{"report_id":"235bab84-11a1-44d8-a9a9-ddb3e88ff618","version":6,"status":"done","tags":[],"date":"2026-01-30T06:34:03Z","url":{"schema":"https","addr":"claims-moonbird.com/","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"172.67.217.104","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"claims-moonbird.com/","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"title":"MoonBirds | AirDrop","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"claims-moonbird.com/","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"172.67.217.104","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-06T06:34:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-01-30","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"claims-moonbird.com/orion.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-01-30","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"claims-moonbird.com/","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}}],"urlquery":null},"summary":[{"fqdn":"claims-moonbird.com","ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-01-29","domain_rank":0,"first_seen":"2026-01-30T05:45:12.803059Z","last_seen":"2026-01-30T05:45:12.803059Z","alert_count":1,"request_count":17,"received_data":5004975,"sent_data":8374,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"claims-moonbird.com/","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"3433c9d3e9b7e8e5b34ed72e309db572","sha1":"d53d7df082088749c1df6b08330ee9b9e4076932","sha256":"1d96fa9904e3743570bccd5be90e83fd91975299f374093cc6f723673d582dd1","sha512":"ffd0e047331871f21738643968b7eb7fa045ee0e45346a9ea986c4b8a3e745dd310542c6b2734f6d244408bba6548ec66f5cd7662c69485b5e59e3b9432cdff2","ssdeep":"","tlshash":"06f04245bd825a24d35670ddc41f978cc53690dd91491c4cbb64ece1de94c2cdfc6534","size":585,"data":"","first_seen":"2025-08-01T04:16:24.219641Z","last_seen":"2026-06-08T13:16:56.579886Z","times_seen":3107,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"a97d6ef5abced657bf5d46b969b239da","sha1":"212f1fc55f39b82d41e88c7628aec3b33d263afc","sha256":"fd3d3ea23ebc1d6ff9299cbe2cc651dfcd714b9be828c8ca2a81540e2f85eaf9","sha512":"6f35480a04c1360f72ae3d1dec34f1357b49fb10a7c7e6de8124e33a87b075127206686daa9145d40be27c4dd761f078d085a1f2538567c714ede67f66122c7c","ssdeep":"192:7mmQewTVPeY8DpuTM3kpVg9LuKXgnudSWXLPKPIlH4SjmnUYsCc0V02Y2pE2XuCh:7mmQewTYY8Fb3kjgTtLPKPIJgcx0V02l","tlshash":"8732c5b06a242ad911d604e20ace4f5d74f591611179dc249b3ef28a2fec3cab7d37a1","size":11308,"data":"","first_seen":"2025-08-01T04:17:54.885074Z","last_seen":"2026-06-08T13:16:56.588089Z","times_seen":1282,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/c8e39312-487a-46c3-b2d5-a142b4034d51","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f11bcdc7b7757c117a8de0db3a4c25b8","sha1":"962e4d08a960106c829d0f9d492d7b891927adab","sha256":"b60b89c0c92cf57329c8590a2c5540cece4def64e4e7bf04f2d39b8ffa3b2748","sha512":"7461553dadb09db423bda8c47a58f8cdade82aa710a0f4415cde912e7a88cd4471ea86aa58a2e5097c90e2cb45ac410104019c56a04c35955e827f0bb0796040","ssdeep":"6144:vkWGL6BSn5NGCk3zi0mCw8wLPNU2HZjGfty3:cjkSnv1k20mCwFnHRGfty3","tlshash":"1044810609ac4f7986ec22e015f72cc401794e0ad9dc3cbfb9ada1579e25bd6e0c279d","size":259964,"data":"","first_seen":"2025-07-13T03:04:16.940864Z","last_seen":"2026-06-04T05:28:11.313644Z","times_seen":5038,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/orion.js","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8256cac1bd4bdcddf5d245ee81fcc52e","sha1":"9a6dedf90a6703f3b2f4cdaecff3226bf689d201","sha256":"ab8c63dd12dd03136ccd032e5b3884c3d6fe72a9a36d8bca6bf99434332dd3bc","sha512":"2a46c67ddb2cb0c7680f68bd4d0e622ead7cc38a0c8034cade6f7bbde1a5c7c4bdce17e489646a28af1126b87c1f525d723f2592bacb4fff47001ab15727965c","ssdeep":"1536:9kaRasaz1dd527mjiIs113usHqBYLsVFX5saB:9kaRcz732aiIsVqBMs5saB","tlshash":"37b340d6594bd0d58e1a10edd077ec09e0681aa3cdacf183ba2cded2755df22884763b","size":107989,"data":"","first_seen":"2026-01-07T13:23:26.426463Z","last_seen":"2026-02-14T09:07:38.758383Z","times_seen":45,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-01-30","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"claims-moonbird.com/orion.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}}],"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e7cedee5f4aabfe0f0a25596641b0073","sha1":"9e90df4076abbd3350295826c5ad3ec1856ffd56","sha256":"c2e60dc68f09c70895f8cb98a4a88e16cf3c691d5a96b9c93c3aab931eafc258","sha512":"17dc0e86fcd7af709d5ffb50d255169d2300566d30c2da4345505703e6a6ebf303df263db9561688753bc03af86b134ccfa9f763966f8612ef554be796d6c025","ssdeep":"1536:jQe6pw4biVcuVXdWAgB1PusH2DY7sX3lX56oH:Me6KBVcuVtWAgR2Do2X6oH","tlshash":"7fa340d59a4bd0e08e5a11edd077ed0ae0281aa3cdacf193b92cded1355df22c84753a","size":104467,"data":"","first_seen":"2026-01-07T13:23:26.460119Z","last_seen":"2026-02-14T09:07:38.76649Z","times_seen":45,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-01-30","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"claims-moonbird.com/","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"claims-moonbird.com/css2-1.css","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.516Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /css2-1.css HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 2929\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ye7x0MSi%2FJPKom7Cuob%2B3%2FB1tPPHpQIHXlsIUQP7CmsdpzVSWLrJb2fPcK29PPRQjxBczG2H7oBDhHtLUz5j8A6IunczppYM%2BBbqT5rUNC6LSyY%3D\"}]}\r\npriority: u=2,i=?0\r\ncf-ray: 9c5ef05fba618be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T20:34:26.488801Z","times_seen":16249334,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/index_files/partners.svg","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.542Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /index_files/partners.svg HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/index_files/skfhx.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 2929\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KV2tVCpft%2FSBzsCsQidlvc7Wc3VwRwytW4rr4oxcNk%2FArTqfkY4Q7zy9G7IV3BaMs%2B1ayg5vEJJwpM8CSvxdM%2Bs3tgvdFX54MXlsx02KacRFLVE%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9c5ef05fea668be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.563Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2 HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/index_files/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 2929\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nHnciQ0%2BgzsV11ERy3XY%2F4sOHL1aNWZ4fZzPYhgjmf377bOqcT0JHWX7IBkF7Ae3pdJbNbxIlB8EvF%2B5JIVd2vMvGfa%2Bu6UhHacdRfjDC%2FilVKE%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 9c5ef0600a688be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.567Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2 HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/index_files/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 2929\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ubojKkWcxzxxgdZ90A8u07X2xWw%2Bzt5DXomLXSkXh7wn%2BGqAJYhmZnmTT%2B0wIx1l4BJt4ZqUZmLyIO4sX76PERd0mE%2B3SZeMG%2F6G1aiw2mlDQQE%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 9c5ef0600a6b8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/index_files/bafkreifesrdorgmwpy2zfrnzvqb5guc7petxirvf2v2vaxqntytmrwyyw4.png","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /index_files/bafkreifesrdorgmwpy2zfrnzvqb5guc7petxirvf2v2vaxqntytmrwyyw4.png HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: image/png\r\ncontent-length: 5394\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\netag: \"697b544b-1512\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2929\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZV51qaTAm4DGrnJD4OQ38bsuySF9dnnH90btVCeekcSGlGLTbMWpDGf2AQ8xBEKlsSpHoz28HEbEyU6HzRW8et658f9N3NDpKAr0k3IkQTbHZvU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9c5ef05e9a528be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5394,"size_decoded":0,"mime_type":"image/png","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 401x402, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"eef71258de7a12a58e89d1c68ef2e51f","sha1":"9e85a5060491bb5b0fbf1a9aaef60dab9db26e95","sha256":"f072f55ffb215073c0978c77ed3be187fec4a05c6c0e60b8ff93af31038a2518","sha512":"1285a7ae2bf1b1a461930421a28bbde59f5870ce8eb56024d42af3b3cbd8200f2483c63a1c94162209b4fdf53f58dc7a4fbe83dcb9d3a69fb7366aa5005615d0","ssdeep":"96:bc9zQiAcqa5i9427nNZAtmWdFPFcjUI2uwOpT44H6jJ10khmd4nZAhwusX0+b:46b/f9xYtmWbFc/2IT49jztHb","tlshash":"b8b18d070997883a3c8b36afdd7006644304896f9e385bddf466c732862da53062ed9f","first_seen":"2026-01-27T11:12:46.141967Z","last_seen":"2026-02-14T07:55:45.650171Z","times_seen":18,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.566Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2 HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/index_files/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 2929\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mem3FtgQ9qoek6%2BsoG2fWiZzoXn9MxVplA%2BWPg1w%2F7iCDBc125YK2HkXR6nF9mma%2FXnlmkKeJ6TMUwlOCXQrB3JLJ2kxBgDpZGag2hDWLrLc9s4%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 9c5ef0600a698be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.568Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2 HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/index_files/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 2929\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=l%2Bvc4ttcTqPn6pIPMJIl21e1%2B%2BTZrWeWbIFuly9Em69q74WE%2BdOmoy2QmpeQJvRQdNgpdn%2BlGS%2BDbvUG0SBbInqTm69ZTnpoRFO8RDK%2BVbJ2Qtw%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 9c5ef0600a6c8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-30T06:33:38.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eMCj3fuHdjVb1TExnzA%2B8vLJW6jDFCMNAJI3a%2B4M0RuF0bJiBkFypvib9S7UPUMO43XwIurGTTSYikHebvLW9sOX5y%2BQjPu4s6ssp03Nfkrb\"}]}\r\nage: 2929\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9c5ef05d9bea712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":37,"dns":20,"connect":1,"send":0,"wait":14,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/index_files/css2.css","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /index_files/css2.css HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\netag: W/\"697b544b-1833\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 2929\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hXeKlxiwEHF6Q7mUb3hFWnXXCgsVieDUIDFk8k3Gamm4zi9csgP6XvNPyuDbu8CysvWwTZIsygcWHjcyFfCVXb023rK7DR1hEPShU0nXg5wY9B4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c5ef05e8a4e8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6195,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"091a432ce5732c51a183d557901b2425","sha1":"59f1739cbdc6040616f9e4eb170b9bbd3e133d3a","sha256":"2932a0893c6528b13291ff909d3a5b368013a206e3b519e9471c8e104a4ddd20","sha512":"96bd8044dff1a0abcb0c02fe30fe5ae41128ad3e382c8a22cf844d8d38a88081c2ff4114c439d5a6becd2af49c9a4fd679e78a46c63b643fc3274ea403508f97","ssdeep":"192:fTPUZm3KuJxZTk/mm3thJ+UTpm/m3o8J3k:rxDOZjc","tlshash":"56d19d91042f500063971cd663ce3f365edd6148a049da783ffd1c9aaceadba53a174d","first_seen":"2026-01-27T11:12:46.13403Z","last_seen":"2026-02-14T07:55:45.651285Z","times_seen":16,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/index_files/skfhx.css","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /index_files/skfhx.css HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\netag: W/\"697b544b-493e\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 2929\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C5BCoVEjCJC9I28G3SMuw332EEAU1LrlQnIWVA8F4Whde8IiReYYZspgJPLqFfCYHtaFaQO33DX0GB4Os3FIngV8JmIaGDRebPSd96vETv2ykmI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c5ef05e8a508be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18750,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"82aef9a3e1c80478f5323ae7a8ae7668","sha1":"7eb9f4a4d04cba5dca28002dada802abf4c42974","sha256":"5d3197ca298eb840cb43e77bf3fbb6c75bfa01280d4975ba225004c5da5c3934","sha512":"de21db733b730f86bd48a3d43aad885bd42e8166878800363d83bc4673165514a20753ac166c3ee70bb8667eacb69e9f6da7cc1a0c1eedc962318d9899b8fc19","ssdeep":"192:uS6ipGfMckARAjQl+7BNL8k/83Vt5uwrfaTcboz8Dd3AY5UtkJdeENMCKUC0hHv2:adDFuBJ9/GTjvd6bUHyV","tlshash":"018206d2276950247d3bf5582ba79b4db3a8e042990aca7d7bd4206c5fc93ec11e3b4c","first_seen":"2026-01-27T11:12:46.136264Z","last_seen":"2026-02-14T07:55:45.650736Z","times_seen":16,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/css2-1.css","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /css2-1.css HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 2929\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xgdRUGbaC8CeuuLm5ENg4DQsPlrOqCH6NSpJIPJuCmRFxsqy8vH3KHynpzdFBV47qKA1BeT0Tw%2BpoBEK0qgcpbTh5pxkkOxVpz9i51JI3OMgx9Y%3D\"}]}\r\npriority: u=2,i=?0\r\ncf-ray: 9c5ef05e9a518be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T20:34:26.488801Z","times_seen":16249334,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.585Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2 HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/index_files/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 2929\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VWPcy2PIt2ybLyuyeasJzOjNSXXHwpu0IfeeBSKfcI50Q1M8WtKTtdVnycrzudKlPgfx9CAcmmTZw7M3ZyeQ6bcn5YM%2B7iuu%2BfuT4YthYcpvEqc%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 9c5ef0601a6f8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/orion.js","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /orion.js HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\netag: W/\"697b544b-1a5d5\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 2929\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7NHPNFerau6CF7UYvSg64dfiSdJ4mj8HIqDyFgH76q6Fb%2BC3G9f0Tr5MbMSyVz%2BYEj6tW4psT9syxEyP7%2BgnqmqBnZwkOcONokyAt6TUgvijfIQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c5ef05e8a4d8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":107989,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"8256cac1bd4bdcddf5d245ee81fcc52e","sha1":"9a6dedf90a6703f3b2f4cdaecff3226bf689d201","sha256":"ab8c63dd12dd03136ccd032e5b3884c3d6fe72a9a36d8bca6bf99434332dd3bc","sha512":"2a46c67ddb2cb0c7680f68bd4d0e622ead7cc38a0c8034cade6f7bbde1a5c7c4bdce17e489646a28af1126b87c1f525d723f2592bacb4fff47001ab15727965c","ssdeep":"1536:9kaRasaz1dd527mjiIs113usHqBYLsVFX5saB:9kaRcz732aiIsVqBMs5saB","tlshash":"37b340d6594bd0d58e1a10edd077ec09e0681aa3cdacf183ba2cded2755df22884763b","first_seen":"2026-01-07T13:23:26.426463Z","last_seen":"2026-02-14T09:07:38.758383Z","times_seen":45,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-01-30","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"claims-moonbird.com/orion.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}}],"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/index_files/9dlxd.css","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /index_files/9dlxd.css HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\netag: W/\"697b544b-18c3a\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 2929\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mkhgXoNyUPMCDqud%2Foa2Pacs1%2FIl1LPF0rAQkxvJkfe7j5c0Ct67CHxl7zElBnRvT02fFToYxdrjlgWFddmbaRIiG9ocP6%2FCHMH53bd45HMvZZw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c5ef05e8a4f8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":101434,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (41066)","md5":"77edadcee2aadfb1c573c6849e6b6f4b","sha1":"1781c815f6fd6dfc75312cfb2e99709fcffccc3c","sha256":"dd61f2d3bf2b0a2b6f31242ec61888313fa8dced5eed31e9c67e243bbbf08ff9","sha512":"6af29a86d492ab85e8945bee153b9340698ea27738f8aea5e739c970ec579813452f119599e4a86c96be3ba31ee810b02aa55010915eabb752975cdcd2a140cb","ssdeep":"1536:PMCMPMCMjMCM4MCMwMCM3sVMX70vebPMKXSFPTytGuCprfZC8:q70vedCFbytGuCpfZC8","tlshash":"cfa3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2026-01-27T11:12:46.140606Z","last_seen":"2026-02-14T07:55:45.654268Z","times_seen":16,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/secureproxy?e=jscdn/getFile","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"POST /secureproxy?e=jscdn/getFile HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://claims-moonbird.com/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://claims-moonbird.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"eo2upuit3j1bi7kc0oxl\"}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding, origin, access-control-request-method, access-control-request-headers\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f%2FnITqI%2BHPXGJvI5Zou0GAphcff3ZcRnKYWp1oJALuzYXp2%2F5e88rx4N4F85mqjFdBgLMFxPoxiONXUNBQrCobY78NOYSwAUsoKBGncW78vXdg%3D%3D\"}]}\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\npriority: u=4,i=?0\r\ncf-ray: 9c5ef05fda648be6-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4251591,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"cd3029d4edd9719986abd2c68ed7837b","sha1":"4a051b5ccc89c90efbc79c37bd378b3ee60631fc","sha256":"a54ae869f4a716fcc338aab7332ff2fe047c43e7ad47680b6bee914a863e9445","sha512":"1db6d1f38fb27fde2e34a0b3f4b65869097a6c15b6beba2f7a7a52a0542633e0b334d696cb64d7d672ba3802a7fdd8bc39bb269fe6f4cc3bc96e90230ea3136e","ssdeep":"24576:xMw2KtQuSmHNCX+y568v4zODwjGhmOcaEUpj5R+s:xMwEbkIOy56i4zUjY2EUZ5N","tlshash":"522512e7a087e0c22a69cc457fd05deea89a314db5d7063222ccdd84a55f0bdc7d89a3","first_seen":"2026-01-30T05:45:18.714536Z","last_seen":"2026-01-30T06:36:50.498291Z","times_seen":4,"resource_available":false,"data":null}},"time_used":740,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":326,"receive":414,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.569Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2 HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/index_files/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 2929\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Zolk6LW6fsZSKwollcTZxIj8RW6tNgZ3SYCzzja2W1K1PyPDOoYSbNKdxAsDvmwYObe8tAVD3mAe4GJJaUCpBw3dqqN36l40SexDxlFSPY6UbBk%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 9c5ef0600a6d8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claims-moonbird.com/index_files/bafkreifesrdorgmwpy2zfrnzvqb5guc7petxirvf2v2vaxqntytmrwyyw4.png","fqdn":"claims-moonbird.com","domain":"claims-moonbird.com","tld":"com"},"ip":{"addr":"104.21.86.93","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claims-moonbird.com/","date":"2026-01-30T06:33:38.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claims-moonbird.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 11:38:49 GMT","end":"Wed, 29 Apr 2026 12:37:26 GMT"},"fingerprint":{"sha1":"FA:31:75:B8:88:CF:3D:4B:21:90:96:6B:4E:44:03:DA:B3:CE:12:57","sha256":"74:2F:F0:79:4F:D4:CF:2B:60:51:F0:25:20:C9:62:A0:A5:55:06:F2:22:AC:4E:A3:9C:AB:E3:CF:3B:C5:F9:9D"}}},"request":{"raw":"GET /index_files/bafkreifesrdorgmwpy2zfrnzvqb5guc7petxirvf2v2vaxqntytmrwyyw4.png HTTP/1.1\r\nHost: claims-moonbird.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claims-moonbird.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 06:33:38 GMT\r\ncontent-type: image/png\r\ncontent-length: 5394\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 12:36:27 GMT\r\netag: \"697b544b-1512\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2929\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YBZWNkvXkWurdwyL7Cp0nx1WfXYtkVCMjg3FqOwirHU4oDKtHyldmH8NAHgBloFeKGyclTQeEHlvXkqOqY3F9wg0YZ3DlI%2FKYcHhDj5vpdWCuXc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9c5ef060da978be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5394,"size_decoded":0,"mime_type":"image/png","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 401x402, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"eef71258de7a12a58e89d1c68ef2e51f","sha1":"9e85a5060491bb5b0fbf1a9aaef60dab9db26e95","sha256":"f072f55ffb215073c0978c77ed3be187fec4a05c6c0e60b8ff93af31038a2518","sha512":"1285a7ae2bf1b1a461930421a28bbde59f5870ce8eb56024d42af3b3cbd8200f2483c63a1c94162209b4fdf53f58dc7a4fbe83dcb9d3a69fb7366aa5005615d0","ssdeep":"96:bc9zQiAcqa5i9427nNZAtmWdFPFcjUI2uwOpT44H6jJ10khmd4nZAhwusX0+b:46b/f9xYtmWbFc/2IT49jztHb","tlshash":"b8b18d070997883a3c8b36afdd7006644304896f9e385bddf466c732862da53062ed9f","first_seen":"2026-01-27T11:12:46.141967Z","last_seen":"2026-02-14T07:55:45.650171Z","times_seen":18,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}