{"report_id":"3f04cbbc-6320-422f-a530-c1008e98432e","version":6,"status":"done","tags":[],"date":"2025-10-22T18:59:57Z","url":{"schema":"http","addr":"www.meintercept.com/4C2WD7/257M7CM/?sub1=1percent_better\u0026sub2=newsletter\u0026sub3=10_22_2025\u0026uid=15993\u0026utm_medium=email\u0026utm_source=breaker","fqdn":"www.meintercept.com","domain":"meintercept.com","tld":"com"},"ip":{"addr":"49.12.17.5","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"thenewmoney.app.link/?utm_source=Media_Intercept\u0026utm_campaign=1percentbetter","fqdn":"thenewmoney.app.link","domain":"app.link","tld":"link"},"title":"thenewmoney.app.link/?utm_source=Media_Intercept\u0026utm_campaign=1percentbetter"},"submit":{"url":{"schema":"http","addr":"www.meintercept.com/4C2WD7/257M7CM/?sub1=1percent_better\u0026sub2=newsletter\u0026sub3=10_22_2025\u0026uid=15993\u0026utm_medium=email\u0026utm_source=breaker","fqdn":"www.meintercept.com","domain":"meintercept.com","tld":"com"},"ip":{"addr":"49.12.17.5","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-26T18:59:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-22","alert":"Sinkholed","trigger":"www.meintercept.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-10-19T22:12:30.612025Z","alert_count":0,"request_count":1,"received_data":15711,"sent_data":560,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.meintercept.com","ip":{"addr":"49.12.17.5","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2023-02-28","domain_rank":0,"first_seen":"2023-03-09T21:48:49Z","last_seen":"2025-09-25T18:35:49.386797Z","alert_count":1,"request_count":1,"received_data":9243,"sent_data":602,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.meddiainter.com","ip":{"addr":"35.186.208.187","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2025-02-20","domain_rank":0,"first_seen":"2025-03-06T05:10:04.31623Z","last_seen":"2025-09-25T18:35:49.481579Z","alert_count":0,"request_count":1,"received_data":9470,"sent_data":602,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}]},{"fqdn":"thenewmoney.app.link","ip":{"addr":"54.240.174.84","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2015-03-18","domain_rank":0,"first_seen":"2025-10-22T18:59:57.330258Z","last_seen":"2025-10-22T18:59:57.330258Z","alert_count":0,"request_count":2,"received_data":10340,"sent_data":1127,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-10-19T22:12:35.4735Z","alert_count":0,"request_count":1,"received_data":6678,"sent_data":502,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"i.ibb.co","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2010-07-20","domain_rank":21643,"first_seen":"2018-11-25T10:13:48Z","last_seen":"2025-10-20T06:22:28.224995Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":448,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.meintercept.com/4C2WD7/257M7CM/?sub1=1percent_better\u0026sub2=newsletter\u0026sub3=10_22_2025\u0026uid=15993\u0026utm_medium=email\u0026utm_source=breaker","fqdn":"www.meintercept.com","domain":"meintercept.com","tld":"com"},"ip":{"addr":"49.12.17.5","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-22T18:59:34.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.meintercept.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 03 Sep 2025 00:00:00 GMT","end":"Tue, 02 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B7:D2:EC:5C:F4:C8:D9:FD:BA:52:24:EA:7C:4B:D0:EB:8B:DE:94:15","sha256":"E3:8E:1C:70:9C:14:63:64:AB:08:63:A2:4B:B4:48:84:AF:DC:78:5D:DC:92:EC:D2:FE:9F:49:0C:C2:3B:75:BA"}}},"request":{"raw":"GET /4C2WD7/257M7CM/?sub1=1percent_better\u0026sub2=newsletter\u0026sub3=10_22_2025\u0026uid=15993\u0026utm_medium=email\u0026utm_source=breaker HTTP/1.1\r\nHost: www.meintercept.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\ndate: Wed, 22 Oct 2025 18:59:35 GMT\r\ncontent-length: 0\r\nlocation: https://www.meddiainter.com/4C2WD7/257M7CM/?sub1=1percent_better\u0026sub2=newsletter\u0026sub3=10_22_2025\u0026uid=15993\u0026utm_medium=email\u0026utm_source=breaker\r\ncache-control: no-store\r\nvary: Origin\r\nstrict-transport-security: max-age=15724800; includeSubDomains\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform-Version, RTT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8752,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":425,"timings":{"blocked":186,"dns":118,"connect":24,"send":0,"wait":52,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-22","alert":"Sinkholed","trigger":"www.meintercept.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.meddiainter.com/4C2WD7/257M7CM/?sub1=1percent_better\u0026sub2=newsletter\u0026sub3=10_22_2025\u0026uid=15993\u0026utm_medium=email\u0026utm_source=breaker","fqdn":"www.meddiainter.com","domain":"meddiainter.com","tld":"com"},"ip":{"addr":"35.186.208.187","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-22T18:59:35.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.meddiainter.com","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Mon, 13 Oct 2025 16:21:28 GMT","end":"Sun, 11 Jan 2026 17:17:23 GMT"},"fingerprint":{"sha1":"0B:B3:26:47:14:EA:A4:1C:D4:36:DB:1F:1B:23:B6:C4:E1:AB:02:3D","sha256":"39:0A:53:F6:7B:66:2D:C0:64:F9:74:D6:A3:3D:46:4E:C5:39:B9:21:2E:10:8F:70:1C:F4:40:DA:EA:6B:90:E4"}}},"request":{"raw":"GET /4C2WD7/257M7CM/?sub1=1percent_better\u0026sub2=newsletter\u0026sub3=10_22_2025\u0026uid=15993\u0026utm_medium=email\u0026utm_source=breaker HTTP/1.1\r\nHost: www.meddiainter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Wed, 22 Oct 2025 18:59:35 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 110\r\naccept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model\r\nlocation: https://thenewmoney.app.link?utm_source=Media_Intercept\u0026utm_campaign=1percentbetter\r\nset-cookie: uniqueClick_257M7CM=bd8a6726-ca67-4c68-b7d8-2a7a6d1b04ae:1761159575; Path=/; Expires=Thu, 23 Oct 2025 18:59:35 GMT; Secure; SameSite=None\ntransaction_id=7cf65d29b1324dd9b3c2440bf43675ca; Path=/; Expires=Tue, 20 Jan 2026 18:59:35 GMT; Secure; SameSite=None\r\nvary: Origin\r\nx-eflow-request-id: 6eab5e57-cb09-4b2b-a440-cf607050db5b\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":8752,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":700,"timings":{"blocked":280,"dns":33,"connect":13,"send":0,"wait":139,"receive":0,"ssl":232},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thenewmoney.app.link/?utm_source=Media_Intercept\u0026utm_campaign=1percentbetter","fqdn":"thenewmoney.app.link","domain":"app.link","tld":"link"},"ip":{"addr":"54.240.174.84","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-22T18:59:35.520Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"appipv4.link","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Sat, 22 Feb 2025 00:00:00 GMT","end":"Mon, 23 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EB:22:AD:48:AB:D7:D3:CF:49:48:E7:9A:A3:CE:5A:7C:5E:6E:40:59","sha256":"47:02:AF:3B:60:32:D7:72:5B:EB:60:CA:68:53:1A:A8:FF:AA:4A:E2:0C:27:7D:9E:23:31:A5:A3:97:2F:78:F3"}}},"request":{"raw":"GET /?utm_source=Media_Intercept\u0026utm_campaign=1percentbetter HTTP/1.1\r\nHost: thenewmoney.app.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=utf-8\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 18:59:35 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Model\r\naccess-control-allow-origin: *\r\nset-cookie: _s=KKUrGqKGcDWqXshNb%2Bktfn4Mb%2Bq7kTkA8raPo2ZDDZ4xPk5OdcgXceVpKmm2IdcB; Max-Age=31536000; Domain=.app.link; Path=/; Expires=Thu, 22 Oct 2026 18:59:35 GMT; Secure\r\nlast-modified: Wed, 22 Oct 2025 18:59:35 GMT\r\ncontent-security-policy: frame-ancestors 'self'\r\nvary: accept-encoding\r\ncontent-encoding: gzip\r\netag: W/\"2230-qsK44GhIxZKihGsjX8dY/6vt6n0\"\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: kTkfvfeWJsx3etvFcfHFajSGVK_4krYSYSZSAxOS8vZX7-xJUhq2-Q==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8752,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (2698)","md5":"a291bddb09844e1dd66881a08e2c7495","sha1":"aac2b8e06848c592a2846b235fc758ffabedea7d","sha256":"2e3a6039efb3ff94e96810e6a44d710253c0d90f20926d4328a169e9059896cf","sha512":"d132362587fb60cc3f15c685c92101d62a1631aa8c2ac0e926d36113c1c73766d5176e92bbf15e6fd7340037d2ad0072bfe9e0144f037f96a9564624a0512cb8","ssdeep":"192:eMcGxgqxWpOIa+ig597Bdl+wYFEk9gP+hdYhdYJg0rkks:epjieLmkks","tlshash":"5902d7324b931055b857e0e86b762b9b1a22d103c20bdd6c3f8c7794efc69e489827cd","first_seen":"2025-10-22T18:59:59.539177Z","last_seen":"2025-10-22T18:59:59.539177Z","times_seen":1,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":38,"dns":29,"connect":1,"send":0,"wait":185,"receive":0,"ssl":6},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Lato:wght@900\u0026family=Source+Sans+Pro:wght@400;600\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://thenewmoney.app.link/?utm_source=Media_Intercept\u0026utm_campaign=1percentbetter","date":"2025-10-22T18:59:36.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:41:52 GMT","end":"Mon, 15 Dec 2025 08:41:51 GMT"},"fingerprint":{"sha1":"04:E6:D3:58:E3:A1:E3:05:2B:C3:56:5D:68:BB:1B:0A:08:C6:E3:FB","sha256":"25:4C:B3:A3:9A:E1:D7:FD:25:B6:BF:E9:AA:97:95:20:5D:F2:15:EA:41:46:B6:6B:01:17:19:26:EC:EF:D3:CA"}}},"request":{"raw":"GET /css2?family=Lato:wght@900\u0026family=Source+Sans+Pro:wght@400;600\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://thenewmoney.app.link/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 22 Oct 2025 18:59:36 GMT\r\ndate: Wed, 22 Oct 2025 18:59:36 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5992,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"e9637366acf5c0e11c441ce54ec066cf","sha1":"d40a78e3e865a1d2a4de57e6a93639b0236731fb","sha256":"ef5dd87984d82df56528b2afc8ae361f8431f1f3e8a1515906c95dbeb75fb144","sha512":"323c33aa9631f48739b3cd73faf27b7b00c3b6433ced01e83659dc6965e988375df35c09f2980d066cd60d3a0b6a1ea7be46148148a3e43b59470dcfce27c53d","ssdeep":"96:HObafJc+u7ObaoNIOEaqxOEakFZMOEauOEa83kOEa+OEaDJc+u4OEaDNIOxMaVxR:j76qq+cJ83LZXgrV05QU3tzGqQ","tlshash":"76c1c0f2445aa404dba30cc633de7f7aad4e61216145c17a9ffd0888acaac2a5365f1d","first_seen":"2025-10-17T18:53:54.43625Z","last_seen":"2026-03-25T14:43:25.253087Z","times_seen":10,"resource_available":false,"data":null}},"time_used":246,"timings":{"blocked":86,"dns":1,"connect":20,"send":0,"wait":70,"receive":0,"ssl":65},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.ibb.co/gFzfXGhx/icon-wrapper.png","fqdn":"i.ibb.co","domain":"ibb.co","tld":"co"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://thenewmoney.app.link/?utm_source=Media_Intercept\u0026utm_campaign=1percentbetter","date":"2025-10-22T18:59:36.277Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gFzfXGhx/icon-wrapper.png HTTP/1.1\r\nHost: i.ibb.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://thenewmoney.app.link/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":7800,"timings":{"blocked":7800,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thenewmoney.app.link/favicon.ico","fqdn":"thenewmoney.app.link","domain":"app.link","tld":"link"},"ip":{"addr":"54.240.174.84","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://thenewmoney.app.link/?utm_source=Media_Intercept\u0026utm_campaign=1percentbetter","date":"2025-10-22T18:59:36.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"appipv4.link","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Sat, 22 Feb 2025 00:00:00 GMT","end":"Mon, 23 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EB:22:AD:48:AB:D7:D3:CF:49:48:E7:9A:A3:CE:5A:7C:5E:6E:40:59","sha256":"47:02:AF:3B:60:32:D7:72:5B:EB:60:CA:68:53:1A:A8:FF:AA:4A:E2:0C:27:7D:9E:23:31:A5:A3:97:2F:78:F3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: thenewmoney.app.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://thenewmoney.app.link/?utm_source=Media_Intercept\u0026utm_campaign=1percentbetter\r\nCookie: _s=KKUrGqKGcDWqXshNb%2Bktfn4Mb%2Bq7kTkA8raPo2ZDDZ4xPk5OdcgXceVpKmm2IdcB\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/x-icon\r\ncontent-length: 198\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 18:59:36 GMT\r\nlast-modified: Fri, 04 Apr 2025 22:56:46 GMT\r\naccept-ranges: bytes\r\netag: \"67f063ae-c6\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Model\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: bMHK6swSuLcWUAe_pMYjMOmXPwUMwizIP5NBfTzWO2kPpugVbk2K_A==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":198,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 2 colors","md5":"c6acedaff906029fc5455d9ec52c7f42","sha1":"92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81","sha256":"9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b","sha512":"7a8d002ca6b607e38860ad4485493e109cb7d3bef241b0e5bf2a65c2e316e6185ded8ec74e3fcbd78745ab302c6d876657abc178ee028d1b8b9a5572f429d972","ssdeep":"","tlshash":"99d002433104c014c0100635c407dbf407546c018d94274731503f5f7c505c81c64650","first_seen":"2023-04-08T04:59:04Z","last_seen":"2026-04-03T23:47:11.197822Z","times_seen":7139,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/sourcesanspro/v23/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://thenewmoney.app.link/?utm_source=Media_Intercept\u0026utm_campaign=1percentbetter","date":"2025-10-22T18:59:36.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:34:07 GMT","end":"Wed, 24 Dec 2025 14:34:06 GMT"},"fingerprint":{"sha1":"CE:D7:82:8C:04:B0:E5:F9:3B:52:AC:E2:75:72:A1:31:F8:D2:42:D4","sha256":"B8:54:E9:B3:89:59:D3:D4:18:71:52:99:FF:BB:D7:4C:BF:09:4A:EE:50:59:19:40:A0:6E:17:ED:80:73:3B:22"}}},"request":{"raw":"GET /s/sourcesanspro/v23/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://thenewmoney.app.link\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14876\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 16 Oct 2025 16:57:30 GMT\r\nexpires: Fri, 16 Oct 2026 16:57:30 GMT\r\ncache-control: public, max-age=31536000\r\nage: 525726\r\nlast-modified: Wed, 10 Sep 2025 16:43:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14876,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14876, version 1.0","md5":"f3123e85194abd443cce2d67011a2492","sha1":"fb82ae035f301d2c2d47b64abe0e4f28fdc46a6d","sha256":"156650610835fe32914722ecfc8dab0ebbb84795e201b842158afa0ea873cfa4","sha512":"1aab412233d01ef623e349dcbfd387b930e42c6fc80a2e1f892cc19979db2e59f5f5dced33c69b32db2716286b454b8c2368d3e42644377aa10e196952122655","ssdeep":"192:qJ5lReG9wrdpmtTUniXkMpzKdTVVANX27iPr0xesgwH+Y2oBmTp8w4t0F3qJTQky:SReDrmgnixp2dZmiEKf2owfF3qy9yY","tlshash":"6362d04f3513af70e15ee777d0fb7d292443bfda600c9d9891a395b4a44a01d207bb42","first_seen":"2025-09-11T17:21:57.325452Z","last_seen":"2026-04-04T01:13:06.943443Z","times_seen":12589,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":115,"dns":1,"connect":29,"send":0,"wait":30,"receive":6,"ssl":82},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}