:1450:4001:81d::2001
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://themes.googleusercontent.com/static/fonts/lato/v6/9k-RPmcnxYEPm8CNFsH2gg.woff

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81d::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

c56d3ae16344120475d9ea84cf1814c94390896586be0e2c19447cc98e4a66f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Origin: https://www.mimecast.com

Response headers

date: Mon, 07 Aug 2017 11:22:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2110009
status: 200
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 42359
x-xss-protection: 1; mode=block
last-modified: Thu, 21 Apr 2016 03:17:22 GMT
server: sffe
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Aug 2018 11:22:46 GMT

GET
H/1.1 200
OK inlinetweet.js Show response
www.mimecast.com/Content/js/lib/ 2 KB
2 KB 38ms
38ms Script
application/x-javascript 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/Content/js/lib/inlinetweet.js

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

b0d953a103200bee10bad3d65ea73d84e8502fd24ca962d1810e6f415e7827e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 May 2017 16:09:38 GMT
ETag: "34a9b27f5ec3d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1572
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
S 200 /
www.facebook.com/tr/ 44 B
53 B 12ms
12ms Image
image/gif 2a03:2880:f11b:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=134294853780865&ev=Microdata&dl=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&rl=&if=false&ts=1504214975173&cd[Schema.org]=%5B%5D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Introducing%20the%20ROPEMAKER%20Email%20Exploit%22%2C%22og%3Adescription%22%3A%22ROPEMAKER%C2%A0Email%20Security%20Weakness%20-%20Vulnerability%20or%20Application%20Misuse%3F%5Cn%5CnMost%20people%20live%20under%20the%20assumption%20that%20email%20is%20immutable%20once%20delivered%2C%20like%20a%20physical%20letter.%C2%A0%20A%20new%20email%20exploit%2C%20dubbed%20ROPEMAKER%20by%20Mimecast%E2%80%99s%20research%20team%2C%20turns%20that%20assumption%20on%20its%20head%2C%20u%E2%80%A6%22%2C%22og%3Aimage%22%3A%22%2Flink%2F0955de99096e4434ab48879375670aac.aspx%22%7D&cd[Meta]=%7B%22title%22%3A%22Introducing%20the%20ROPEMAKER%20Email%20Exploit%20%7C%20Mimecast%20Blog%22%2C%22meta%3Adescription%22%3A%22Mimecast%20research%20team%20discloses%20new%20email%20security%20exploit%20ROPEMAKER%20in%20a%20new%20security%20advisory.%22%2C%22meta%3Akeywords%22%3A%22email%20security%2C%20email%20security%20risk%2C%20email%20exploit%2C%20email-based%20attack%2C%20cybercrime%2C%20cyberattack%2C%20email%20threat%2C%20targeted%20email%20attack%2C%20email-borne%20attack%2C%20software%20vulnerability%2C%22%7D&v=2.7.21&o=30
Requested by: Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a03:2880:f11b:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date: Thu, 31 Aug 2017 21:29:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 31 Aug 2017 21:29:35 GMT

GET
H/1.1 200
OK chartbeat.js Show response
www.mimecast.com/scripts/ 6 KB
3 KB 55ms
55ms Script
application/x-javascript 146.101.202.134
TELSTRAEUROPELTD-...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mimecast.com/scripts/chartbeat.js

Requested by

Host: www.mimecast.com
URL: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

146.101.202.134 London, United Kingdom, ASN1290 (TELSTRAEUROPELTD-BACKBONE Telstra Europe Ltd, GB),

Reverse DNS

Software

Resource Hash

f79b250d91e056a0508f78c1a603b9cf437be2294685d48f69759dcbbf3a9b2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 11 Nov 2015 16:50:44 GMT
ETag: "0a131ba11cd11:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: max-age=2592000
Date: Thu, 31 Aug 2017 21:29:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 3087
X-XSS-Protection: 1; mode=block
X-Served-By: IIS02

GET
S 200 adsct Show response
analytics.twitter.com/i/ 31 B
66 B 122ms
121ms Script
application/javascript 199.16.156.232
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nxcdp&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.16.156.232 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_b /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date: Thu, 31 Aug 2017 21:29:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 1; mode=block
x-response-time: 19
pragma: no-cache
last-modified: Thu, 31 Aug 2017 21:29:35 GMT
server: tsa_b
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 7e8f656c7976ce814b7b1a6a78a9fa09
x-transaction: 002dbce400ae940e
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 200
OK analytics Show response
po.st/ 37 B
37 B 394ms
98ms Script
application/javascript 74.217.253.90
Internap Network ...

General

Check archive.org

Show headers Download Go to

Full URL: https://po.st/analytics?applicationId=F6299AE3-9524-4A53-9EF8-885E196B531D&_=1504214975270&callback=pwNeuCallbackeb53d
Requested by: Host: analytics.po.st
URL: https://analytics.po.st/static/v1/wa.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 74.217.253.90 , United States, ASN10913 (INTERNAP-BLK - Internap Network Services Corporation, US),
Reverse DNS
Software: post/2.0 /
Resource Hash: c18c0c2dc50c699d4a19048edc435215e576665174cb9a5b387ee08ee4458c7b

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2017 21:29:35 GMT
Server: post/2.0
P3p: CP="PSAo PSDo OUR BUS DSP NON COR"
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection: close
Content-type: application/javascript;charset=UTF-8
Content-Length: 37
Expires: Tue, 29 Oct 2002 19:50:44 GMT

GET
H/1.1

200
OK

/ Show response
dc.ads.linkedin.com/collect/
Redirect Chain

https://www.linkedin.com/csp/dtag?p=9&_x=%2526opid%253D8016%2526fmt%253Djs%2526ref%253D%2526ck%253D%2526url%253Dhttps%25253A%25252F%25252Fwww.mimecast.com%25252Fblog%25252F2017%25252F08%25252Fintro...
https://dc.ads.linkedin.com/collect/?pid=6883&opid=8016&fmt=js&ref=&ck=&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&s=1&pageUrl=https%3A%2F%2F...

220 B
220 B

38ms
38ms

Script
text/javascript

176.34.123.68
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dc.ads.linkedin.com/collect/?pid=6883&opid=8016&fmt=js&ref=&ck=&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&s=1&pageUrl=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&time=1504214975273&3pc=true&an_user_id=2150875399220012646
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 176.34.123.68 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-176-34-123-68.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 375f99dac6752a433c5ba25d9924589519d599f9305ac05bc20aa81c8a3b9190

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2017 21:29:35 GMT
Server: nginx
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Content-Language: en-US
Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 220

Redirect headers

date: Thu, 31 Aug 2017 21:29:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-li-fabric: prod-ltx1
status: 302
strict-transport-security: max-age=2592000
x-li-uuid: XYuJ/YwL4BQAME7xRSsAAA==
server: Apache-Coyote/1.1
pragma: no-cache
x-li-pop: PROD-IDB2
vary: Accept-Encoding
content-language: en-US
location: https://dc.ads.linkedin.com/collect/?pid=6883&opid=8016&fmt=js&ref=&ck=&url=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&s=1&pageUrl=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&time=1504214975273&3pc=true&an_user_id=2150875399220012646
x-xss-protection: 1; mode=block
cache-control: no-store, private
x-li-proto: http/2
x-fs-uuid: 5d8b89fd8c0be01400304ef1452b0000

GET
H/1.1 200
OK ping
ping.chartbeat.net/ 43 B
43 B 399ms
101ms Image
image/gif 54.225.73.95
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=mimecast.com&p=%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&u=hccthntogsdcmd9j.1504214975328.1504214975328.00000000000001&d=mimecast.com&g=25080&n=1&f=1&c=0&x=0&y=4975&w=1200&j=45&R=1&W=0&I=0&E=0&r=&t=y52vmuycepvhvvht&V=3&i=Introducing%20the%20ROPEMAKER%20Email%20Exploit%20%7C%20Mimecast%20Blog&_
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.225.73.95 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-225-73-95.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H/1.1 200
OK wa Show response
p.po.st/ 0
0 53ms
12ms XHR
text/plain 208.146.36.215
Internap Network ...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.po.st/wa?applicationId=F6299AE3-9524-4A53-9EF8-885E196B531D
Requested by: Host: analytics.po.st
URL: https://analytics.po.st/static/v1/wa.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 208.146.36.215 Chesterfield, United States, ASN14744 (INTERNAP-BLOCK-4 - Internap Network Services Corporation, US),
Reverse DNS
Software: cayman/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Origin: https://www.mimecast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

Pragma: no-cache
Server: cayman/1.0
Access-control-allow-origin: https://www.mimecast.com
Cache-control: private, no-cache, proxy-revalidate
Access-control-allow-credentials: true
Connection: close
Content-Length: 0
Expires: Tue, 29 Oct 2002 19:50:44 GMT

POST
H/1.1 200
OK wa Show response
p.po.st/ 0
0 53ms
12ms XHR
text/plain 208.146.36.215
Internap Network ...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.po.st/wa?applicationId=F6299AE3-9524-4A53-9EF8-885E196B531D
Requested by: Host: analytics.po.st
URL: https://analytics.po.st/static/v1/wa.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 208.146.36.215 Chesterfield, United States, ASN14744 (INTERNAP-BLOCK-4 - Internap Network Services Corporation, US),
Reverse DNS
Software: cayman/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Origin: https://www.mimecast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

Pragma: no-cache
Server: cayman/1.0
Access-control-allow-origin: https://www.mimecast.com
Cache-control: private, no-cache, proxy-revalidate
Access-control-allow-credentials: true
Connection: close
Content-Length: 0
Expires: Tue, 29 Oct 2002 19:50:44 GMT

POST
H/1.1 200
OK wa Show response
p.po.st/ 0
0 53ms
13ms XHR
text/plain 208.146.36.215
Internap Network ...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.po.st/wa?applicationId=F6299AE3-9524-4A53-9EF8-885E196B531D
Requested by: Host: analytics.po.st
URL: https://analytics.po.st/static/v1/wa.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 208.146.36.215 Chesterfield, United States, ASN14744 (INTERNAP-BLOCK-4 - Internap Network Services Corporation, US),
Reverse DNS
Software: cayman/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
Origin: https://www.mimecast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

Pragma: no-cache
Server: cayman/1.0
Access-control-allow-origin: https://www.mimecast.com
Cache-control: private, no-cache, proxy-revalidate
Access-control-allow-credentials: true
Connection: close
Content-Length: 0
Expires: Tue, 29 Oct 2002 19:50:44 GMT

GET

p23
rp.gwallet.com/r1/bcm/ Frame 1787
Redirect Chain

https://rp.gwallet.com/r1/pixel/x8208r897410514
https://rp.gwallet.com/r1/bcm/p23

0
0

GET
H/1.1 200
OK l
imp2.ads.linkedin.com/ 42 B
42 B 115ms
30ms Image
image/gif 176.34.228.191
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imp2.ads.linkedin.com/l
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 176.34.228.191 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-176-34-228-191.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2017 21:29:36 GMT
Server: nginx
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif;charset=UTF-8
Content-Length: 42

GET index.html
ws.sharethis.com/secure/ Frame 1787 0
0

GET
H/1.1 200
OK ping Show response
secure.livechatinc.com/licence/7096611/v2/ 74 B
74 B 132ms
132ms Script
application/json 95.100.185.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.livechatinc.com/licence/7096611/v2/ping?t=1504214976304&data=%7B%22visitor%22%3A%7B%22id%22%3A%22S1504214974.be825d8f87%22%2C%22group%22%3A0%2C%22custom_variables%22%3A%5B%7B%22name%22%3A%22mkto%22%2C%22value%22%3A%22id%3A336-TAU-594%26token%3A_mch-mimecast.com-1504214974807-39604%22%7D%2C%7B%22name%22%3A%22user_country%22%2C%22value%22%3A%22Germany%22%7D%2C%7B%22name%22%3A%22user_city%22%2C%22value%22%3A%22%22%7D%5D%7D%2C%22page%22%3A%7B%22title%22%3A%22Introducing%20the%20ROPEMAKER%20Email%20Exploit%20%7C%20Mimecast%20Blog%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fwww.mimecast.com%5C%2Fblog%5C%2F2017%5C%2F08%5C%2Fintroducing-the-ropemaker-email-exploit%5C%2F%22%7D%2C%22script_version%22%3A%7B%22tracking_env%22%3A%22production%22%2C%22tracking_version%22%3A%2220170831121150%22%7D%7D&jsonp=__lc_ping_944999
Requested by: Host: cdn.livechatinc.com
URL: https://cdn.livechatinc.com/tracking.js?_=1504214974361
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.100.185.64 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-185-64.deploy.akamaitechnologies.com
Software: /
Resource Hash: 89cc2697a736da4dcfd4bf2c936599fa95e9d65325ff5cadf449e96170432ef7

Request headers

Referer: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2017 21:29:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Expires: Thu, 31 Aug 2017 21:29:36 GMT
Connection: keep-alive
Content-Length: 74
Content-Type: application/json; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: rs.gwallet.com
URL: https://rs.gwallet.com/r1/pixeltag/x201r275712941

Domain: 20768311p.rfihub.com
URL: https://20768311p.rfihub.com/ca.html?rfiidc=1048283196196729352&rfiaid=3d39cdf71fa94d0a8f27ea145a081f89&ver=9&rb=30788&ca=20768311&_o=30788&_t=20768311&pe=https%3A%2F%2Fwww.mimecast.com%2Fblog%2F2017%2F08%2Fintroducing-the-ropemaker-email-exploit%2F&pf=&ra=23706432402807298

Domain: secure.livechatinc.com
URL: https://secure.livechatinc.com/licence/7096611/open_chat.cgi?groups=0&embedded=1&newWebserv=undefined&__lc_vv=2&session_id=S1504214974.be825d8f87&server=secure.livechatinc.com

Domain: rp.gwallet.com
URL: https://rp.gwallet.com/r1/bcm/p23

Domain: ws.sharethis.com
URL: https://ws.sharethis.com/secure/index.html

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.livechatinc.com/licence/7096611	1970-01-01 00:00:00	Name: __lc_vv Value: 2
.rfihub.com/	2018-09-25 21:29:35	Name: eud Value: H4sIAAAAAAAAAF3OKw7AIBRE0fSXNE26l9IADVusfJIlIJHISpaArERWoqq58mSSmfHDrsyhT6XdZZS1AY5wgjNc4QbfY2-BPRzgCCe4wBX-uDehH5YZf-ACy4I-WFbk8ANnuMAv3Oit9w_0Z1-y8AEAAA
.mimecast.com/	2017-08-31 21:39:34	Name: __utmt_UA-1898620-9 Value: 1
.mimecast.com/	2019-08-31 21:29:34	Name: __utma Value: 147046443.1922182523.1504214974.1504214974.1504214974.1
.livechatinc.com/licence/7096611	2020-09-29 21:29:35	Name: __livechat_lastvisit Value: mimecast.com%3D1504214975
.mimecast.com/	2017-09-01 21:29:34	Name: _gid Value: GA1.2.1576450810.1504214974
.mimecast.com/	2019-08-31 21:29:34	Name: _ga Value: GA1.2.1922182523.1504214974
.gwallet.com/	2018-08-31 21:29:34	Name: ra1_sid Value: 340
.rfihub.com/	2018-09-25 21:29:35	Name: rud Value: H4sIAAAAAAAAAOMSNjQwsTCyMDa0NAMicyNLY1MjIT5DXfcqS4sQ15R0w9IsXyleQ1MDEyNDE0tzE1NzUwDJ3g3nNAAAAA
www.mimecast.com/	2017-11-30 22:29:35	Name: Mimecast Value: cookieflag=31/08/2017 22:29:34
www.mimecast.com/	2018-08-31 21:29:34	Name: EPi_NumberOfVisits Value: 1,2017-08-31T21:29:33
.livechatinc.com/licence/7096611	2020-09-29 21:29:35	Name: __livechat Value: lc_all_invitation%3D0%26lc_auto_invites_shown%3D%26lc_chat_number%3D0%26lc_client_version%3D%26lc_goals_achieved%3D%26lc_integration_params%3D%26lc_lang%3Den%26lc_last_conference_id%3D%26lc_last_operator_key%3D%26lc_last_operator_key_per_skill%3D%26lc_last_visit%3D1504214975%26lc_nick%3D%26lc_ok_invitation%3D0%26lc_page_view%3D1%26lc_session%3DS1504214974.be825d8f87%26lc_visit_number%3D1
.mimecast.com/	1970-01-01 00:00:00	Name: lc_window_state Value: minimized
www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit	1970-01-01 00:00:00	Name: Value: __sharethis_cookie_test__
.livechatinc.com/licence/7096611	1970-01-01 00:00:00	Name: 3rdparty Value: allow
.mimecast.com/	2019-08-31 21:29:34	Name: _mkto_trk Value: id:336-TAU-594&token:_mch-mimecast.com-1504214974807-39604
.gwallet.com/	2018-08-31 21:29:34	Name: RA1balancer Value: MTAuMTAyLjIuMjIxIDg4ODggdjI=
.mimecast.com/	2017-08-31 21:30:34	Name: _gat_UA-1898620-6 Value: 1
.gwallet.com/	2018-08-31 21:29:34	Name: ra1_sgm_301021298 Value: -0-ruBh1-jQX0000-kQX0000
www.mimecast.com/	1970-01-01 00:00:00	Name: ASP.NET_SessionId Value: cv1aumwy15etmlvpjb5fjcli
.mimecast.com/	1970-01-01 00:00:00	Name: __utmc Value: 147046443
.livechatinc.com/licence/7096611	1970-01-01 00:00:00	Name: recent_window Value: 8373132
.rfihub.com/	1970-01-01 00:00:00	Name: ruds Value: H4sIAAAAAAAAAOMSNjQwsTCyMDa0NAMicyNLY1MjIT5DXfcqS4sQ15R0w9IsXwAMD8yuJQAAAA
.mimecast.com/	2018-03-02 09:29:34	Name: __utmz Value: 147046443.1504214974.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.mimecast.com/	2017-08-31 21:59:34	Name: _uetsid Value: _uetd973451b
.mimecast.com/	2020-05-27 21:29:34	Name: __lc.visitor_id.7096611 Value: S1504214974.be825d8f87
.mimecast.com/	2018-05-31 00:00:00	Name: __unam Value: 303c07d-15e3a32ff12-2ed1bd06-2
.mimecast.com/	2017-08-31 21:59:34	Name: __utmb Value: 147046443.1.10.1504214974
.gwallet.com/	2018-08-31 21:29:34	Name: ra1_sgm_275324684 Value: -0-ruBh1-0rV0000
.gwallet.com/	2018-08-31 21:29:34	Name: ra1_uid Value: 6144565123239197760

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://play.vidyard.com/v1/progress-events.js(Line 1) Message: No Vidyard Players found. (include this script below player embed codes)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20768311p.rfihub.com
336-tau-594.mktoresp.com
a.rfihub.com
analytics.po.st
analytics.twitter.com
attr.ml-api.io
bat.bing.com
buttons-config.sharethis.com
c1.rfihub.net
cdn.decibelinsight.net
cdn.livechatinc.com
connect.facebook.net
d3c3cq33003psk.cloudfront.net
dc.ads.linkedin.com
fonts.googleapis.com
fonts.gstatic.com
imp2.ads.linkedin.com
l.sharethis.com
munchkin.marketo.net
p.po.st
ping.chartbeat.net
platform-api.sharethis.com
play.vidyard.com
po.st
r.turn.com
rp.gwallet.com
rs.gwallet.com
secure.adnxs.com
secure.livechatinc.com
snap.licdn.com
ssl.google-analytics.com
static.ads-twitter.com
t.co
tags.w55c.net
themes.googleusercontent.com
ws.sharethis.com
www.facebook.com
www.google-analytics.com
www.google.de
www.googletagmanager.com
www.mimecast.com
20768311p.rfihub.com
rp.gwallet.com
rs.gwallet.com
secure.livechatinc.com
ws.sharethis.com
104.244.42.5
104.244.43.176
146.101.202.134
151.101.113.181
176.34.123.68
176.34.228.191
184.31.82.197
185.31.128.208
192.229.233.175
199.16.156.232
204.79.197.200
208.146.36.215
23.9.213.71
2a00:1450:4001:815::2008
2a00:1450:4001:81d::2001
2a00:1450:4001:81d::2003
2a00:1450:4001:81d::2008
2a00:1450:4001:81d::200a
2a00:1450:4001:81d::200e
2a00:1450:401b:801::2003
2a02:26f0:10c:382::25ea
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f11b:83:face:b00c:0:25de
35.157.42.240
37.252.172.40
46.228.164.11
52.29.211.156
52.85.89.46
52.85.90.71
54.225.73.95
74.217.253.60
74.217.253.90
81.95.155.130
92.123.92.132
92.123.93.60
94.236.119.24
95.100.185.64
95.100.190.236
01ad9892aa93628962d6695c41d667c9c8507809326bcb719b2887cfc47921fa
0947688a72892e7191820bfa1ead857cbe2b79a544b7598154f25aecfd1416e0
0b926d2e9e6057025b9088413fb3fde286e52eadc5f34b8051182d818846e2d8
0ec64c389adb6cd42c9211265d06f220d29cb9ec8033abb7f800369ae3876a74
0fc9da422494d9e509cfd4c79fb6357dc048dbfc6c3550ac8e8c746122489298
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1a242ce0682eb03ac301e048e640db9265d638c6786dafbe423553a80e287aa9
1e616b6c247a49d421851c467056873dd9aaa9e1cf3900bb161ae1b1889f84ac
213b79b07d63865366cad20de716e42200526881ac648137e894922422a26850
22fdd87b9eb01469a9a3b9839c400bed75073a1f857b4f81ae159d0b9bc57a27
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3113365e1217e0d6977bd072fd191164922f0d0fe38fbb4741206ca4374fd53f
375f99dac6752a433c5ba25d9924589519d599f9305ac05bc20aa81c8a3b9190
380052c28e5780e9159fe062a34f914a6cbe05edd40ae2b16dd9795b28557e3a
3c380bc0bfd98df4685c69bb15c6b483d6c471007f9b95e25529fcd6e1ec6fb1
3e6d079eea043aa38cccfec91d99c47d3e29624727efcc91f2d4dd90bf66f01e
3ff29d0e937c5180321601fad67d8fa4a911e59147321a1c79f29fffff6ef32c
40d71c948b96c97c603b01cc330a7b49c83ea02977218686d1b40afd0d771499
42c99176a52bb64d5df004fb91326ff6b28bfbe2939ec88244a224f7321e565d
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4c166688b96cb29d936f7de6c642d73ea9741e62790905f1e3673c812bb46a82
4e2ed635abf0b2dcbac3ea04d16ccf58bb2195364d65b76190f03da0f43255c5
4f87c2b0b342c2382eb83be1b1426678e85e786249cf7ba876cf79c77b85f661
522cc831f77209aa434abd05e5a9a114ec3aab233232394877ea5446130584de
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
57419900b070f3c07f4346a4d35c88b7e15f12617975ae987d54a4808a7224ee
585107ada7f42329cd4d6ab1d1e87fdf26f4994e8f47d72a44ee8ab5bd291288
589305780e339b3b6a64b600d5405105325f48804f590b9a366b4b7b9dae2414
6375fd5a3eb99e2dac3e91b45633c81ad40aa155f94d3d1318d5d6bcad2278a5
6607422d88429d241663bc8d56156acbad25ca653f608515628c4fd15ee3d299
6b6b427cf76ccb7453b094cb9e524edc61aa392ab13fd7af2b1b5b27af825db8
76d5ca1388a4ae1d85c2aab13a16b25ef24f26b90fd8fb2020b7b223422a6fd6
7c5475aec3024333e1b029da18390c46818c35c7bcf5cf8222ef4589df48d877
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
82b6e56775893fcdd12ae7b9036b0a21514314ce5dc5ac40f2c1221707fa2291
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
843e231dae5df0fd1a4515bbd5a256b7d9c33d4feadde6d63b852fad36c9d4cc
84653b32c7338bb1917bb9fef13886defc941a7e26e40cd1027da969a71ef97e
884ba10d1d5dc22b8ed639cb80e228d555384947835db88d689b1739fa3b7626
89cc2697a736da4dcfd4bf2c936599fa95e9d65325ff5cadf449e96170432ef7
8ac78f8be0e32dcc7ec3c1a218d0228d37ccc4e488320b1d87d2b36e09c78f50
8ae34a320182bfbaec83a2bb0658da0c0c1cc34920b4d138505109c65315ea61
8e1bb2ee0cfc58e51b719578b8a23e789e5b38e5be14487cfd676f1673ae98a3
95028aca0145e0c1b278fb20162f29625ef72123f35e11c25502da27b121f879
955175524ed2d05fc72af794c0aa778fc6ff42a2b1b746b86dadee5a6f8403b2
95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05
99dfaef92b1ac4f0705419bb0e8066ba5aa6775e4fd04344f6279e6f206a4dff
9c31fa7f6862edfdbe3ba9f19aef76940950a1ab03bb9b431b6cdc954321e921
9e9c8a043e1bf1f733d74e45fcb6356e51b2a7259c3ce3674badca52e0a3ec31
9eb347e2aee96bdcc7f0d62e9db2c0e52480fa71c1be8f141c7b5b1c42fb8517
a0d0af3148c1142dd9316de8c96dab4ff18e2bd082b71ef3dfb840dcb449af30
a71321e48c03e7f8856b4002730ecc657ad76d8cd33f27565265e7481002cf02
a795bccb24de6a50998ad96fde368ad87b47b227feb48538b4587e18c39caf9e
aa23d7843b1e2807f2e92c315484dc16ec2a916dc7fc461052f879d73397a727
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b0d953a103200bee10bad3d65ea73d84e8502fd24ca962d1810e6f415e7827e8
b8033185bc513faee7e0bfd577f89c1581faf25d6c66b2d135ffb47b89da6120
b9d204c70830b9b4b1792ee57156293e317a1149e5c22b4996eccdb083ac5c78
bb5819a637c2d5bc2f66c84a9d8659bcc0024f407d83c5b81a568438fc1c7009
bce2fd7b0792404f6e63f61c8b1e9dd20eb26226e18d4dc6a202868867dcc62b
c18c0c2dc50c699d4a19048edc435215e576665174cb9a5b387ee08ee4458c7b
c1e4c83635e841c3e7c6c0c3fe867c286af6c6d5ba3b6177adb1aaa797f3ceb4
c56d3ae16344120475d9ea84cf1814c94390896586be0e2c19447cc98e4a66f0
c8aff554af86844bee6a4dda40e9f6bf5b08826ad96dadc9ceeb1a764b52b846
c90e62946e937d68b8202f58713e4affd532d2a46744dc72250ee8193ee0eb43
cac8d715ba7a4bc080278fa2050a12c13d74b1ff63cbe44742a2b65c645310d3
cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84
cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40
ce3bbd0bb71df903c9a88a8b7d737d127360bc360f527ef7ce69a3629e57a4a3
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d208c0d94a012545757abf8afa609f3212405c488f4cfad5b87630913989af29
d25978fe55134fca5809658f72b3db84b7cbb754e5760e5c2f21cf23ea627790
d44800a2f4db04ec142c65557ab71ed547ebd28c11855d57e769b61319caade1
d6ee6d74038ac06d43ea7778db90ac3b223904b1fcd6d155ef602c3a6fc26cd2
d84859b75faf57a4884af570cd1f32ffcbc10fd1024380a093a2345f22c4e92f
d9e21e1e973999172343adc77be3bffc3a31655a96d40e52a053ba32c4dccc86
dead5437d08b4c7785db3968807f36a624d558e3d8d68fd275879fe31475ac6c
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
dfd6209cd5513fd0419c8928f3cdf1eeca23e53152f0558e732af7b0a8f7eb15
e015dc170388550ad7d668f700089b0237a8109dcd8a51954ac4cbbb9b216282
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5e507f21ce85c202374b3c65a7de4085ea65655493ae669624a49b98198c32c
e7ec67482d682c67173abae0f94bee9dfb3d314d78989a1e705f73ed4c6f5dc1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1cd4c228f8beeafbcbd6d2bc2f40a7153101ae6c2779e598adfadf3fbbcf1b5
f1ce6b635e9320197895ccf90417ab2554bc9c5d4ec8e0ce2d9a5e792165334c
f79b250d91e056a0508f78c1a603b9cf437be2294685d48f69759dcbbf3a9b2e
f958b546026df6a575adebea1a50a9feec14841a93a2b26cd94fd85c42b0ef7c
fdb705288e6566e631455d2a0f4f3c531ba0d41af5c2e42c897abe2710049544
ffbb48e70e9584d346e6e19477752db705653693625e928a30b491c37405bfe6

www.mimecast.com Open in urlscan Pro 146.101.202.134 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

107 Requests

95 %HTTPS

26 %IPv6

31 Domains

41 Subdomains

39 IPs

6 Countries

5068 kBTransfer

6293 kBSize

30 Cookies

10 Outgoing links

Redirected requests

107 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.mimecast.com Open in urlscan Pro
146.101.202.134 Public Scan

Screenshot
Live screenshot

Full Image

107
Requests

95 %
HTTPS

26 %
IPv6

31
Domains

41
Subdomains

39
IPs

6
Countries

5068 kB
Transfer

6293 kB
Size

30
Cookies

107 HTTP transactions
0 data transactions