{"report_id":"6e335c12-3f41-4c18-82c4-166987f51c27","version":6,"status":"done","tags":[],"date":"2026-01-31T14:37:05Z","url":{"schema":"http","addr":"airdrop.moonblrds.org","fqdn":"airdrop.moonblrds.org","domain":"moonblrds.org","tld":"org"},"ip":{"addr":"94.141.122.67","port":0,"asn":215826,"as":"Partner Hosting LTD","country":"Finland","country_code":"FI"},"final":{"url":{"schema":"https","addr":"airdrop.moonblrds.org/","fqdn":"airdrop.moonblrds.org","domain":"moonblrds.org","tld":"org"},"title":"Moonbirds Minting","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"airdrop.moonblrds.org","fqdn":"airdrop.moonblrds.org","domain":"moonblrds.org","tld":"org"},"ip":{"addr":"94.141.122.67","port":0,"asn":215826,"as":"Partner Hosting LTD","country":"Finland","country_code":"FI"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-07T14:37:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"airdrop.moonblrds.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"airdrop.moonblrds.org","ip":{"addr":"94.141.122.67","port":443,"asn":215826,"as":"Partner Hosting LTD","country":"Finland","country_code":"FI"},"domain_registered":"2026-01-23","domain_rank":0,"first_seen":"2026-01-31T13:54:45.108009Z","last_seen":"2026-01-31T13:54:45.108009Z","alert_count":7,"request_count":7,"received_data":14167726,"sent_data":3644,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"airdrop.moonblrds.org/react-bootstrap.fluid.cjs.js","fqdn":"airdrop.moonblrds.org","domain":"moonblrds.org","tld":"org"},"ip":{"addr":"94.141.122.67","port":443,"asn":215826,"as":"Partner Hosting LTD","country":"Finland","country_code":"FI"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec1fafee62e809e87e94cd0c80e1e9bb","sha1":"515f873e9d6d65b46f21b2a3d2a550a9920515b4","sha256":"a190da459dbbb13fd0b1a151bce8ed59bc38affbce1fb8200a8d867d2908304d","sha512":"792c21280e16d194fa8d19410c575661656ba1f998cd0f3cea6ac52b26b0f82ac207c151fe2859ded34a26ce944c32ed7579b0ebf6435f963e97293603b61452","ssdeep":"3072:KPvhHUpyhHUpexbmjWQ3zvpCRlqGjUMVaDtw1q9uk+DV68nlvwHsqd07RV69uj5Z:KLQ3zvNGYAVwcbWxrMtWZxe","tlshash":"e58444a1c3bb6075c30181e2ee93d2ecd80c77192e89f7777242a475a772abe91d512c","size":401829,"data":"","first_seen":"2026-01-31T13:54:51.832135Z","last_seen":"2026-01-31T14:37:07.542702Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"airdrop.moonblrds.org/","fqdn":"airdrop.moonblrds.org","domain":"moonblrds.org","tld":"org"},"ip":{"addr":"94.141.122.67","port":443,"asn":215826,"as":"Partner Hosting LTD","country":"Finland","country_code":"FI"},"introduction_type":"Function","is_inline":false,"md5":"013eda685097ff52ad5d94840c49c7fd","sha1":"466dceccaa611d8650b0002c9f06ae15e524ddb1","sha256":"86a936ec708f6008d7931f5b08ea809fc038d4213af42f71166fda342094091e","sha512":"108d7c608973cadc1d9549ed537671465dd361d4ccca600bdbfb1eb71f0f904c0b0d75125e22593665a97e07a21d5a1d42743ab1702fa5b2dda1025c77a31dd8","ssdeep":"3072:2n1hHUpyhHUpex7ublTg+++8wlph/txgUyVaT8jg9ukWHVi8VlvwHs0dOTe9apbU:2kjz8Vu8MD0vUdxB","tlshash":"34845571c7bb6075c70181e6ee93d3ecc80c77192a49f7377212a135abb2aba91d512c","size":394900,"data":"","first_seen":"2026-01-31T13:54:51.838568Z","last_seen":"2026-01-31T14:37:07.550593Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"airdrop.moonblrds.org/H7qYm3zu.php?s=%2F%40v1%2Fcdn%2Fjs%2Fdayjs.prod.esm.js%3Ft%3D29497836%26u%3Da3MCiQtOnZEmboRoGDY5NTNlZjc2YzYzZGU1YmE5YjdmNGZiYVFwn7o8tENxUJmjgQ","fqdn":"airdrop.moonblrds.org","domain":"moonblrds.org","tld":"org"},"ip":{"addr":"94.141.122.67","port":443,"asn":215826,"as":"Partner Hosting LTD","country":"Finland","country_code":"FI"},"introduction_type":"scriptElement","is_inline":false,"md5":"c835ce0aa761a791b29ba4c102a85e28","sha1":"828e40328ca8ff740f1090e6f63e170c1592a62c","sha256":"4ee6631554867dc1bfadbfe5f4b4ebf4cec5164ba142f8db92f840c2028496cf","sha512":"49cefc3ca9614cebafe201eef12b5cdebcdd19da6ab30f530d7a81a8ef91fca5f02eb63108b8056c2dbd4c22b8b337aae939a712f4a876bdeef21a1e2a9f3225","ssdeep":"6144:9ujB8gltIeTM5/S8g6zRhNgDzQebuazBzqXQPkBAUvVdZcml4L:ihltVM/g6ZszQeqazNqXQcBvK","tlshash":"29d4bcec970a167788cb97b6423363afef884d1a236b3c406ec19cd1574a74e53ea15c","size":641034,"data":"","first_seen":"2026-01-01T19:22:06.925398Z","last_seen":"2026-03-30T11:52:16.142566Z","times_seen":405,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"airdrop.moonblrds.org/","fqdn":"airdrop.moonblrds.org","domain":"moonblrds.org","tld":"org"},"ip":{"addr":"94.141.122.67","port":443,"asn":215826,"as":"Partner Hosting LTD","country":"Finland","country_code":"FI"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-31T14:36:40.591Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"airdrop.moonblrds.org","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 28 Jan 2026 02:08:28 GMT","end":"Tue, 28 Apr 2026 02:08:27 GMT"},"fingerprint":{"sha1":"D3:E6:88:D2:32:33:82:BC:6B:15:AE:D2:5F:F9:7C:98:4F:D1:F2:77","sha256":"0A:EB:33:EF:B9:5E:61:7A:62:8A:2A:45:7A:6A:59:9F:9C:13:DF:59:26:C0:C0:FA:A0:07:62:7A:33:70:96:4C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: airdrop.moonblrds.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.1\r\nDate: Sat, 31 Jan 2026 14:36:41 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0\r\nPragma: no-cache\r\nExpires: 0\r\nSurrogate-Control: no-store\r\nSet-Cookie: sid=8b7809c7-8cb5-4fb4-a29b-c741a2a3b990; expires=Mon, 02 Mar 2026 14:36:41 GMT; Max-Age=2592000; path=/\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6032038,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (58450), with CRLF line terminators","md5":"2d7d8ae9be2782d100e797fc91b8c21c","sha1":"eb6c8c5323b3973c2445203354a74b2352224805","sha256":"b4ac47e77dfa6763b8df46d991c3f08f67b9d10bfe15384a819276594417741e","sha512":"eca51645dc6c9b015b31446ad4961d6a04962e878cd177ac6cdbddda4cc00d442c4b2ea36aba904becb097db2639bce1b2726eb66f51d3ba12dd89a1b493f069","ssdeep":"12288:QnH+xZASXGaeVyvNmBRreWO2fWVW5A1VyvbJBxreW32fWVW5AWVyv98Bl:oBxqEeW5ACRrEeW5AMl","tlshash":"f5258eea2324fd3e6c37a015925cb92c5b07f586ae236df5e952253343c7ff26826118","first_seen":"2026-01-31T13:54:51.815421Z","last_seen":"2026-01-31T14:37:07.538611Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1367,"timings":{"blocked":327,"dns":234,"connect":42,"send":0,"wait":296,"receive":416,"ssl":48},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"airdrop.moonblrds.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"airdrop.moonblrds.org/image.png","fqdn":"airdrop.moonblrds.org","domain":"moonblrds.org","tld":"org"},"ip":{"addr":"94.141.122.67","port":443,"asn":215826,"as":"Partner Hosting LTD","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://airdrop.moonblrds.org/","date":"2026-01-31T14:36:41.677Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"airdrop.moonblrds.org","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 28 Jan 2026 02:08:28 GMT","end":"Tue, 28 Apr 2026 02:08:27 GMT"},"fingerprint":{"sha1":"D3:E6:88:D2:32:33:82:BC:6B:15:AE:D2:5F:F9:7C:98:4F:D1:F2:77","sha256":"0A:EB:33:EF:B9:5E:61:7A:62:8A:2A:45:7A:6A:59:9F:9C:13:DF:59:26:C0:C0:FA:A0:07:62:7A:33:70:96:4C"}}},"request":{"raw":"GET /image.png HTTP/1.1\r\nHost: airdrop.moonblrds.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://airdrop.moonblrds.org/\r\nCookie: sid=8b7809c7-8cb5-4fb4-a29b-c741a2a3b990\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.1\r\nDate: Sat, 31 Jan 2026 14:36:41 GMT\r\nContent-Type: image/png\r\nLast-Modified: Fri, 23 Jan 2026 23:15:22 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"6974010a-d5fd1\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":876497,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGB, non-interlaced","md5":"29346039088de2fda521e6c303e584f9","sha1":"38b9d1ecf802933cb426780512d6a8c686a5aa67","sha256":"600f176d089a466918e96199a79a88752b48aad9c943ee5b921760789430d351","sha512":"776e774eb132e267f32338a54da2e43bca51135da3c2dcd5f52f72d6870920468cd5bda5d806e6e0ca17adc08524c35d665d29180a0c7513334c35bd7becd505","ssdeep":"24576:D0oN1tUlW4gtQQLSab/MT/xyZyy4e8HNs8Aa9HLV:D0o7tYWfXb/aoAy8s8HhV","tlshash":"d8152351f0c42d29019efc30ab223545bb56be3d55e300fdb8edaa05ddbba4ee85290d","first_seen":"2026-01-27T23:45:28.46106Z","last_seen":"2026-01-31T14:37:07.541664Z","times_seen":4,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":50,"dns":0,"connect":0,"send":0,"wait":44,"receive":44,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"airdrop.moonblrds.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"airdrop.moonblrds.org/react-bootstrap.fluid.cjs.js","fqdn":"airdrop.moonblrds.org","domain":"moonblrds.org","tld":"org"},"ip":{"addr":"94.141.122.67","port":443,"asn":215826,"as":"Partner Hosting LTD","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://airdrop.moonblrds.org/","date":"2026-01-31T14:36:41.675Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"airdrop.moonblrds.org","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 28 Jan 2026 02:08:28 GMT","end":"Tue, 28 Apr 2026 02:08:27 GMT"},"fingerprint":{"sha1":"D3:E6:88:D2:32:33:82:BC:6B:15:AE:D2:5F:F9:7C:98:4F:D1:F2:77","sha256":"0A:EB:33:EF:B9:5E:61:7A:62:8A:2A:45:7A:6A:59:9F:9C:13:DF:59:26:C0:C0:FA:A0:07:62:7A:33:70:96:4C"}}},"request":{"raw":"GET /react-bootstrap.fluid.cjs.js HTTP/1.1\r\nHost: airdrop.moonblrds.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://airdrop.moonblrds.org/\r\nCookie: sid=8b7809c7-8cb5-4fb4-a29b-c741a2a3b990\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.1\r\nDate: Sat, 31 Jan 2026 14:36:41 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Fri, 23 Jan 2026 23:29:00 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"6974043c-621a5\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":401829,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65159)","md5":"ec1fafee62e809e87e94cd0c80e1e9bb","sha1":"515f873e9d6d65b46f21b2a3d2a550a9920515b4","sha256":"a190da459dbbb13fd0b1a151bce8ed59bc38affbce1fb8200a8d867d2908304d","sha512":"792c21280e16d194fa8d19410c575661656ba1f998cd0f3cea6ac52b26b0f82ac207c151fe2859ded34a26ce944c32ed7579b0ebf6435f963e97293603b61452","ssdeep":"3072:KPvhHUpyhHUpexbmjWQ3zvpCRlqGjUMVaDtw1q9uk+DV68nlvwHsqd07RV69uj5Z:KLQ3zvNGYAVwcbWxrMtWZxe","tlshash":"e58444a1c3bb6075c30181e2ee93d2ecd80c77192e89f7777242a475a772abe91d512c","first_seen":"2026-01-31T13:54:51.832135Z","last_seen":"2026-01-31T14:37:07.542702Z","times_seen":2,"resource_available":true,"data":null}},"time_used":51,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":44,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"airdrop.moonblrds.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"airdrop.moonblrds.org/secureproxy?e=ping_proxy","fqdn":"airdrop.moonblrds.org","domain":"moonblrds.org","tld":"org"},"ip":{"addr":"94.141.122.67","port":443,"asn":215826,"as":"Partner Hosting LTD","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://airdrop.moonblrds.org/","date":"2026-01-31T14:36:43.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"airdrop.moonblrds.org","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 28 Jan 2026 02:08:28 GMT","end":"Tue, 28 Apr 2026 02:08:27 GMT"},"fingerprint":{"sha1":"D3:E6:88:D2:32:33:82:BC:6B:15:AE:D2:5F:F9:7C:98:4F:D1:F2:77","sha256":"0A:EB:33:EF:B9:5E:61:7A:62:8A:2A:45:7A:6A:59:9F:9C:13:DF:59:26:C0:C0:FA:A0:07:62:7A:33:70:96:4C"}}},"request":{"raw":"GET /secureproxy?e=ping_proxy HTTP/1.1\r\nHost: airdrop.moonblrds.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://airdrop.moonblrds.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: sid=8b7809c7-8cb5-4fb4-a29b-c741a2a3b990\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.1\r\nDate: Sat, 31 Jan 2026 14:36:43 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0\r\nPragma: no-cache\r\nExpires: 0\r\nSurrogate-Control: no-store\r\nSet-Cookie: sid=8b7809c7-8cb5-4fb4-a29b-c741a2a3b990; expires=Mon, 02 Mar 2026 14:36:43 GMT; Max-Age=2592000; path=/\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.28.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6032038,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (58450), with CRLF line terminators","md5":"2d7d8ae9be2782d100e797fc91b8c21c","sha1":"eb6c8c5323b3973c2445203354a74b2352224805","sha256":"b4ac47e77dfa6763b8df46d991c3f08f67b9d10bfe15384a819276594417741e","sha512":"eca51645dc6c9b015b31446ad4961d6a04962e878cd177ac6cdbddda4cc00d442c4b2ea36aba904becb097db2639bce1b2726eb66f51d3ba12dd89a1b493f069","ssdeep":"12288:QnH+xZASXGaeVyvNmBRreWO2fWVW5A1VyvbJBxreW32fWVW5AWVyv98Bl:oBxqEeW5ACRrEeW5AMl","tlshash":"f5258eea2324fd3e6c37a015925cb92c5b07f586ae236df5e952253343c7ff26826118","first_seen":"2026-01-31T13:54:51.815421Z","last_seen":"2026-01-31T14:37:07.538611Z","times_seen":2,"resource_available":false,"data":null}},"time_used":515,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":189,"receive":326,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"airdrop.moonblrds.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"airdrop.moonblrds.org/","fqdn":"airdrop.moonblrds.org","domain":"moonblrds.org","tld":"org"},"ip":{"addr":"94.141.122.67","port":443,"asn":215826,"as":"Partner Hosting LTD","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://airdrop.moonblrds.org/","date":"2026-01-31T14:36:43.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"airdrop.moonblrds.org","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 28 Jan 2026 02:08:28 GMT","end":"Tue, 28 Apr 2026 02:08:27 GMT"},"fingerprint":{"sha1":"D3:E6:88:D2:32:33:82:BC:6B:15:AE:D2:5F:F9:7C:98:4F:D1:F2:77","sha256":"0A:EB:33:EF:B9:5E:61:7A:62:8A:2A:45:7A:6A:59:9F:9C:13:DF:59:26:C0:C0:FA:A0:07:62:7A:33:70:96:4C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: airdrop.moonblrds.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://airdrop.moonblrds.org/\r\nCookie: sid=8b7809c7-8cb5-4fb4-a29b-c741a2a3b990\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.1\r\nDate: Sat, 31 Jan 2026 14:36:43 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0\r\nPragma: no-cache\r\nExpires: 0\r\nSurrogate-Control: no-store\r\nSet-Cookie: sid=8b7809c7-8cb5-4fb4-a29b-c741a2a3b990; expires=Mon, 02 Mar 2026 14:36:43 GMT; Max-Age=2592000; path=/\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":181400,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (58450), with CRLF line terminators","md5":"fab1e0742ff00b6c0ceb5e4fc42b5ee2","sha1":"50414b6a6c1e177db6885ee0cb0477ffde73c838","sha256":"195942ac1a7cc911f5ee1768dba5cc5793f7fe1d7d3ac6f147d555227a29e90e","sha512":"52365f8dd34ea0cd53162f26e6c87faf737df63569e9d97f42099517c9a57e0481193db7bc88aae4f3fdf7f5651da86cac7dec34e32ac3682bfc580ae7c6a299","ssdeep":"1536:nU64zU64cJznrCTEngeEjBxq7PoA5L0ze4fasQNv:nU7U8nGTEXEjBx8POje","tlshash":"7504a8ea1624be2d9c37e006965cb52c9b07f88a6a337df5d493253783c7ff2a41a414","first_seen":"2026-01-31T13:54:51.83487Z","last_seen":"2026-01-31T14:37:07.544718Z","times_seen":2,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":352,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"airdrop.moonblrds.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"airdrop.moonblrds.org/H7qYm3zu.php?s=%2F%40v1%2Fcdn%2Fjs%2Fdayjs.prod.esm.js%3Ft%3D29497836%26u%3Da3MCiQtOnZEmboRoGDY5NTNlZjc2YzYzZGU1YmE5YjdmNGZiYVFwn7o8tENxUJmjgQ","fqdn":"airdrop.moonblrds.org","domain":"moonblrds.org","tld":"org"},"ip":{"addr":"94.141.122.67","port":443,"asn":215826,"as":"Partner Hosting LTD","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://airdrop.moonblrds.org/","date":"2026-01-31T14:36:43.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"airdrop.moonblrds.org","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 28 Jan 2026 02:08:28 GMT","end":"Tue, 28 Apr 2026 02:08:27 GMT"},"fingerprint":{"sha1":"D3:E6:88:D2:32:33:82:BC:6B:15:AE:D2:5F:F9:7C:98:4F:D1:F2:77","sha256":"0A:EB:33:EF:B9:5E:61:7A:62:8A:2A:45:7A:6A:59:9F:9C:13:DF:59:26:C0:C0:FA:A0:07:62:7A:33:70:96:4C"}}},"request":{"raw":"GET /H7qYm3zu.php?s=%2F%40v1%2Fcdn%2Fjs%2Fdayjs.prod.esm.js%3Ft%3D29497836%26u%3Da3MCiQtOnZEmboRoGDY5NTNlZjc2YzYzZGU1YmE5YjdmNGZiYVFwn7o8tENxUJmjgQ HTTP/1.1\r\nHost: airdrop.moonblrds.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://airdrop.moonblrds.org/\r\nCookie: sid=8b7809c7-8cb5-4fb4-a29b-c741a2a3b990\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.1\r\nDate: Sat, 31 Jan 2026 14:36:44 GMT\r\nContent-Type: text/javascript;charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD, POST, OPTIONS\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Max-Age: 3600\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":641034,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"c835ce0aa761a791b29ba4c102a85e28","sha1":"828e40328ca8ff740f1090e6f63e170c1592a62c","sha256":"4ee6631554867dc1bfadbfe5f4b4ebf4cec5164ba142f8db92f840c2028496cf","sha512":"49cefc3ca9614cebafe201eef12b5cdebcdd19da6ab30f530d7a81a8ef91fca5f02eb63108b8056c2dbd4c22b8b337aae939a712f4a876bdeef21a1e2a9f3225","ssdeep":"6144:9ujB8gltIeTM5/S8g6zRhNgDzQebuazBzqXQPkBAUvVdZcml4L:ihltVM/g6ZszQeqazNqXQcBvK","tlshash":"29d4bcec970a167788cb97b6423363afef884d1a236b3c406ec19cd1574a74e53ea15c","first_seen":"2026-01-01T19:22:06.925398Z","last_seen":"2026-03-30T11:52:16.142566Z","times_seen":405,"resource_available":true,"data":null}},"time_used":1035,"timings":{"blocked":126,"dns":33,"connect":42,"send":0,"wait":648,"receive":134,"ssl":47},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"airdrop.moonblrds.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"airdrop.moonblrds.org//H7qYm3zu.php?s=%2Fjmpd%2F","fqdn":"airdrop.moonblrds.org","domain":"moonblrds.org","tld":"org"},"ip":{"addr":"94.141.122.67","port":443,"asn":215826,"as":"Partner Hosting LTD","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://airdrop.moonblrds.org/","date":"2026-01-31T14:36:44.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"airdrop.moonblrds.org","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 28 Jan 2026 02:08:28 GMT","end":"Tue, 28 Apr 2026 02:08:27 GMT"},"fingerprint":{"sha1":"D3:E6:88:D2:32:33:82:BC:6B:15:AE:D2:5F:F9:7C:98:4F:D1:F2:77","sha256":"0A:EB:33:EF:B9:5E:61:7A:62:8A:2A:45:7A:6A:59:9F:9C:13:DF:59:26:C0:C0:FA:A0:07:62:7A:33:70:96:4C"}}},"request":{"raw":"POST //H7qYm3zu.php?s=%2Fjmpd%2F HTTP/1.1\r\nHost: airdrop.moonblrds.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://airdrop.moonblrds.org/\r\ncontent-type: application/json\r\nContent-Length: 2207\r\nOrigin: https://airdrop.moonblrds.org\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: sid=8b7809c7-8cb5-4fb4-a29b-c741a2a3b990\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2207,"data":"{\"route\":\"8XUwkBv9vhPYfVpD1fxb7EC65sUXJdqr\",\"payload\":\"69DaZjpEspFVsgyfcd1UooMyLiFmwPP5zoRN7ijMJQYdwAj6e7ha78eKvWQzpyiCLmEhn6ofjJpmNnCRUGJg1jZzc6We3CwT3Qbvx4TQRpiyRe2tCTnT5CwV1aCLHkMo5R23tkqzGJQSKzTc6YpRvNFv4QPmtJkG8Z9XRB4QntmUrTu7truUTesDxvYz5D2CM1QeJpimkgUU6wME5Jy2AbC6YZHLPW5kfgQ6zgJnusoVksy5Z32JEwaMQcmGNdei71tCSGm8GJKFrkAwPyFiueMXZ2BWuQ4aPdGTtGt9mzPpApEcsXaYB4zsmXFSP7rXim9pR8yTwvKAZJVUZuWAv8XUkYSgbCDgusL8bR5hH4wwJ2nBGG1WWunvZpgE2Dm3WApvS1JQoUiGcYR22QbeERYR5UzsgMmsh4KkXA7uREa3W1qN5ykhYERdFDrrjkCdkcEZk11aerGiB13SRDAVq8QG7jgWKW1US92RCa5nGvghnr8k6RFz1gcJBGigeXiNqTKpgFLcnUsVqRyqmKPKzJW1sXZZsuxKoUmg7cpPsRB5g9BzsLUx6SdyLfcZr5TB76LHdyA4Kwvfw4P9EnroyKv9rjh3Lyk3NqMYXhavmDCgeNTmqKuaCfHB4UAEFPVdBDdhqgd8SNA8tJe8Ya4QEZrMEPy14kdBbx25KsE7PuEWAi9LJfh3m946kTheiySMp9srYT11nPAsoJMQzoZKHrL6SYYwCPzFhsnMEMTkRGtfcHdrcvuWdooimhbXBn2uJcP59v9AmeABWmFtqkxPHJUXPZqm3MXgxKbT2WKRgjuSU3QP6juLFYsjiC5qWVW7bksgSLQBS2QEF3xDN3Gvzs2DvpK7ybDGX2hBQghEXDX3aNfGpaUgdVSZdUWEpV3v4gNhzZRw2xc1uf9g2U5e3FoJuk2b8uqf5AoWD2dozZXqjvqyrBn93qScmxyXu5sSBJfn1t7e7xD5RiTQcdKUqsivnKf2eCPhbYBDtJdaSDerrxtFYNaHeKUW5E94KaCyCJCAMhNvsjvbG4a4RvHbaUfxVkDAxJSm4zyo9Ef2YSqWxddF5wrQnbUebAUveemiYtuYqcEgTTJKb5dC3Pea6JaGzbqoteEoJKDScLATyJr69RpAsWHSfQjmSmHk9LPeDXihjr8JopmJTLy8WfBuYtsZifLm7sAH3RDneiatsGqMY4knDZFnTkJdwJwc14vb25u8rr1ExjXLfGXQyPPNvv3NtDjo7VdbK6HgRGstHAJEU2weMVcHXBes29F83sP3hJFb8Z75nmvRm1HC7tVMg4qffgdivd8wtuuP7rZmdKwUzhYBanDT2NcBceWbAHLgXs8mfeXps3w6dyodgpqNFhsruN6bLF1ZrejnR5vZ4sw78HFs9aJ4poafAmRAv9QpMNisxJKmrJ2mAgYLm2a38MsiKjhZx6kFy5ARAK2wSTqMsnyY9LRKJt1j1BEKUUDdBbZmoaWkqmJkhznXKKMT5fRdjf1qp45SXV1mJiHEfjGJdtjxvuKY2zJGEsQK9iu9Vx26VTidR1ZXeEyRHMywBK2xWdcXNrAt4EmX8TwSEqkrRJUjU4mnh8F7teoXHuTkLFqDZ3vN12RoB6Fu3V6DMpAt1XDPuGGifihjkbHNa3Kr83ewaXZHWHXETv53i9rBGLsYgKVu2zCxdytNaBU5CfcQo3hRGbqUzUHNYnCgnfRTBHznTMZBxSf9HbqR7iztFsPvQPAefBwkKpGnQgjz3ReCQXgK4SHiddYDfztvcxz9m1LwHLGMnhzNjt3q5Acxe9LbvdUi7BKgaVGdGt63BriWUEK91XtGf46VLWnLtDR63JXYCUoZFaMWoaNKpn7ghro6mZdWbfiWzk42n3NALbj1xpMNp4TzmrDKB9GZs3sQsx2GEAhryxTqhb8vGc4vMkfMdTG7W6J1caJJ7qmNhiGsRm1ftkPib7XPzHCRPQbNRHdkcQEdyWq9rsV5a7UZ3v486F3QpXduds2LZv5X8SNkvrXpG4v1MEbbgZeFjCZnrx9AWdnq22yXQ8NhKTHnRfLdCRrs3ahQ9kCa1ZrPWXXypGzbqRptidqcviV28PJXSsJCLNPyGR7kkmJRzA1u4CbRhT3VKpBVNDmZHPCHiVkt3iaXZj3AaGY874\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.1\r\nDate: Sat, 31 Jan 2026 14:36:44 GMT\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 230\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD, POST, OPTIONS\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Max-Age: 3600\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":230,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c167755d0f3ed53cbf8ceb50e6e8a093","sha1":"c168dd1648ef1040029f4d75c5566fbb2adcdb6a","sha256":"22383e271a0b227108d0a024547ebf0fdca3c5909507f8ab422e8dce2b073909","sha512":"91412029c63a74e61718bac683636336bd402ed97aead7ec54853968f4600ee12b525f9b7f5aa469258d725451deacf875c968748048bcc213ca810044156acf","ssdeep":"","tlshash":"60d097ae898029547c81faadbda410b2051ba8de82c370ea5cc3a201d02002a80f8aa0","first_seen":"2026-01-31T14:37:07.547957Z","last_seen":"2026-01-31T14:37:07.547957Z","times_seen":1,"resource_available":false,"data":null}},"time_used":373,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":373,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"airdrop.moonblrds.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}