www.magnetforensics.com Open in urlscan Pro
178.128.232.90 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Submission: On February 19 via api (February 19th 2020, 6:14:44 pm UTC) from US

Summary HTTP 60 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 29 IPs in 8 countries across 33 domains to perform 60 HTTP transactions. The main IP is 178.128.232.90, located in Toronto, Canada and belongs to DIGITALOCEAN-ASN, US. The main domain is www.magnetforensics.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on February 18th 2020. Valid for: a year.

This is the only time www.magnetforensics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	178.128.232.90 178.128.232.90	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
2 2	2a00:1450:400... 2a00:1450:4001:815::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:817::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	23.210.248.45 23.210.248.45	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
2	209.128.119.223 209.128.119.223	7151 (BAYAREA-AS) (BAYAREA-AS)
2	169.50.137.179 169.50.137.179	36351 (SOFTLAYER) (SOFTLAYER)
2 2	54.76.69.10 54.76.69.10	16509 (AMAZON-02) (AMAZON-02)
2	13.35.255.55 13.35.255.55	16509 (AMAZON-02) (AMAZON-02)
2	199.185.0.231 199.185.0.231	21592 (MULTIVIEW) (MULTIVIEW)
16 22	169.50.137.190 169.50.137.190	36351 (SOFTLAYER) (SOFTLAYER)
1	2600:1f18:612... 2600:1f18:612b:4200:f69a:fb6b:1639:6a52	14618 (AMAZON-AES) (AMAZON-AES)
1 1	35.176.88.2 35.176.88.2	16509 (AMAZON-02) (AMAZON-02)
2	34.196.147.178 34.196.147.178	14618 (AMAZON-AES) (AMAZON-AES)
2 2	2600:1901:0:8... 2600:1901:0:8eee::	15169 (GOOGLE) (GOOGLE)
2 2	147.75.102.200 147.75.102.200	54825 (PACKET) (PACKET)
1	185.59.220.29 185.59.220.29	60068 (CDN77) (CDN77)
1	34.199.92.135 34.199.92.135	14618 (AMAZON-AES) (AMAZON-AES)
1	23.45.237.36 23.45.237.36	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	52.49.39.42 52.49.39.42	16509 (AMAZON-02) (AMAZON-02)
1	72.251.249.14 72.251.249.14	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	35.190.72.21 35.190.72.21	15169 (GOOGLE) (GOOGLE)
1 1	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:820::2002	15169 (GOOGLE) (GOOGLE)
1 2	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
1	185.33.223.200 185.33.223.200	29990 (ASN-APPNEX) (ASN-APPNEX)
1	74.214.194.140 74.214.194.140	59940 (PULSEPOIN...) (PULSEPOINT-EU)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE)
2 2	172.217.21.226 172.217.21.226	15169 (GOOGLE) (GOOGLE)
2	35.174.150.168 35.174.150.168	14618 (AMAZON-AES) (AMAZON-AES)
1	52.21.178.134 52.21.178.134	14618 (AMAZON-AES) (AMAZON-AES)
60	29

13 178.128.232.90 (Toronto, Canada)

ASN14061 (DIGITALOCEAN-ASN, US)

www.magnetforensics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:815::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.248.45 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-45.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.128.119.223 (United States)

ASN7151 (BAYAREA-AS, US)
PTR: 209-128-119-223.bayarea.net

twin-iq.kickfire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.50.137.179 (United States)

ASN36351 (SOFTLAYER, US)
PTR: b3.89.32a9.ip4.static.sl-reverse.com

i.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.69.10 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-69-10.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.35.255.55 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-255-55.fra6.r.cloudfront.net

d1eoo1tco6rr5e.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.185.0.231 (United States)

ASN21592 (MULTIVIEW, US)

www.rumiview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 169.50.137.190 (United States) 16 redirects

ASN36351 (SOFTLAYER, US)
PTR: be.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4200:f69a:fb6b:1639:6a52 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

simplifi.partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.176.88.2 (London, United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-176-88-2.eu-west-2.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.196.147.178 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-147-178.compute-1.amazonaws.com

sync.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:8eee:: (United States) 2 redirects

ASN15169 (GOOGLE, US)

fei.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.75.102.200 (Central, Hong Kong) 2 redirects

ASN54825 (PACKET, US)

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.59.220.29 (Frankfurt am Main, Germany)

ASN60068 (CDN77, GB)
PTR: frankfurt-20.cdn77.com

load77.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.199.92.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-92-135.compute-1.amazonaws.com

sync.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.237.36 (United States)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-237-36.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.39.42 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-39-42.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.249.14 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.72.21 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 21.72.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.194 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.125 (Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, NL)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.223.200 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 308.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.214.194.140 (Amsterdam, Netherlands)

ASN59940 (PULSEPOINT-EU, NL)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.120.147 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 147.120.95.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.21.226 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s13-in-f226.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.174.150.168 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-3-ue1.aws.pardot.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.21.178.134 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-2-ue1.aws.pardot.com

go.magnetforensics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	simpli.fi 16 redirects i.simpli.fi um.simpli.fi	13 KB
14	magnetforensics.com www.magnetforensics.com go.magnetforensics.com	724 KB
4	facebook.com www.facebook.com	455 B
4	doubleclick.net 4 redirects stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	2 KB
3	exelator.com 2 redirects loadm.exelator.com load77.exelator.com	3 KB
3	facebook.net connect.facebook.net	255 KB
2	pardot.com pi.pardot.com	4 KB
2	openx.net 1 redirects us-u.openx.net	501 B
2	spotxchange.com 1 redirects sync.search.spotxchange.com	1 KB
2	crwdcntrl.net 1 redirects bcp.crwdcntrl.net	1 KB
2	pro-market.net 2 redirects fei.pro-market.net	893 B
2	intentiq.com sync.intentiq.com	1 KB
2	rumiview.com www.rumiview.com	21 KB
2	cloudfront.net d1eoo1tco6rr5e.cloudfront.net
2	adsrvr.org 2 redirects insight.adsrvr.org	294 B
2	kickfire.com twin-iq.kickfire.com	998 B
2	youtube.com www.youtube.com	931 B
2	google.de www.google.de	219 B
2	google.com 2 redirects www.google.com	447 B
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	googletagmanager.com www.googletagmanager.com	62 KB
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	contextweb.com bh.contextweb.com	445 B
1	adnxs.com ib.adnxs.com	873 B
1	googleadservices.com 1 redirects www.googleadservices.com	312 B
1	rlcdn.com idsync.rlcdn.com	62 B
1	lijit.com ce.lijit.com	406 B
1	bluekai.com stags.bluekai.com	329 B
1	bfmio.com sync.bfmio.com	421 B
1	agkn.com 1 redirects aa.agkn.com	319 B
1	tremorhub.com simplifi.partners.tremorhub.com	182 B
1	ytimg.com s.ytimg.com	10 KB
1	adobedtm.com assets.adobedtm.com	16 KB
60	33

	Domain	Requested by
22	um.simpli.fi	16 redirects www.magnetforensics.com
13	www.magnetforensics.com	www.magnetforensics.com
4	www.facebook.com	www.magnetforensics.com connect.facebook.net
3	connect.facebook.net	www.magnetforensics.com connect.facebook.net
2	pi.pardot.com	www.magnetforensics.com pi.pardot.com
2	cm.g.doubleclick.net	2 redirects
2	us-u.openx.net	1 redirects www.magnetforensics.com
2	sync.search.spotxchange.com	1 redirects www.magnetforensics.com
2	bcp.crwdcntrl.net	1 redirects www.magnetforensics.com
2	loadm.exelator.com	2 redirects
2	fei.pro-market.net	2 redirects
2	sync.intentiq.com	www.magnetforensics.com
2	www.rumiview.com	www.magnetforensics.com
2	d1eoo1tco6rr5e.cloudfront.net	assets.adobedtm.com
2	insight.adsrvr.org	2 redirects
2	i.simpli.fi	assets.adobedtm.com i.simpli.fi
2	twin-iq.kickfire.com	assets.adobedtm.com www.magnetforensics.com
2	www.youtube.com	www.magnetforensics.com www.googletagmanager.com
2	www.google.de	www.magnetforensics.com
2	www.google.com	2 redirects
2	www.google-analytics.com	1 redirects www.googletagmanager.com
2	www.googletagmanager.com	www.magnetforensics.com assets.adobedtm.com
1	go.magnetforensics.com	pi.pardot.com
1	pixel.rubiconproject.com	www.magnetforensics.com
1	bh.contextweb.com	www.magnetforensics.com
1	ib.adnxs.com	www.magnetforensics.com
1	googleads.g.doubleclick.net	1 redirects
1	www.googleadservices.com	1 redirects
1	idsync.rlcdn.com	www.magnetforensics.com
1	ce.lijit.com	www.magnetforensics.com
1	stags.bluekai.com	www.magnetforensics.com
1	sync.bfmio.com	www.magnetforensics.com
1	load77.exelator.com	www.magnetforensics.com
1	aa.agkn.com	1 redirects
1	simplifi.partners.tremorhub.com	www.magnetforensics.com
1	s.ytimg.com	www.youtube.com
1	assets.adobedtm.com	www.googletagmanager.com
1	stats.g.doubleclick.net	1 redirects
60	38

This site contains links to these domains. Also see Links.

Domain
support.magnetforensics.com
magnetusersummit.com
twitter.com
www.linkedin.com
www.youtube.com
feeds.feedburner.com
magnetmerchandise.com

Subject Issuer	Validity	Valid
www.magnetforensics.com Go Daddy Secure Certificate Authority - G2	`2020-02-18` - `2021-02-18`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-01-16` - `2020-04-15`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2019-10-22` - `2021-10-01`	2 years	crt.sh
twin-iq.kickfire.com Sectigo RSA Domain Validation Secure Server CA	`2019-03-11` - `2021-03-10`	2 years	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2017-05-11` - `2020-05-10`	3 years	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2019-07-17` - `2020-07-05`	a year	crt.sh
www.rumiview.com Go Daddy Secure Certificate Authority - G2	`2019-04-10` - `2021-04-10`	2 years	crt.sh
*.tremorhub.com Amazon	`2019-08-22` - `2020-09-22`	a year	crt.sh
*.intentiq.com Amazon	`2019-04-25` - `2020-05-25`	a year	crt.sh
1605158521.rsc.cdn77.org Let's Encrypt Authority X3	`2020-01-21` - `2020-04-20`	3 months	crt.sh
*.bfmio.com Amazon	`2019-07-12` - `2020-08-12`	a year	crt.sh
odc-prod-01.oracle.com DigiCert ECC Secure Server CA	`2018-12-10` - `2020-03-10`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2019-06-13` - `2021-06-28`	2 years	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2019-03-11` - `2020-05-10`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-04-24` - `2020-04-23`	a year	crt.sh
*.search.spotxchange.com GeoTrust RSA CA 2018	`2019-03-20` - `2021-04-21`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2018-07-07` - `2020-06-03`	2 years	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
*.pardot.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-01-17`	a year	crt.sh
go.magnetforensics.com Let's Encrypt Authority X3	`2020-01-09` - `2020-04-08`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Frame ID: 76F3D5D8BB190C8412BB8493301D6EA5
Requests: 57 HTTP requests in this frame

Frame: https://www.youtube.com/embed/ZTIAKq_fyGo?feature=oembed
Frame ID: 9A61CF3C2B45067A2585A1395C6437F5
Requests: 1 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/jg6b2wz/b0y0eqc/iframe
Frame ID: 00F2C1C72E548630D95836EA34A82B10
Requests: 1 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/jg6b2wz/gewt57v/iframe
Frame ID: 3BF37A93FD6A92EBB8FA615AB77B6909
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
html //i

Matomo (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /piwik\.js|piwik\.php/i

Page Statistics

60
Requests

100 %
HTTPS

32 %
IPv6

33
Domains

38
Subdomains

29
IPs

8
Countries

1125 kB
Transfer

2783 kB
Size

2
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://support.magnetforensics.com/
Title: Support

Search URL Search Domain Scan URL

URL: https://magnetusersummit.com/
Title: Magnet User Summit // 2020

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Magnet%20AXIOM%20Cyber%20%26%238211%3B%20Corporate%20Fraud%20Investigation%0Ahttps%3A%2F%2Fwww.magnetforensics.com%2Fresources%2Fmagnet-axiom-cyber-corporate-fraud-investigation%2F
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.magnetforensics.com%2Fresources%2Fmagnet-axiom-cyber-corporate-fraud-investigation%2F&title=Magnet+AXIOM+Cyber+%26%238211%3B+Corporate+Fraud+Investigation&source=Magnet+Forensics
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/MagnetForensics
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/magnet-forensics
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/magnetforensics1
Title:

Search URL Search Domain Scan URL

URL: https://feeds.feedburner.com/MagnetForensics
Title:

Search URL Search Domain Scan URL

URL: http://magnetmerchandise.com/
Title: Merchandise Store

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=268132171&t=pageview&_s=1&dl=https%3A%2F%2Fwww.magnetforensics.com%2Fresources%2Fmagnet-axiom-cyber-corporate-fraud-investigation%2F&ul=en-us&de=UTF-8&dt=Magnet%20AXIOM%20Cyber%20-%20Corporate%20Fraud%20Investigation%20-%20Magnet%20Forensics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=2038372491&gjid=14825709&cid=345712127.1582136062&tid=UA-34380560-1&_gid=1052797003.1582136062&_r=1&gtm=2wg250WJWWJV&z=518726995 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-34380560-1&cid=345712127.1582136062&jid=2038372491&_gid=1052797003.1582136062&gjid=14825709&_v=j81&z=518726995 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-34380560-1&cid=345712127.1582136062&jid=2038372491&_v=j81&z=518726995 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-34380560-1&cid=345712127.1582136062&jid=2038372491&_v=j81&z=518726995&slf_rd=1&random=1585501466

Request Chain 31

https://insight.adsrvr.org/tags/jg6b2wz/b0y0eqc/iframe HTTP 303
https://d1eoo1tco6rr5e.cloudfront.net/jg6b2wz/b0y0eqc/iframe

Request Chain 32

https://insight.adsrvr.org/tags/jg6b2wz/gewt57v/iframe HTTP 303
https://d1eoo1tco6rr5e.cloudfront.net/jg6b2wz/gewt57v/iframe

Request Chain 34

https://um.simpli.fi/telaria_p HTTP 302
https://simplifi.partners.tremorhub.com/sync?UISF=DB14FDEA2CEBD2CB35CDE3F4DBACA2D7

Request Chain 35

https://um.simpli.fi/ad_advisor HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=B6D25E7BA037439BA1F5ABB9E6FFAB78 HTTP 302
https://um.simpli.fi/aa_px?sk=164921203336000972021

Request Chain 37

https://um.simpli.fi/intentiq HTTP 302
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=B6D25E7BA037439BA1F5ABB9E6FFAB78

Request Chain 41

https://um.simpli.fi/dtnx HTTP 302
https://fei.pro-market.net/engine?du=24;csync=B6D25E7BA037439BA1F5ABB9E6FFAB78;mimetype=img; HTTP 302
https://fei.pro-market.net/engine?du=24;csync=B6D25E7BA037439BA1F5ABB9E6FFAB78;mimetype=img;sr HTTP 302
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=3&pcid=-2061944671849919775

Request Chain 42

https://um.simpli.fi/exelatem HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=B6D25E7BA037439BA1F5ABB9E6FFAB78&j=0 HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=B6D25E7BA037439BA1F5ABB9E6FFAB78&j=0&xl8blockcheck=1 HTTP 302
https://load77.exelator.com/pixel.gif

Request Chain 44

https://um.simpli.fi/beachfront HTTP 302
https://sync.bfmio.com/sync?pid=141&uid=B6D25E7BA037439BA1F5ABB9E6FFAB78

Request Chain 45

https://um.simpli.fi/bluekai HTTP 302
https://stags.bluekai.com/site/29931?id=B6D25E7BA037439BA1F5ABB9E6FFAB78

Request Chain 46

https://um.simpli.fi/crwdcntrl HTTP 302
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=B6D25E7BA037439BA1F5ABB9E6FFAB78 HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=B6D25E7BA037439BA1F5ABB9E6FFAB78

Request Chain 47

https://um.simpli.fi/lj_match HTTP 302
https://ce.lijit.com/merge?pid=2&3pid=B6D25E7BA037439BA1F5ABB9E6FFAB78

Request Chain 48

https://um.simpli.fi/liveramp_match HTTP 302
https://idsync.rlcdn.com/419566.gif?partner_uid=B6D25E7BA037439BA1F5ABB9E6FFAB78

Request Chain 49

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1582136063233&cv=7&fst=1582136063233&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=777085765&cv=7&fst=*&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=AHtNXsL_MqLK7_UPqsGemA8&sscte=1&crd=&gtd= HTTP 302
https://www.google.com/pagead/1p-conversion/1026675585/?random=777085765&cv=7&fst=*&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=AHtNXsL_MqLK7_UPqsGemA8&random=682860645 HTTP 302
https://www.google.de/pagead/1p-conversion/1026675585/?random=777085765&cv=7&fst=*&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=AHtNXsL_MqLK7_UPqsGemA8&random=682860645&ipr=y

Request Chain 50

https://um.simpli.fi/spotx_match HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7797&uid=B6D25E7BA037439BA1F5ABB9E6FFAB78 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7797&uid=B6D25E7BA037439BA1F5ABB9E6FFAB78&__user_check__=1&sync_id=a8e0a042-5343-11ea-b0e0-1d37f49c1a06

Request Chain 51

https://um.simpli.fi/an HTTP 302
https://ib.adnxs.com/setuid?entity=66&code=B6D25E7BA037439BA1F5ABB9E6FFAB78

Request Chain 52

https://um.simpli.fi/cw_match HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=537085&ev=B6D25E7BA037439BA1F5ABB9E6FFAB78

Request Chain 53

https://um.simpli.fi/rb_match HTTP 302
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=B6D25E7BA037439BA1F5ABB9E6FFAB78&expires=365

Request Chain 54

https://um.simpli.fi/ox_match HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072966&val=B6D25E7BA037439BA1F5ABB9E6FFAB78 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=B6D25E7BA037439BA1F5ABB9E6FFAB78

Request Chain 55

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc HTTP 302
https://um.simpli.fi/g_match?id=&google_gid=CAESEG9tEfSFtmnRt_Af1RvncxU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B6D25E7BA037439BA1F5ABB9E6FFAB78 HTTP 302
https://um.simpli.fi/g_match?id=

60 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/ 90 KB
20 KB 705ms
492ms Document
text/html 178.128.232.90
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.128.232.90 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: aaf000fe1f80f9d73949fca5957f2328c5cbf0babd76b038bae6e6cd52082f9f

Request headers

Host: www.magnetforensics.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

Date: Wed, 19 Feb 2020 18:14:21 GMT
Server: Apache/2.4.18 (Ubuntu)
Link: <https://www.magnetforensics.com/wp-json/>; rel="https://api.w.org/" <https://www.magnetforensics.com/?p=41918>; rel=shortlink
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19991
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK 2A4B1D_0_0_566a4ba9.woff
www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/fonts/ 128 KB
129 KB 310ms
105ms Font
application/font-woff 178.128.232.90
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/fonts/2A4B1D_0_0_566a4ba9.woff
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.128.232.90 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: c0bfdde523377c07339bdc26cbe44faf49466d10f7af3bd4169ac84694a810e6

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Origin: https://www.magnetforensics.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:14:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 18 Feb 2020 18:06:02 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "201e8-59edd865ccfd7-gzip"
Vary: Accept-Encoding
Content-Type: application/font-woff
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK 2A4B1D_4_0_c0ac701e.woff
www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/fonts/ 149 KB
149 KB 313ms
108ms Font
application/font-woff 178.128.232.90
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/fonts/2A4B1D_4_0_c0ac701e.woff
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.128.232.90 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 38af1a92a1febe60ea6cdf48747328db032bbb53c8f6d691e223e97cba19e2e5

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Origin: https://www.magnetforensics.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:14:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 18 Feb 2020 18:06:02 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "254af-59edd865ccfd7-gzip"
Vary: Accept-Encoding
Content-Type: application/font-woff
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK style.min.css
www.magnetforensics.com/wp-includes/css/dist/block-library/ 40 KB
6 KB 196ms
108ms Stylesheet
text/css 178.128.232.90
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.magnetforensics.com/wp-includes/css/dist/block-library/style.min.css?ver=5.3.2
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.128.232.90 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Wed, 19 Feb 2020 18:14:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Nov 2019 22:06:04 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "a1fb-596a0a3682b00-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 6163

GET
H/1.1 200
OK main_eac0e506.css
www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/styles/ 449 KB
65 KB 320ms
122ms Stylesheet
text/css 178.128.232.90
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/styles/main_eac0e506.css
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.128.232.90 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: d6fa31a54991a9744af51627088a6860762f0ed2d883da9681d73f4095381314

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Wed, 19 Feb 2020 18:14:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 18 Feb 2020 18:06:02 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "7037d-59edd865ccfd7-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
34 KB 29ms
28ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WJWWJV

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

247a02baa7d43d8180a3b5158f85ee972b9d012194eca021ec8dcdd2f18e2589

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:14:21 GMT
content-encoding: br
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Cache-Control
content-length: 34284
x-xss-protection: 0
expires: Wed, 19 Feb 2020 18:14:21 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJWWJV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 6049
date: Wed, 19 Feb 2020 16:33:32 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18174
expires: Wed, 19 Feb 2020 18:33:32 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 126 KB
30 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-24=":443"; ma=3600
content-length: 30466
x-xss-protection: 0
pragma: public
x-fb-debug: NY2IwcEdmBDCX07Mqts4yp1MWrwf02JEVZL+COW95WlTaZpn3WL2mGcuiPmOjZNkhXVfLqRxt+RA5y51S5AR3Q==
x-fb-trip-id: 1850256238
date: Wed, 19 Feb 2020 18:14:21 GMT, Wed, 19 Feb 2020 18:14:21 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=268132171&t=pageview&_s=1&dl=https%3A%2F%2Fwww.magnetforensics.com%2Fresources%2Fmagnet-axiom-cyber-corporate-fraud-investigation%2F&ul=en-us...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-34380560-1&cid=345712127.1582136062&jid=2038372491&_gid=1052797003.1582136062&gjid=14825709&_v=j81&z=518726995
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-34380560-1&cid=345712127.1582136062&jid=2038372491&_v=j81&z=518726995
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-34380560-1&cid=345712127.1582136062&jid=2038372491&_v=j81&z=518726995&slf_rd=1&random=1585501466

42 B
109 B

16ms
16ms

Image
image/gif

2a00:1450:4001:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-34380560-1&cid=345712127.1582136062&jid=2038372491&_v=j81&z=518726995&slf_rd=1&random=1585501466

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:14:21 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:14:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-34380560-1&cid=345712127.1582136062&jid=2038372491&_v=j81&z=518726995&slf_rd=1&random=1585501466
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 978327179195886 Show response
connect.facebook.net/signals/config/ 447 KB
112 KB 13ms
13ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/978327179195886?v=2.9.15&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fbe3a2f44773353adb236af718cd0eb560e1fc9c4fefdf8bcda8539eca2bf573

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-24=":443"; ma=3600
content-length: 114947
x-xss-protection: 0
pragma: public
x-fb-debug: zqd2etT2XyXYU6D+gsh8x/ZScIHeSPhvZgrvFyPSjo2bLgRKBJblJKTbcQKlcmZXhkeRlYHj4PHHQ8rT7PILOA==
x-fb-trip-id: 1850256238
date: Wed, 19 Feb 2020 18:14:21 GMT, Wed, 19 Feb 2020 18:14:21 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK mf-icon-resources-how-to.svg
www.magnetforensics.com/wp-content/uploads/2019/01/ 1 KB
956 B 312ms
106ms Image
image/svg+xml 178.128.232.90
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.magnetforensics.com/wp-content/uploads/2019/01/mf-icon-resources-how-to.svg
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.128.232.90 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: e836bc2842932522c23bf927f0a8977cddd9642c36d4975b18ad1f3da78c9a68

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Wed, 19 Feb 2020 18:14:22 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Mar 2019 03:15:32 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "4e9-58350492f1d00-gzip"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 615

GET
H/1.1 200
OK jquery.js Show response
www.magnetforensics.com/wp-includes/js/jquery/ 95 KB
33 KB 234ms
119ms Script
application/x-javascript 178.128.232.90
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.magnetforensics.com/wp-includes/js/jquery/jquery.js
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.128.232.90 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 19 Feb 2020 18:14:21 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 May 2019 04:25:54 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "17a69-5890dc7401880-gzip"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 33776

GET
H/1.1 200
OK main_eac0e506.js Show response
www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/scripts/ 156 KB
45 KB 126ms
117ms Script
application/x-javascript 178.128.232.90
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/scripts/main_eac0e506.js
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.128.232.90 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 625e82c1a5727fd3dbb4fa810927b293850ef5b8e5a4adcb95bf468608d0ecbb

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 19 Feb 2020 18:14:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 18 Feb 2020 18:06:02 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "26ec4-59edd865ccfd7-gzip"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 45216

GET
H/1.1 200
OK wp-embed.min.js Show response
www.magnetforensics.com/wp-includes/js/ 1 KB
1 KB 107ms
106ms Script
application/x-javascript 178.128.232.90
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.magnetforensics.com/wp-includes/js/wp-embed.min.js?ver=5.3.2
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.128.232.90 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 19 Feb 2020 18:14:22 GMT
Content-Encoding: gzip
Last-Modified: Sat, 05 Oct 2019 19:49:10 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "577-5942f1cbbd980-gzip"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 740

GET
H2 200 ZTIAKq_fyGo
www.youtube.com/embed/ Frame 9A61 0
0 141ms
140ms Document
text/html 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/ZTIAKq_fyGo?feature=oembed

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/ZTIAKq_fyGo?feature=oembed
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Response headers

status: 200
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
cache-control: no-cache
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
expires: Tue, 27 Apr 1971 19:44:06 GMT
date: Wed, 19 Feb 2020 18:14:21 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: VISITOR_INFO1_LIVE=GXvgliDjMdI; path=/; domain=.youtube.com; secure; expires=Mon, 17-Aug-2020 18:14:21 GMT; httponly; samesite=None YSC=QpFxxkTiBds; path=/; domain=.youtube.com; httponly VISITOR_INFO1_LIVE=GXvgliDjMdI; path=/; domain=.youtube.com; secure; expires=Mon, 17-Aug-2020 18:14:21 GMT; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Wed, 19-Feb-2020 18:44:21 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 524101908201833 Show response
connect.facebook.net/signals/config/ 447 KB
112 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/524101908201833?v=2.9.15&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

eacf6d585dbde85cd2f52428c66b68f6f09285ff5db52389bfb8eb7abc0f7dd0

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-24=":443"; ma=3600
content-length: 114947
x-xss-protection: 0
pragma: public
x-fb-debug: MPy2Bndo1xp4Vr9/A5Dy0cgTjV5L2jQgld7O/4YVEgQQiz/OP/PFTTpmSv6vSuTeQCRw+Rq2rSEBPwAk46+N3Q==
x-fb-trip-id: 1850256238
date: Wed, 19 Feb 2020 18:14:21 GMT, Wed, 19 Feb 2020 18:14:21 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
248 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=978327179195886&ev=PageView&dl=https%3A%2F%2Fwww.magnetforensics.com%2Fresources%2Fmagnet-axiom-cyber-corporate-fraud-investigation%2F&rl=&if=false&ts=1582136061864&sw=1600&sh=1200&v=2.9.15&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1582136061863.1412049259&it=1582136061817&coo=false&rqm=GET

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:14:21 GMT, Wed, 19 Feb 2020 18:14:21 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-24=":443"; ma=3600
content-length: 44
expires: Wed, 19 Feb 2020 18:14:21 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 7ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=524101908201833&ev=PageView&dl=https%3A%2F%2Fwww.magnetforensics.com%2Fresources%2Fmagnet-axiom-cyber-corporate-fraud-investigation%2F&rl=&if=false&ts=1582136061888&sw=1600&sh=1200&v=2.9.15&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1582136061863.1412049259&it=1582136061817&coo=false&rqm=GET

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:14:21 GMT, Wed, 19 Feb 2020 18:14:21 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-24=":443"; ma=3600
content-length: 44
expires: Wed, 19 Feb 2020 18:14:21 GMT

GET
H/1.1 200
OK 2A4B1D_1_unhinted_0_b56607ea.woff
www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/fonts/ 68 KB
68 KB 109ms
106ms Font
application/font-woff 178.128.232.90
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/fonts/2A4B1D_1_unhinted_0_b56607ea.woff
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.128.232.90 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 9ba1160be2a35efb930a0416d54caea25a203b99d8b70d475646eb76dd008563

Request headers

Referer: https://www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/styles/main_eac0e506.css
Origin: https://www.magnetforensics.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:14:22 GMT
Content-Encoding: gzip
Last-Modified: Tue, 18 Feb 2020 18:06:02 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "10e3d-59edd865ccfd7-gzip"
Vary: Accept-Encoding
Content-Type: application/font-woff
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97

GET
H/1.1 200
OK 2A4B1D_0_unhinted_0_9a95dddd.woff
www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/fonts/ 66 KB
66 KB 111ms
109ms Font
application/font-woff 178.128.232.90
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/fonts/2A4B1D_0_unhinted_0_9a95dddd.woff
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.128.232.90 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 8277016fbc6492340f71e75fb7851d641217684f27c6b4a690caf0f0679d2939

Request headers

Referer: https://www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/styles/main_eac0e506.css
Origin: https://www.magnetforensics.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:14:22 GMT
Content-Encoding: gzip
Last-Modified: Tue, 18 Feb 2020 18:06:02 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "10878-59edd865ccfd7-gzip"
Vary: Accept-Encoding
Content-Type: application/font-woff
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK 2A4B1D_4_unhinted_0_8d5d76f0.woff
www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/fonts/ 74 KB
74 KB 173ms
109ms Font
application/font-woff 178.128.232.90
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/fonts/2A4B1D_4_unhinted_0_8d5d76f0.woff
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.128.232.90 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 51c2eb3c92c0b20d5d5d965dc18939bb51b9160afee17d97f360421679208785

Request headers

Referer: https://www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/styles/main_eac0e506.css
Origin: https://www.magnetforensics.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:14:22 GMT
Content-Encoding: gzip
Last-Modified: Tue, 18 Feb 2020 18:06:02 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "12647-59edd865ccfd7-gzip"
Vary: Accept-Encoding
Content-Type: application/font-woff
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK 2A4B1D_2_unhinted_0_22decedc.woff
www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/fonts/ 66 KB
66 KB 174ms
110ms Font
application/font-woff 178.128.232.90
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/fonts/2A4B1D_2_unhinted_0_22decedc.woff
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.128.232.90 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: cbc126e88b7acc88d4c05875e64d81f7959a42bff9cc79c173544bdf82bb755f

Request headers

Referer: https://www.magnetforensics.com/wp-content/themes/magnet-forensics-wordpress/dist/styles/main_eac0e506.css
Origin: https://www.magnetforensics.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:14:22 GMT
Content-Encoding: gzip
Last-Modified: Tue, 18 Feb 2020 18:06:02 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "107cf-59edd865ccfd7-gzip"
Vary: Accept-Encoding
Content-Type: application/font-woff
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98

GET
H2 200 launch-EN53b5539d17874824a2fd088d8354fb79.min.js Show response
assets.adobedtm.com/ 52 KB
16 KB 99ms
30ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN53b5539d17874824a2fd088d8354fb79.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJWWJV
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 37ad57ed408cde4d7fcef3e626d22e6ca90196b0be1562edb2efaa98891e4747

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:14:22 GMT
content-encoding: gzip
last-modified: Mon, 25 Nov 2019 14:04:52 GMT
server: AkamaiNetStorage
etag: "6642998b49f1e02f835bea62cb9c75db:1574690692.799179"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 16373
expires: Wed, 19 Feb 2020 19:14:22 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
931 B 23ms
23ms Script
application/javascript 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJWWJV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

2c0884853dc57e0e429d1bec631837b0f356b5806e913f00dd2828b3f88b3b6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:14:22 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflYl14TA/ 27 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflYl14TA/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

60111948f7ff6c6621b9183616896e465889d75bad2c797ad267aa2feedc3efa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 07:20:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39254
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 10243
x-xss-protection: 0
last-modified: Sat, 15 Feb 2020 00:53:13 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Thu, 27 Feb 2020 07:20:08 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
76 B 6ms
6ms Other
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Origin: https://www.magnetforensics.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarymAB6mRxx6awfaAcn

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
access-control-allow-origin: https://www.magnetforensics.com
date: Wed, 19 Feb 2020 18:14:22 GMT
content-type: text/plain
status: 200
access-control-allow-credentials: true
alt-svc: h3-24=":443"; ma=3600
content-length: 0

POST
H2 200 /
www.facebook.com/tr/ 0
30 B 6ms
6ms Other
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Origin: https://www.magnetforensics.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx7cc3cVNvSoTTFcc

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
access-control-allow-origin: https://www.magnetforensics.com
date: Wed, 19 Feb 2020 18:14:22 GMT
content-type: text/plain
status: 200
access-control-allow-credentials: true
alt-svc: h3-24=":443"; ma=3600
content-length: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 74 KB
28 KB 27ms
26ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9042427

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN53b5539d17874824a2fd088d8354fb79.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7ed12731c1f095f5bd35f4197428837075960212f32cba7e731702d60ecda58d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:14:22 GMT
content-encoding: br
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Cache-Control
content-length: 28487
x-xss-protection: 0
expires: Wed, 19 Feb 2020 18:14:22 GMT

GET
H/1.1 200
OK twin.js Show response
twin-iq.kickfire.com/ 423 B
595 B 635ms
157ms Script
text/javascript 209.128.119.223
BAYAREA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://twin-iq.kickfire.com/twin.js?13395
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN53b5539d17874824a2fd088d8354fb79.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.128.119.223 , United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS: 209-128-119-223.bayarea.net
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 0c105bd80cead6e558f7767a26457c0a031384fa4348787c7611e6004cab7fd0

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 19 Feb 2020 18:14:23 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Oct 2019 17:22:01 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "280028-1a7-593dc971e8040"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 287

GET
H/1.1 200
OK twin.php
twin-iq.kickfire.com/ 95 B
403 B 659ms
163ms Image
image/png 209.128.119.223
BAYAREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twin-iq.kickfire.com/twin.php?TWIQ=13395&kftwiqpg=https%3A%2F%2Fwww.magnetforensics.com%2Fresources%2Fmagnet-axiom-cyber-corporate-fraud-investigation%2F&Hst=www.magnetforensics.com&r=0.590880727146426
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.128.119.223 , United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS: 209-128-119-223.bayarea.net
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Wed, 19 Feb 2020 18:14:23 GMT
Content-Encoding: gzip
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: IMAGE/PNG
Content-Length: 102

GET
H2 200 dpx.js Show response
i.simpli.fi/ 2 KB
3 KB 93ms
26ms Script
application/javascript 169.50.137.179
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://i.simpli.fi/dpx.js?cid=166001&conversion=20&campaign_id=0&m=1&sifi_tuid=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN53b5539d17874824a2fd088d8354fb79.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.179 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b3.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

0843900120977b5d77b87ae738a718eba1f4b3b51cbc096c492435825668d8e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache, no-cache
date: Wed, 19 Feb 2020 18:14:23 GMT
x-content-type-options: nosniff
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 1998
x-request-id: 2nqe0nfh02592nn5vsa1qs97
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 p Show response
i.simpli.fi/ 749 B
1 KB 27ms
24ms Script
application/javascript 169.50.137.179
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://i.simpli.fi/p?cid=&cb=sifi_att_42656._hp

Requested by

Host: i.simpli.fi
URL: https://i.simpli.fi/dpx.js?cid=166001&conversion=20&campaign_id=0&m=1&sifi_tuid=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.179 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b3.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

b14fc8c79e0965747519faa355ea6a839bbd923f5c584e030e40f0fdcdb9924d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache, no-cache
date: Wed, 19 Feb 2020 18:14:23 GMT
x-content-type-options: nosniff
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="http://www.simplifi.com/w3c/Policies.xml", CP="ADMa DEVa PSAa PSDa OUR IND DSP NON COR"
status: 200
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: application/javascript; charset=UTF-8
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

iframe
d1eoo1tco6rr5e.cloudfront.net/jg6b2wz/b0y0eqc/ Frame 00F2
Redirect Chain

https://insight.adsrvr.org/tags/jg6b2wz/b0y0eqc/iframe
https://d1eoo1tco6rr5e.cloudfront.net/jg6b2wz/b0y0eqc/iframe

0
0

85ms
22ms

Document
text/html

13.35.255.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1eoo1tco6rr5e.cloudfront.net/jg6b2wz/b0y0eqc/iframe
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN53b5539d17874824a2fd088d8354fb79.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.255.55 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-255-55.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Host: d1eoo1tco6rr5e.cloudfront.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Response headers

Content-Type: text/html
Content-Length: 133
Connection: keep-alive
Date: Tue, 18 Feb 2020 20:50:31 GMT
Last-Modified: Fri, 12 Oct 2018 07:46:55 GMT
ETag: "2b3b7c6c344cd768637a283f66858c1c"
Cache-Control: max-age=86400
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA6-C1
X-Amz-Cf-Id: sHlYBh0edHmK9kkEmiIW0NS7DdTBpffJknnLi-N1-RimsdDZlq3q5Q==
Age: 77033

Redirect headers

status: 303
date: Wed, 19 Feb 2020 18:14:23 GMT
content-type: text/html; charset=UTF-8
content-length: 183
location: https://d1eoo1tco6rr5e.cloudfront.net/jg6b2wz/b0y0eqc/iframe
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H/1.1

200
OK

iframe
d1eoo1tco6rr5e.cloudfront.net/jg6b2wz/gewt57v/ Frame 3BF3
Redirect Chain

https://insight.adsrvr.org/tags/jg6b2wz/gewt57v/iframe
https://d1eoo1tco6rr5e.cloudfront.net/jg6b2wz/gewt57v/iframe

0
0

62ms
21ms

Document
text/html

13.35.255.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1eoo1tco6rr5e.cloudfront.net/jg6b2wz/gewt57v/iframe
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN53b5539d17874824a2fd088d8354fb79.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.255.55 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-255-55.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Host: d1eoo1tco6rr5e.cloudfront.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Response headers

Content-Type: text/html
Content-Length: 133
Connection: keep-alive
Date: Mon, 17 Feb 2020 23:39:10 GMT
Last-Modified: Fri, 20 Sep 2019 08:51:24 GMT
ETag: "0095bda52893c15118b17c20f41b051b"
Cache-Control: max-age=86400
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA6-C1
X-Amz-Cf-Id: 6YflV9yN6HLQ-rhqgyG0932DWpfVv3I8-rwtwkBDhIxLeLrrcbyh6A==
Age: 46362

Redirect headers

status: 303
date: Wed, 19 Feb 2020 18:14:23 GMT
content-type: text/html; charset=UTF-8
content-length: 183
location: https://d1eoo1tco6rr5e.cloudfront.net/jg6b2wz/gewt57v/iframe
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H/1.1 200
OK piwik.js Show response
www.rumiview.com/ 61 KB
21 KB 721ms
270ms Script
application/javascript 199.185.0.231
MULTIVIEW

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rumiview.com/piwik.js
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 199.185.0.231 , United States, ASN21592 (MULTIVIEW, US),
Reverse DNS
Software: nginx /
Resource Hash: 1439d8a1d7f4b4b07d4c9fbc7ea62b2a96a8774ae98e569e44ba0a6be5a0a776

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 19 Feb 2020 18:14:23 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 May 2019 08:53:27 GMT
Server: nginx
ETag: W/"5cd93087-f2a7"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Expires: Fri, 20 Mar 2020 18:14:23 GMT

GET
H2

200

sync
simplifi.partners.tremorhub.com/
Redirect Chain

https://um.simpli.fi/telaria_p
https://simplifi.partners.tremorhub.com/sync?UISF=DB14FDEA2CEBD2CB35CDE3F4DBACA2D7

43 B
182 B

325ms
87ms

Image
image/gif

2600:1f18:612b:4200:f69a:fb6b:1639:6a52
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simplifi.partners.tremorhub.com/sync?UISF=DB14FDEA2CEBD2CB35CDE3F4DBACA2D7
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4200:f69a:fb6b:1639:6a52 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Wed, 19 Feb 2020 18:14:23 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

Redirect headers

date: Wed, 19 Feb 2020 18:14:23 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-origin: *
location: https://simplifi.partners.tremorhub.com/sync?UISF=DB14FDEA2CEBD2CB35CDE3F4DBACA2D7
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
status: 302
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Tue, 18 Feb 2020 18:14:23 GMT

GET
H2

200

aa_px
um.simpli.fi/
Redirect Chain

https://um.simpli.fi/ad_advisor
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=B6D25E7BA037439BA1F5ABB9E6FFAB78
https://um.simpli.fi/aa_px?sk=164921203336000972021

43 B
409 B

23ms
22ms

Image
image/gif

169.50.137.190
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/aa_px?sk=164921203336000972021

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.190 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

be.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:14:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
status: 200
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Tue, 18 Feb 2020 18:14:23 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:14:23 GMT
server: AAWebServer
location: https://um.simpli.fi/aa_px?sk=164921203336000972021
p3p: policyref="http://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 nexage
um.simpli.fi/ 43 B
409 B 24ms
23ms Image
image/gif 169.50.137.190
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/nexage

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.190 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

be.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:14:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
status: 200
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Tue, 18 Feb 2020 18:14:23 GMT

GET
H/1.1

200
OK

ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain

https://um.simpli.fi/intentiq
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=B6D25E7BA037439BA1F5ABB9E6FFAB78

43 B
525 B

440ms
110ms

Image
image/gif

34.196.147.178
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=B6D25E7BA037439BA1F5ABB9E6FFAB78
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.147.178 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-147-178.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:14:24 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Wed, 19 Feb 2020 18:14:23 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-origin: *
location: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=B6D25E7BA037439BA1F5ABB9E6FFAB78
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
status: 302
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Tue, 18 Feb 2020 18:14:23 GMT

GET
H/1.1 200
OK piwik.php
www.rumiview.com/ 43 B
183 B 167ms
166ms Image
image/gif 199.185.0.231
MULTIVIEW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rumiview.com/piwik.php?action_name=Magnet%20AXIOM%20Cyber%20-%20Corporate%20Fraud%20Investigation%20-%20Magnet%20Forensics&idsite=8086&rec=1&r=577821&h=19&m=14&s=23&url=https%3A%2F%2Fwww.magnetforensics.com%2Fresources%2Fmagnet-axiom-cyber-corporate-fraud-investigation%2F&_id=3511fb20013e4bf3&_idts=1582136064&_idvc=1&_idn=0&_viewts=1582136064&send_image=1&cookie=1&res=1600x1200&gt_ms=583&pv_id=M5etfr
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 199.185.0.231 , United States, ASN21592 (MULTIVIEW, US),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Wed, 19 Feb 2020 18:14:24 GMT
Content-Encoding: none
Server: nginx
Content-Length: 43
Content-Type: image/gif

GET
H2 200 pubmatic
um.simpli.fi/ 43 B
409 B 22ms
22ms Image
image/gif 169.50.137.190
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.190 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

be.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:14:24 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
status: 200
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Tue, 18 Feb 2020 18:14:24 GMT

GET
H2 200 freewheel
um.simpli.fi/ 43 B
409 B 22ms
22ms Image
image/gif 169.50.137.190
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/freewheel

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.190 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

be.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:14:24 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
status: 200
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Tue, 18 Feb 2020 18:14:24 GMT

GET
H/1.1

200
OK

ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain

https://um.simpli.fi/dtnx
https://fei.pro-market.net/engine?du=24;csync=B6D25E7BA037439BA1F5ABB9E6FFAB78;mimetype=img;
https://fei.pro-market.net/engine?du=24;csync=B6D25E7BA037439BA1F5ABB9E6FFAB78;mimetype=img;sr
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=3&pcid=-2061944671849919775

43 B
525 B

112ms
111ms

Image
image/gif

34.196.147.178
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=3&pcid=-2061944671849919775
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.147.178 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-147-178.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:14:24 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:14:24 GMT
via: 1.1 google
server: Apache-Coyote/1.1
access-control-allow-origin: *
anserver: gapp-eu-5.c.datonics-gcp-01.internal
location: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=3&pcid=-2061944671849919775
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: clear
content-length: 0
expires: Mon, 1 Jan 1990 0:0:0 GMT

GET
H2

200

pixel.gif
load77.exelator.com/
Redirect Chain

https://um.simpli.fi/exelatem
https://loadm.exelator.com/load/?p=204&g=2191&simid=B6D25E7BA037439BA1F5ABB9E6FFAB78&j=0
https://loadm.exelator.com/load/?p=204&g=2191&simid=B6D25E7BA037439BA1F5ABB9E6FFAB78&j=0&xl8blockcheck=1
https://load77.exelator.com/pixel.gif

43 B
272 B

72ms
23ms

Image
image/gif

185.59.220.29
CDN77

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://load77.exelator.com/pixel.gif
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.59.220.29 Frankfurt am Main, Germany, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:14:24 GMT
last-modified: Wed, 25 Oct 2017 17:03:56 GMT
server: CDN77-Turbo
access-control-allow-origin: *
x-edge-location: frankfurtDE
etag: "59f0c3fc-2b"
x-cache: HIT
content-type: image/gif
status: 200
x-edge-ip: 185.59.220.20
x-age: 603461
accept-ranges: bytes
content-length: 43

Redirect headers

date: Wed, 19 Feb 2020 18:14:24 GMT
server: nginx/1.14.0
x-powered-by: Undertow/1
location: https://load77.exelator.com/pixel.gif
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
status: 302
cache-control: no-cache
access-control-allow-credentials: true
content-type: image/gif
content-length: 0

GET
H2 200 yahoo
um.simpli.fi/ 43 B
409 B 22ms
22ms Image
image/gif 169.50.137.190
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/yahoo

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.190 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

be.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:14:24 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
status: 200
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Tue, 18 Feb 2020 18:14:24 GMT

GET
H/1.1

204

sync
sync.bfmio.com/
Redirect Chain

https://um.simpli.fi/beachfront
https://sync.bfmio.com/sync?pid=141&uid=B6D25E7BA037439BA1F5ABB9E6FFAB78

0
421 B

426ms
108ms

Image
text/plain

34.199.92.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bfmio.com/sync?pid=141&uid=B6D25E7BA037439BA1F5ABB9E6FFAB78
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.199.92.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-199-92-135.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Connection: keep-alive
Date: Wed, 19 Feb 2020 18:14:24 GMT

Redirect headers

date: Wed, 19 Feb 2020 18:14:24 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-origin: *
location: https://sync.bfmio.com/sync?pid=141&uid=B6D25E7BA037439BA1F5ABB9E6FFAB78
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
status: 302
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Tue, 18 Feb 2020 18:14:24 GMT

GET
H/1.1

200
OK

29931
stags.bluekai.com/site/
Redirect Chain

https://um.simpli.fi/bluekai
https://stags.bluekai.com/site/29931?id=B6D25E7BA037439BA1F5ABB9E6FFAB78

62 B
329 B

236ms
191ms

Image
image/gif

23.45.237.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stags.bluekai.com/site/29931?id=B6D25E7BA037439BA1F5ABB9E6FFAB78
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.45.237.36 , United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-237-36.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:14:24 GMT
X-N: S
Connection: keep-alive
Content-Type: image/gif
Content-Length: 62
BK-Server: 490b
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

Redirect headers

date: Wed, 19 Feb 2020 18:14:24 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-origin: *
location: https://stags.bluekai.com/site/29931?id=B6D25E7BA037439BA1F5ABB9E6FFAB78
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
status: 302
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Tue, 18 Feb 2020 18:14:24 GMT

GET
H/1.1

200
OK

tpid=B6D25E7BA037439BA1F5ABB9E6FFAB78
bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/
Redirect Chain

https://um.simpli.fi/crwdcntrl
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=B6D25E7BA037439BA1F5ABB9E6FFAB78
https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=B6D25E7BA037439BA1F5ABB9E6FFAB78

49 B
968 B

47ms
47ms

Image
image/gif

52.49.39.42
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=B6D25E7BA037439BA1F5ABB9E6FFAB78
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.39.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-39-42.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:14:24 GMT
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Access-Control-Allow-Origin: *
Cache-Control: no-cache
X-Server: 10.45.10.202
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:14:24 GMT
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Location: https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=B6D25E7BA037439BA1F5ABB9E6FFAB78
Cache-Control: no-cache
X-Server: 10.45.16.103
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H/1.1

204
No Content

merge
ce.lijit.com/
Redirect Chain

https://um.simpli.fi/lj_match
https://ce.lijit.com/merge?pid=2&3pid=B6D25E7BA037439BA1F5ABB9E6FFAB78

0
406 B

62ms
23ms

Image
text/html

72.251.249.14
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=2&3pid=B6D25E7BA037439BA1F5ABB9E6FFAB78
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:14:24 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap1ams1
Content-Type: text/html;charset=utf-8
X-Application-Context: application:prod:9080
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date: Wed, 19 Feb 2020 18:14:24 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-origin: *
location: https://ce.lijit.com/merge?pid=2&3pid=B6D25E7BA037439BA1F5ABB9E6FFAB78
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
status: 302
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Tue, 18 Feb 2020 18:14:24 GMT

GET
H2

204

419566.gif
idsync.rlcdn.com/
Redirect Chain

https://um.simpli.fi/liveramp_match
https://idsync.rlcdn.com/419566.gif?partner_uid=B6D25E7BA037439BA1F5ABB9E6FFAB78

0
62 B

246ms
208ms

Image
text/plain

35.190.72.21
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/419566.gif?partner_uid=B6D25E7BA037439BA1F5ABB9E6FFAB78
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.72.21 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 21.72.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
date: Wed, 19 Feb 2020 18:14:24 GMT
via: 1.1 google
alt-svc: clear

Redirect headers

date: Wed, 19 Feb 2020 18:14:24 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-origin: *
location: https://idsync.rlcdn.com/419566.gif?partner_uid=B6D25E7BA037439BA1F5ABB9E6FFAB78
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
status: 302
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Tue, 18 Feb 2020 18:14:24 GMT

GET
H2

200

/
www.google.de/pagead/1p-conversion/1026675585/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1582136063233&cv=7&fst=1582136063233&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=777085765&cv=7&fst=*&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=fa...
https://www.google.com/pagead/1p-conversion/1026675585/?random=777085765&cv=7&fst=*&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=...
https://www.google.de/pagead/1p-conversion/1026675585/?random=777085765&cv=7&fst=*&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&...

42 B
110 B

17ms
17ms

Image
image/gif

2a00:1450:4001:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1026675585/?random=777085765&cv=7&fst=*&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=AHtNXsL_MqLK7_UPqsGemA8&random=682860645&ipr=y

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:14:24 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:14:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-conversion/1026675585/?random=777085765&cv=7&fst=*&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=AHtNXsL_MqLK7_UPqsGemA8&random=682860645&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/
Redirect Chain

https://um.simpli.fi/spotx_match
https://sync.search.spotxchange.com/partner?adv_id=7797&uid=B6D25E7BA037439BA1F5ABB9E6FFAB78
https://sync.search.spotxchange.com/partner?adv_id=7797&uid=B6D25E7BA037439BA1F5ABB9E6FFAB78&__user_check__=1&sync_id=a8e0a042-5343-11ea-b0e0-1d37f49c1a06

43 B
548 B

35ms
34ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7797&uid=B6D25E7BA037439BA1F5ABB9E6FFAB78&__user_check__=1&sync_id=a8e0a042-5343-11ea-b0e0-1d37f49c1a06
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.125 , Netherlands, ASN35220 (SPOTX-AMS, NL),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:14:24 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 32
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Wed, 19 Feb 2020 18:14:24 GMT
Server: nginx
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7797&uid=B6D25E7BA037439BA1F5ABB9E6FFAB78&__user_check__=1&sync_id=a8e0a042-5343-11ea-b0e0-1d37f49c1a06
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 14
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

setuid
ib.adnxs.com/
Redirect Chain

https://um.simpli.fi/an
https://ib.adnxs.com/setuid?entity=66&code=B6D25E7BA037439BA1F5ABB9E6FFAB78

43 B
873 B

53ms
17ms

Image
image/gif

185.33.223.200
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=66&code=B6D25E7BA037439BA1F5ABB9E6FFAB78

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.200 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

308.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:14:26 GMT
AN-X-Request-Uuid: 99f75b5e-f362-4856-a07e-ce832383fa81
Content-Type: image/gif
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 308.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.173:80
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

date: Wed, 19 Feb 2020 18:14:24 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-origin: *
location: https://ib.adnxs.com/setuid?entity=66&code=B6D25E7BA037439BA1F5ABB9E6FFAB78
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
status: 302
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Tue, 18 Feb 2020 18:14:24 GMT

GET
H2

200

rtset
bh.contextweb.com/bh/
Redirect Chain

https://um.simpli.fi/cw_match
https://bh.contextweb.com/bh/rtset?do=add&pid=537085&ev=B6D25E7BA037439BA1F5ABB9E6FFAB78

49 B
445 B

67ms
29ms

Image
image/gif

74.214.194.140
PULSEPOINT-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=537085&ev=B6D25E7BA037439BA1F5ABB9E6FFAB78

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

74.214.194.140 Amsterdam, Netherlands, ASN59940 (PULSEPOINT-EU, NL),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
status: 200
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-6c55bfb4dd-5dxtq
expires: -1

Redirect headers

date: Wed, 19 Feb 2020 18:14:24 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-origin: *
location: https://bh.contextweb.com/bh/rtset?do=add&pid=537085&ev=B6D25E7BA037439BA1F5ABB9E6FFAB78
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
status: 302
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Tue, 18 Feb 2020 18:14:24 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://um.simpli.fi/rb_match
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=B6D25E7BA037439BA1F5ABB9E6FFAB78&expires=365

0
239 B

350ms
40ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=B6D25E7BA037439BA1F5ABB9E6FFAB78&expires=365
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: image/gif
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Expires: 0

Redirect headers

date: Wed, 19 Feb 2020 18:14:24 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-origin: *
location: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=B6D25E7BA037439BA1F5ABB9E6FFAB78&expires=365
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
status: 302
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Tue, 18 Feb 2020 18:14:24 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://um.simpli.fi/ox_match
https://us-u.openx.net/w/1.0/sd?id=537072966&val=B6D25E7BA037439BA1F5ABB9E6FFAB78
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=B6D25E7BA037439BA1F5ABB9E6FFAB78

43 B
183 B

26ms
26ms

Image
image/gif

34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=B6D25E7BA037439BA1F5ABB9E6FFAB78
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.176.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:14:25 GMT
via: 1.1 google
server: OXGW/16.176.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Wed, 19 Feb 2020 18:14:25 GMT
via: 1.1 google
server: OXGW/16.176.1
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=B6D25E7BA037439BA1F5ABB9E6FFAB78
p3p: CP="CUR ADM OUR NOR STA NID"
status: 302
alt-svc: clear
content-length: 0

GET
H2

204

g_match
um.simpli.fi/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
https://um.simpli.fi/g_match?id=&google_gid=CAESEG9tEfSFtmnRt_Af1RvncxU&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B6D25E7BA037439BA1F5ABB9E6FFAB78
https://um.simpli.fi/g_match?id=

0
320 B

22ms
22ms

Image
text/plain

169.50.137.190
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/g_match?id=

Requested by

Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.190 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

be.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:14:25 GMT
x-content-type-options: nosniff
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
status: 204
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Tue, 18 Feb 2020 18:14:25 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:14:25 GMT
server: HTTP server (unknown)
location: https://um.simpli.fi/g_match?id=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 229
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 445ms
110ms Script
application/javascript 35.174.150.168
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: www.magnetforensics.com
URL: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.150.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-3-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: f6652dacc3641651bf842bb18861c6fbb66581a3dd2c41dde3226764740684b6

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 19 Feb 2020 18:14:25 GMT
Content-Encoding: gzip
X-Pardot-Route: ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB: a083ac6fc1531fb089982e922db67d20
Last-Modified: Mon, 29 Oct 2018 18:55:04 GMT
Server: PardotServer
ETag: "13e7-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1817
Expires: Fri, 18 Feb 2022 18:14:25 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 1 KB
2 KB 426ms
426ms Script
text/javascript 35.174.150.168
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&pi_opt_in=&campaign_id=33083&account_id=53162&title=Magnet%20AXIOM%20Cyber%20-%20Corporate%20Fraud%20Investigation%20-%20Magnet%20Forensics&url=https%3A%2F%2Fwww.magnetforensics.com%2Fresources%2Fmagnet-axiom-cyber-corporate-fraud-investigation%2F&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.150.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-3-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 49db016f21ef9775372e8d322786bc636f9c99e0850c0e59828d7a74576c4a31

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:14:25 GMT
Content-Encoding: gzip
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: a083ac6fc1531fb089982e922db67d20
X-Pardot-Rsp: 17/0/149
Vary: Accept-Encoding,User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 538
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
go.magnetforensics.com/ 50 B
1 KB 562ms
185ms Script
text/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.magnetforensics.com/analytics?conly=true&visitor_id=339012186&pi_opt_in=&campaign_id=33083&account_id=53162&title=Magnet%20AXIOM%20Cyber%20-%20Corporate%20Fraud%20Investigation%20-%20Magnet%20Forensics&url=https%3A%2F%2Fwww.magnetforensics.com%2Fresources%2Fmagnet-axiom-cyber-corporate-fraud-investigation%2F&referrer=&visitor_id_sign=5ed52c0c6c39fc9e8267e204016f52132ca9478f693f1c0d5afd71bec35c028ee7d0ffc106ccc4e46133a286a51f6f025a8d5d9a
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&pi_opt_in=&campaign_id=33083&account_id=53162&title=Magnet%20AXIOM%20Cyber%20-%20Corporate%20Fraud%20Investigation%20-%20Magnet%20Forensics&url=https%3A%2F%2Fwww.magnetforensics.com%2Fresources%2Fmagnet-axiom-cyber-corporate-fraud-investigation%2F&referrer=
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://www.magnetforensics.com/resources/magnet-axiom-cyber-corporate-fraud-investigation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:14:26 GMT
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp: 17/15/220
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.magnetforensics.com/	1970-01-19 07:28:57	Name: _pk_ses.8086.6110 Value: *
			www.magnetforensics.com/	1970-01-19 16:54:51	Name: _pk_id.8086.6110 Value: 3511fb20013e4bf3.1582136064.1.1582136064.1582136064.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
assets.adobedtm.com
bcp.crwdcntrl.net
bh.contextweb.com
ce.lijit.com
cm.g.doubleclick.net
connect.facebook.net
d1eoo1tco6rr5e.cloudfront.net
fei.pro-market.net
go.magnetforensics.com
googleads.g.doubleclick.net
i.simpli.fi
ib.adnxs.com
idsync.rlcdn.com
insight.adsrvr.org
load77.exelator.com
loadm.exelator.com
pi.pardot.com
pixel.rubiconproject.com
s.ytimg.com
simplifi.partners.tremorhub.com
stags.bluekai.com
stats.g.doubleclick.net
sync.bfmio.com
sync.intentiq.com
sync.search.spotxchange.com
twin-iq.kickfire.com
um.simpli.fi
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.magnetforensics.com
www.rumiview.com
www.youtube.com
13.35.255.55
147.75.102.200
169.50.137.179
169.50.137.190
172.217.16.194
172.217.21.226
178.128.232.90
185.33.223.200
185.59.220.29
185.94.180.125
199.185.0.231
209.128.119.223
23.210.248.45
23.45.237.36
2600:1901:0:8eee::
2600:1f18:612b:4200:f69a:fb6b:1639:6a52
2a00:1450:4001:806::2008
2a00:1450:4001:808::200e
2a00:1450:4001:80b::200e
2a00:1450:4001:815::2004
2a00:1450:4001:817::2003
2a00:1450:4001:820::2002
2a00:1450:4001:820::200e
2a00:1450:400c:c00::9c
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
34.196.147.178
34.199.92.135
34.95.120.147
35.174.150.168
35.176.88.2
35.190.72.21
52.21.178.134
52.49.39.42
54.76.69.10
69.173.144.138
72.251.249.14
74.214.194.140
0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b
0843900120977b5d77b87ae738a718eba1f4b3b51cbc096c492435825668d8e9
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0c105bd80cead6e558f7767a26457c0a031384fa4348787c7611e6004cab7fd0
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1439d8a1d7f4b4b07d4c9fbc7ea62b2a96a8774ae98e569e44ba0a6be5a0a776
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
247a02baa7d43d8180a3b5158f85ee972b9d012194eca021ec8dcdd2f18e2589
2c0884853dc57e0e429d1bec631837b0f356b5806e913f00dd2828b3f88b3b6c
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
37ad57ed408cde4d7fcef3e626d22e6ca90196b0be1562edb2efaa98891e4747
38af1a92a1febe60ea6cdf48747328db032bbb53c8f6d691e223e97cba19e2e5
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
49db016f21ef9775372e8d322786bc636f9c99e0850c0e59828d7a74576c4a31
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
51c2eb3c92c0b20d5d5d965dc18939bb51b9160afee17d97f360421679208785
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
60111948f7ff6c6621b9183616896e465889d75bad2c797ad267aa2feedc3efa
625e82c1a5727fd3dbb4fa810927b293850ef5b8e5a4adcb95bf468608d0ecbb
7ed12731c1f095f5bd35f4197428837075960212f32cba7e731702d60ecda58d
8277016fbc6492340f71e75fb7851d641217684f27c6b4a690caf0f0679d2939
9ba1160be2a35efb930a0416d54caea25a203b99d8b70d475646eb76dd008563
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
aaf000fe1f80f9d73949fca5957f2328c5cbf0babd76b038bae6e6cd52082f9f
b14fc8c79e0965747519faa355ea6a839bbd923f5c584e030e40f0fdcdb9924d
c0bfdde523377c07339bdc26cbe44faf49466d10f7af3bd4169ac84694a810e6
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cbc126e88b7acc88d4c05875e64d81f7959a42bff9cc79c173544bdf82bb755f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d6fa31a54991a9744af51627088a6860762f0ed2d883da9681d73f4095381314
d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e836bc2842932522c23bf927f0a8977cddd9642c36d4975b18ad1f3da78c9a68
eacf6d585dbde85cd2f52428c66b68f6f09285ff5db52389bfb8eb7abc0f7dd0
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6652dacc3641651bf842bb18861c6fbb66581a3dd2c41dde3226764740684b6
fbe3a2f44773353adb236af718cd0eb560e1fc9c4fefdf8bcda8539eca2bf573

www.magnetforensics.com Open in urlscan Pro 178.128.232.90 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

60 Requests

100 %HTTPS

32 %IPv6

33 Domains

38 Subdomains

29 IPs

8 Countries

1125 kBTransfer

2783 kBSize

2 Cookies

9 Outgoing links

Redirected requests

60 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.magnetforensics.com Open in urlscan Pro
178.128.232.90 Public Scan

Screenshot
Live screenshot

Full Image

60
Requests

100 %
HTTPS

32 %
IPv6

33
Domains

38
Subdomains

29
IPs

8
Countries

1125 kB
Transfer

2783 kB
Size

2
Cookies

60 HTTP transactions
0 data transactions