| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash8eb80e244a586fbb3823b4f6dfa365c4 f4efe7056c782300ae53a48b484de02611d46ca2 23534973dfd09c8ca35dd29335d6ca19aad2e94b5b8ee79c91e01156d0504951
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 08 May 2024 14:02:37 GMT
Last-Modified: Wed, 08 May 2024 13:56:35 GMT
Server: ECAcc (amb/6AB3)
X-Cache: Miss from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NOtzGITNvBRIpn8kN_aKyAlUOrpYleP_515U4mpqwMKWyNlTUw_yew==
Age: 362
|
|
| t03.mailsrv-e.com/click?v=2&umk=663a4132352842.06546500663a41323&origurl=aHR0cHM6Ly9pbnZlc3RpbmdhdmFuZ2FyZC5jb20vcHJpdmFjeS1wb2xpY3k/dXRtX3NvdXJjZT1yZW1hcmtldHkmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249UEFURTElMjBOTyUyMENPUFklMjAwNy4wNSZ1dG1fY29udGVudD1CT1RTJl9ybUlkPVllTnl2Qk9BZWJVT0J3eU95QkU2dWpnWWQwT3ZP&link_id=17846&s=b089776294572556c4fb8075d57ddabd | 54.230.111.111 | 307 Temporary Redirect | 0 B |
URL User Request GET HTTP/2t03.mailsrv-e.com/click?v=2&umk=663a4132352842.06546500663a41323&origurl=aHR0cHM6Ly9pbnZlc3RpbmdhdmFuZ2FyZC5jb20vcHJpdmFjeS1wb2xpY3k/dXRtX3NvdXJjZT1yZW1hcmtldHkmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249UEFURTElMjBOTyUyMENPUFklMjAwNy4wNSZ1dG1fY29udGVudD1CT1RTJl9ybUlkPVllTnl2Qk9BZWJVT0J3eU95QkU2dWpnWWQwT3ZP&link_id=17846&s=b089776294572556c4fb8075d57ddabd IP54.230.111.111:443
CertificateIssuerAmazon Subject*.mailsrv-e.com FingerprintF9:3F:3D:F9:09:4B:AB:03:EA:43:8C:78:90:54:9A:35:AD:22:A4:F5 ValiditySat, 30 Dec 2023 00:00:00 GMT - Mon, 27 Jan 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?v=2&umk=663a4132352842.06546500663a41323&origurl=aHR0cHM6Ly9pbnZlc3RpbmdhdmFuZ2FyZC5jb20vcHJpdmFjeS1wb2xpY3k/dXRtX3NvdXJjZT1yZW1hcmtldHkmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249UEFURTElMjBOTyUyMENPUFklMjAwNy4wNSZ1dG1fY29udGVudD1CT1RTJl9ybUlkPVllTnl2Qk9BZWJVT0J3eU95QkU2dWpnWWQwT3ZP&link_id=17846&s=b089776294572556c4fb8075d57ddabd HTTP/1.1
Host: t03.mailsrv-e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 307 Temporary Redirect
content-type: charset=utf-8
content-length: 0
location: https://investingavangard.com/privacy-policy?utm_source=remarkety&utm_medium=email&utm_campaign=PATE1%20NO%20COPY%2007.05&utm_content=BOTS&_rmId=YeNyvBOAebUOBwyOyBE6ujgYd0OvO
date: Wed, 08 May 2024 14:02:37 GMT
x-amzn-requestid: e76aebc1-8dd8-46be-bf9d-8e592bcc0996
x-amz-apigw-id: XdHfoE0boAMEfLw=
x-amzn-trace-id: Root=1-663b85fd-28395d9a2913793f38cc5620;Parent=7ced5657f8839a53;Sampled=0;lineage=1d44e64c:0
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Ch3N7SmEvt3y82ApoMutA7YT6g-19GbveFQ-fh2I-YPvnmFC-wWl0g==
X-Firefox-Spdy: h2
|
|
| investingavangard.com/privacy-policy?utm_source=remarkety&utm_medium=email&utm_campaign=PATE1%20NO%20COPY%2007.05&utm_content=BOTS&_rmId=YeNyvBOAebUOBwyOyBE6ujgYd0OvO | 50.28.41.31 | 200 OK | 506 B |
URL User Request GET HTTP/1.1investingavangard.com/privacy-policy?utm_source=remarkety&utm_medium=email&utm_campaign=PATE1%20NO%20COPY%2007.05&utm_content=BOTS&_rmId=YeNyvBOAebUOBwyOyBE6ujgYd0OvO IP50.28.41.31:443
CertificateIssuerLet's Encrypt Subjectwww.investingavangard.com FingerprintD8:03:AA:B8:CD:1B:99:45:F5:8F:1A:02:32:74:1A:93:F7:B2:D5:28 ValiditySat, 30 Mar 2024 10:44:13 GMT - Fri, 28 Jun 2024 10:44:12 GMT
File typeHTML document, ASCII text, with very long lines (1167), with no line terminators Hash12d6601b2fde1889763d26e5fe301e46 a3ba27ad75268cee2fd7244f977a01d6d20cf868 30a89e8151ba5d9aff6217a16d2f07571c62adc7dd5b39d3b0c602cf3d37b52b
GET /privacy-policy?utm_source=remarkety&utm_medium=email&utm_campaign=PATE1%20NO%20COPY%2007.05&utm_content=BOTS&_rmId=YeNyvBOAebUOBwyOyBE6ujgYd0OvO HTTP/1.1
Host: investingavangard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 14:02:37 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Wed, 08 May 2024 14:12:37 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 506
Keep-Alive: timeout=2, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| chest.cdntoswitchspirit.com/scripts/connections.js | 172.67.209.227 | 200 OK | 12 kB |
URL GET HTTP/2chest.cdntoswitchspirit.com/scripts/connections.js IP172.67.209.227:443
Requested byhttps://investingavangard.com/privacy-policy?utm_source=remarkety&utm_medium=email&utm_campaign=PATE1%20NO%20COPY%2007.05&utm_content=BOTS&_rmId=YeNyvBOAebUOBwyOyBE6ujgYd0OvO CertificateIssuerLet's Encrypt Subjectcdntoswitchspirit.com FingerprintDF:DB:EE:70:5A:39:BB:E7:A9:C6:4B:5C:24:04:56:6B:D0:D3:C0:AD ValidityMon, 29 Apr 2024 10:49:03 GMT - Sun, 28 Jul 2024 10:49:02 GMT
File typeJavaScript source, ASCII text, with very long lines (10458), with no line terminators Hash2f55ce25abc861b92352d8d02a680307 57941c0f50200a0a6b8b9fdc8c72cd19db9a1392 833458a6c0f1e53614fa5cde6e3dacd63186bf18d12f8665828c1c031543df46
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /scripts/connections.js HTTP/1.1
Host: chest.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://investingavangard.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 14:02:38 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 09:16:52 GMT
vary: Accept-Encoding
etag: W/"663b4304-28da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 16558
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6O%2F7zJsVRtUj%2BHkBie%2BG45G8yMv0YBU9MeKlftB08pHjgo26oIrAaHzftoBfYr%2FPpSjGuA7RRWfQKBFyuH0xYtQ%2Fv02NrDQqhi6vnc3JMJ42OHBmPy%2FuyArHytOoVeCb0XUUErqVMS2TtFurj0s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8809fd192d39b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| done.restartyourchoices.com/stepone | 188.114.97.1 | 200 OK | 0 B |
URL GET HTTP/3done.restartyourchoices.com/stepone IP188.114.97.1:443
Requested byhttps://investingavangard.com/privacy-policy?utm_source=remarkety&utm_medium=email&utm_campaign=PATE1%20NO%20COPY%2007.05&utm_content=BOTS&_rmId=YeNyvBOAebUOBwyOyBE6ujgYd0OvO CertificateIssuerLet's Encrypt Subjectrestartyourchoices.com Fingerprint1E:64:C0:EA:CA:57:4F:66:CB:2A:33:CF:E5:2D:8D:F5:B1:21:CE:D6 ValidityThu, 02 May 2024 15:04:04 GMT - Wed, 31 Jul 2024 15:04:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stepone HTTP/1.1
Host: done.restartyourchoices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://investingavangard.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 14:02:39 GMT
content-type: application/javascript
content-length: 0
cache-control: no-cache, no-store, must-revalidate
expires: Wed, 08 May 2024 14:02:39 GMT
set-cookie: _subid=376l60jilvcl2; expires=Sat, 08 Jun 2024 14:02:39 GMT; path=/
a4fba=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjUxXCI6MTcxNTE3Njk1OX0sXCJjYW1wYWlnbnNcIjp7XCIxNVwiOjE3MTUxNzY5NTl9LFwidGltZVwiOjE3MTUxNzY5NTl9In0.K6tDqALjXqNWGF8fOa5Umu_f3YmBiYDcK18LRUiYxe4; expires=Wed, 14 Sep 2078 12:05:18 GMT; path=/
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g5%2FBaNMUZUBpyQaLd%2Bjbps3FMt8mNYqjju7gTtaMQOohJ%2FPr23%2BPv4yfF8JfhrsUPCJfLqHpTRN65mVprmuMEg8E8OxS%2FHV0x03H13ujigRm7hqxaTkb4XKKk2pc%2BNNF6klK9SmrjaSlgrHyrfc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8809fd1c8a5ab512-OSL
alt-svc: h3=":443"; ma=86400
|
|
| investingavangard.com/favicon.ico | 50.28.41.31 | 200 OK | 506 B |
URL GET HTTP/1.1investingavangard.com/favicon.ico IP50.28.41.31:443
Requested byhttps://investingavangard.com/privacy-policy?utm_source=remarkety&utm_medium=email&utm_campaign=PATE1%20NO%20COPY%2007.05&utm_content=BOTS&_rmId=YeNyvBOAebUOBwyOyBE6ujgYd0OvO CertificateIssuerLet's Encrypt Subjectwww.investingavangard.com FingerprintD8:03:AA:B8:CD:1B:99:45:F5:8F:1A:02:32:74:1A:93:F7:B2:D5:28 ValiditySat, 30 Mar 2024 10:44:13 GMT - Fri, 28 Jun 2024 10:44:12 GMT
File typeHTML document, ASCII text, with very long lines (1167), with no line terminators Hash12d6601b2fde1889763d26e5fe301e46 a3ba27ad75268cee2fd7244f977a01d6d20cf868 30a89e8151ba5d9aff6217a16d2f07571c62adc7dd5b39d3b0c602cf3d37b52b
GET /favicon.ico HTTP/1.1
Host: investingavangard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://investingavangard.com/privacy-policy?utm_source=remarkety&utm_medium=email&utm_campaign=PATE1%20NO%20COPY%2007.05&utm_content=BOTS&_rmId=YeNyvBOAebUOBwyOyBE6ujgYd0OvO
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 14:02:38 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Wed, 08 May 2024 14:12:38 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 506
Keep-Alive: timeout=2, max=149
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| js.cdntoswitchspirit.com/source/split.js | 172.67.209.227 | 200 OK | 36 kB |
URL GET HTTP/3js.cdntoswitchspirit.com/source/split.js IP172.67.209.227:443
Requested byhttps://investingavangard.com/privacy-policy?utm_source=remarkety&utm_medium=email&utm_campaign=PATE1%20NO%20COPY%2007.05&utm_content=BOTS&_rmId=YeNyvBOAebUOBwyOyBE6ujgYd0OvO CertificateIssuerLet's Encrypt Subjectcdntoswitchspirit.com FingerprintDF:DB:EE:70:5A:39:BB:E7:A9:C6:4B:5C:24:04:56:6B:D0:D3:C0:AD ValidityMon, 29 Apr 2024 10:49:03 GMT - Sun, 28 Jul 2024 10:49:02 GMT
File typeJavaScript source, ASCII text, with very long lines (36341), with no line terminators Hashfe59aea1c787d361c69c43c46a747767 2cc61a29d05db4814718cc60450876419afc5d24 9763b6045876ff0f6ddf7f20e19d631346a2f132e675ff1601896b3625fd9816
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /source/split.js HTTP/1.1
Host: js.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://investingavangard.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 14:02:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 30 Apr 2024 15:35:14 GMT
vary: Accept-Encoding
etag: W/"66310fb2-8df5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 16557
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2BdBp5VYI2fDbll8N3EREg1zBn46sSGdnJUUi4g6nOXlBLo5q0xwjFtTkqWt%2BgErpwJISieT6w%2Fyy3qFA8yEJwo2FYpsZEn7xV6Tp0ETuhoKKrZTXU5CFyjD07KqrlHwKgVcmiMddne%2F1e4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8809fd19e9dbb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| jquery.restartyourchoices.com/cdncollect?r1=investingavangard.com | 188.114.97.1 | 200 OK | 10 kB |
URL GET HTTP/2jquery.restartyourchoices.com/cdncollect?r1=investingavangard.com IP188.114.97.1:443
Requested byhttps://investingavangard.com/privacy-policy?utm_source=remarkety&utm_medium=email&utm_campaign=PATE1%20NO%20COPY%2007.05&utm_content=BOTS&_rmId=YeNyvBOAebUOBwyOyBE6ujgYd0OvO CertificateIssuerLet's Encrypt Subjectrestartyourchoices.com Fingerprint1E:64:C0:EA:CA:57:4F:66:CB:2A:33:CF:E5:2D:8D:F5:B1:21:CE:D6 ValidityThu, 02 May 2024 15:04:04 GMT - Wed, 31 Jul 2024 15:04:03 GMT
File typeJavaScript source, ASCII text, with very long lines (10370) Hasha670ec3dd6fa757de5d5aab7abddfe59 07efb08354a342ae821e52b60728a31945c95759 a9aa76d5655c965f1feceec22619fa26acb1c4832f76ea25a79201bbc2b2c2f0
GET /cdncollect?r1=investingavangard.com HTTP/1.1
Host: jquery.restartyourchoices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://investingavangard.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 14:02:39 GMT
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
expires: Wed, 08 May 2024 14:02:39 GMT
set-cookie: _subid=376l60jilvckf; expires=Sat, 08 Jun 2024 14:02:39 GMT; path=/
a4fba=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQxXCI6MTcxNTE3Njk1OX0sXCJjYW1wYWlnbnNcIjp7XCIxM1wiOjE3MTUxNzY5NTl9LFwidGltZVwiOjE3MTUxNzY5NTl9In0.uJ4qRx9m-laVuLpUZMegipuox8FrOZG0acuEkoYWdIg; expires=Thu, 15 Sep 2078 04:05:18 GMT; path=/
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b1uXs3HC85Q2anKhpbK8mIwFxekBSmZmaC3rxmwNqLWoMJ1wEwb54VFhNcH9203HtB42Pk45Hh602aRlzoAi0R1WkXffiPcEGj3GbiO4CLTL%2Fqna4vMSExIrLNjlwMKwzbdM%2FxZxWe7pUq0Sqmj98Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8809fd1b3b3a56c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|