{"report_id":"b427ec1f-e7c2-4f29-ba93-b396da404ed0","version":6,"status":"done","tags":[],"date":"2026-02-01T18:33:39Z","url":{"schema":"http","addr":"moonbird-claim.com","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"moonbird-claim.com/","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"title":"MoonBirds | AirDrop","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"moonbird-claim.com","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-08T18:33:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-01","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"moonbird-claim.com/orion.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-01","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"moonbird-claim.com/","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"moonbird-claim.com","ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-01-29","domain_rank":0,"first_seen":"2026-02-01T18:15:32.220128Z","last_seen":"2026-02-01T18:15:32.220128Z","alert_count":18,"request_count":17,"received_data":5011231,"sent_data":8340,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"moonbird-claim.com/179d6f56-92e7-41ef-ac8b-66935f505adf","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f11bcdc7b7757c117a8de0db3a4c25b8","sha1":"962e4d08a960106c829d0f9d492d7b891927adab","sha256":"b60b89c0c92cf57329c8590a2c5540cece4def64e4e7bf04f2d39b8ffa3b2748","sha512":"7461553dadb09db423bda8c47a58f8cdade82aa710a0f4415cde912e7a88cd4471ea86aa58a2e5097c90e2cb45ac410104019c56a04c35955e827f0bb0796040","ssdeep":"6144:vkWGL6BSn5NGCk3zi0mCw8wLPNU2HZjGfty3:cjkSnv1k20mCwFnHRGfty3","tlshash":"1044810609ac4f7986ec22e015f72cc401794e0ad9dc3cbfb9ada1579e25bd6e0c279d","size":259964,"data":"","first_seen":"2025-07-13T03:04:16.940864Z","last_seen":"2026-06-04T05:28:11.313644Z","times_seen":5038,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/orion.js","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8256cac1bd4bdcddf5d245ee81fcc52e","sha1":"9a6dedf90a6703f3b2f4cdaecff3226bf689d201","sha256":"ab8c63dd12dd03136ccd032e5b3884c3d6fe72a9a36d8bca6bf99434332dd3bc","sha512":"2a46c67ddb2cb0c7680f68bd4d0e622ead7cc38a0c8034cade6f7bbde1a5c7c4bdce17e489646a28af1126b87c1f525d723f2592bacb4fff47001ab15727965c","ssdeep":"1536:9kaRasaz1dd527mjiIs113usHqBYLsVFX5saB:9kaRcz732aiIsVqBMs5saB","tlshash":"37b340d6594bd0d58e1a10edd077ec09e0681aa3cdacf183ba2cded2755df22884763b","size":107989,"data":"","first_seen":"2026-01-07T13:23:26.426463Z","last_seen":"2026-02-14T09:07:38.758383Z","times_seen":45,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-01","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"moonbird-claim.com/orion.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e7cedee5f4aabfe0f0a25596641b0073","sha1":"9e90df4076abbd3350295826c5ad3ec1856ffd56","sha256":"c2e60dc68f09c70895f8cb98a4a88e16cf3c691d5a96b9c93c3aab931eafc258","sha512":"17dc0e86fcd7af709d5ffb50d255169d2300566d30c2da4345505703e6a6ebf303df263db9561688753bc03af86b134ccfa9f763966f8612ef554be796d6c025","ssdeep":"1536:jQe6pw4biVcuVXdWAgB1PusH2DY7sX3lX56oH:Me6KBVcuVtWAgR2Do2X6oH","tlshash":"7fa340d59a4bd0e08e5a11edd077ed0ae0281aa3cdacf193b92cded1355df22c84753a","size":104467,"data":"","first_seen":"2026-01-07T13:23:26.460119Z","last_seen":"2026-02-14T09:07:38.76649Z","times_seen":45,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-01","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"moonbird-claim.com/","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"moonbird-claim.com/orion.js","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /orion.js HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\netag: W/\"697b20ef-1a5d5\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 1087\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=opIyB42OQZOhd%2FRMSlFobod3fmsVFuDWq2YZVQEAG3QyscwzTzjT2dxVlvrDRDC%2Bx5SSXGzcf6wDdBMKEyvxELeDWZ4LT3FZYR5aziy54njeiw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c73893edfdf0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":107989,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"8256cac1bd4bdcddf5d245ee81fcc52e","sha1":"9a6dedf90a6703f3b2f4cdaecff3226bf689d201","sha256":"ab8c63dd12dd03136ccd032e5b3884c3d6fe72a9a36d8bca6bf99434332dd3bc","sha512":"2a46c67ddb2cb0c7680f68bd4d0e622ead7cc38a0c8034cade6f7bbde1a5c7c4bdce17e489646a28af1126b87c1f525d723f2592bacb4fff47001ab15727965c","ssdeep":"1536:9kaRasaz1dd527mjiIs113usHqBYLsVFX5saB:9kaRcz732aiIsVqBMs5saB","tlshash":"37b340d6594bd0d58e1a10edd077ec09e0681aa3cdacf183ba2cded2755df22884763b","first_seen":"2026-01-07T13:23:26.426463Z","last_seen":"2026-02-14T09:07:38.758383Z","times_seen":45,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-01","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"moonbird-claim.com/orion.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/index_files/bafkreifesrdorgmwpy2zfrnzvqb5guc7petxirvf2v2vaxqntytmrwyyw4.png","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /index_files/bafkreifesrdorgmwpy2zfrnzvqb5guc7petxirvf2v2vaxqntytmrwyyw4.png HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: image/png\r\ncontent-length: 5394\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\netag: \"697b20ef-1512\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 56326\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OqwmBKE4RFEX8%2B5nm%2BLmMliWGS%2BIPbPdpQlcDS6Dpez2cMGxtRkgkqAG%2Br%2Bkk5IaeiNUB3ioDg%2F6Jk%2FXBcSiS183dQ0Q5cMcKkUV%2Fb%2FqPgomGw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9c73893eefe60731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5394,"size_decoded":0,"mime_type":"image/png","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 401x402, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"eef71258de7a12a58e89d1c68ef2e51f","sha1":"9e85a5060491bb5b0fbf1a9aaef60dab9db26e95","sha256":"f072f55ffb215073c0978c77ed3be187fec4a05c6c0e60b8ff93af31038a2518","sha512":"1285a7ae2bf1b1a461930421a28bbde59f5870ce8eb56024d42af3b3cbd8200f2483c63a1c94162209b4fdf53f58dc7a4fbe83dcb9d3a69fb7366aa5005615d0","ssdeep":"96:bc9zQiAcqa5i9427nNZAtmWdFPFcjUI2uwOpT44H6jJ10khmd4nZAhwusX0+b:46b/f9xYtmWbFc/2IT49jztHb","tlshash":"b8b18d070997883a3c8b36afdd7006644304896f9e385bddf466c732862da53062ed9f","first_seen":"2026-01-27T11:12:46.141967Z","last_seen":"2026-02-14T07:55:45.650171Z","times_seen":18,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/css2-1.css","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /css2-1.css HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 1087\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EBg7CI41mtBjWq%2BY7sFVrUB01sWQqHS2ZRZlNvu0MvxPjZ8r%2FWbqgoJRQ4%2FxY8Xa9Nq57FGH3NTBVv5Gw4fRx6s1e%2FWWfDj0f80NHdaajnya9w%3D%3D\"}]}\r\npriority: u=2,i=?0\r\ncf-ray: 9c73893ff8500731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T14:34:26.731673Z","times_seen":16242055,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/index_files/bafkreifesrdorgmwpy2zfrnzvqb5guc7petxirvf2v2vaxqntytmrwyyw4.png","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /index_files/bafkreifesrdorgmwpy2zfrnzvqb5guc7petxirvf2v2vaxqntytmrwyyw4.png HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: image/png\r\ncontent-length: 5394\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\netag: \"697b20ef-1512\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 56326\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2kFiD4n4x77sdfNdnncypuEpXuBPnA%2B1PwdF0TjjKjZxxa2sToKLKx3%2BPHbxhv6c6P2723D3b7TltHER9wtj49XNsYO8MnGvsBSi7MmpmLWFJQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9c738940987e0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5394,"size_decoded":0,"mime_type":"image/png","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 401x402, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"eef71258de7a12a58e89d1c68ef2e51f","sha1":"9e85a5060491bb5b0fbf1a9aaef60dab9db26e95","sha256":"f072f55ffb215073c0978c77ed3be187fec4a05c6c0e60b8ff93af31038a2518","sha512":"1285a7ae2bf1b1a461930421a28bbde59f5870ce8eb56024d42af3b3cbd8200f2483c63a1c94162209b4fdf53f58dc7a4fbe83dcb9d3a69fb7366aa5005615d0","ssdeep":"96:bc9zQiAcqa5i9427nNZAtmWdFPFcjUI2uwOpT44H6jJ10khmd4nZAhwusX0+b:46b/f9xYtmWbFc/2IT49jztHb","tlshash":"b8b18d070997883a3c8b36afdd7006644304896f9e385bddf466c732862da53062ed9f","first_seen":"2026-01-27T11:12:46.141967Z","last_seen":"2026-02-14T07:55:45.650171Z","times_seen":18,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/css2-1.css","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.348Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /css2-1.css HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 1087\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6xFCHonwmykVPTenLXLN6YOgO9Fw9EWihPxe70CxXHHanK1pgM7lT3NGC1RcD4JXPYfOGLNqsmWZNG3EP%2FGuK8qWKrXKP1K0pkk5CZixLxwSTg%3D%3D\"}]}\r\npriority: u=2,i=?0\r\ncf-ray: 9c73893eefe50731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T14:34:26.731673Z","times_seen":16242055,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2 HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/index_files/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 1087\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a8psvIb5J0ct%2Bnh4SZOB0dRIuOU4bhWFtRW1vEjinEx3Ujje6QpH%2B7t46uvVSJ%2BffrCbiB%2FmWiSMu0Iypue98CB3j0Tcia%2F619HdFREACRVxPg%3D%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 9c73894058720731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/secureproxy?e=jscdn/getFile","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"POST /secureproxy?e=jscdn/getFile HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://moonbird-claim.com/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://moonbird-claim.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"eo2upuit3j1bi7kc0oxl\"}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:16 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding, origin, access-control-request-method, access-control-request-headers\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q3jM6qXZejQKzm1T7lSN%2BaLctMTR2U8hNJuZVyQOR6F4wzRVxSvEY1ViaKVJE9mFXoep7TKYWUfThTyzMpDUzPmjRcv6gqJe7Z53rBcd3AgMIw%3D%3D\"}]}\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\npriority: u=4,i=?0\r\ncf-ray: 9c738940d8d00731-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4257808,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"43f977d5dc70e3cdccc4381def0b299a","sha1":"e9ba4bd00c575e1dfaa5408a4cb01f1e4660cdf5","sha256":"31faf11dee5c83e3f1385a36e7edef165429ddbbb0c84a6e6d40cd0e12d7707d","sha512":"4fcc84eefe710eaabd47bc7bef4b42a06a91021e3a0a8cd635a233ac0d9c4b219c9631424c6ca1157fb144366f699ceba254fcc9175332527aea3a0c0e7fa331","ssdeep":"24576:R+dIgaNO8RxlIyClSvBrwuGBtIDPFNM3/OqplD/qrhPHmy:R+dIv/BILQvBYgN29pl+rhPHH","tlshash":"902522d7d583d0e23311ca2ab7e26fc935ba40de195a22331264ecd610db52b877cfa1","first_seen":"2026-02-01T18:15:36.288534Z","last_seen":"2026-02-01T18:33:40.178411Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1518,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":790,"receive":728,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-01T18:33:15.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HU0lsMQBt4AKjtonr7RS9E6K9pzF9CjWcL49f3oRHPXMqSuxGDiOmcxxjC9ck4M2dPPDmjLIF1MsXMfaBdX8pxdUe0ty29tDGeOwUrzOLKM%3D\"}]}\r\nage: 56665\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9c73893d5c7db51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":94,"dns":61,"connect":1,"send":0,"wait":23,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/index_files/css2.css","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /index_files/css2.css HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\netag: W/\"697b20ef-1833\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 1087\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FReSU%2Fbqe%2FdJiF02DxrEoWEG87brzrwRGfUQM%2FYTZ6sRox7VPyvcf9i7IP1j4tlpPsEFwa9hWpaGnmmfzLR7VhVvcvsv3uSGmHh7Ynp9fnN1QA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c73893edfe00731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6195,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"091a432ce5732c51a183d557901b2425","sha1":"59f1739cbdc6040616f9e4eb170b9bbd3e133d3a","sha256":"2932a0893c6528b13291ff909d3a5b368013a206e3b519e9471c8e104a4ddd20","sha512":"96bd8044dff1a0abcb0c02fe30fe5ae41128ad3e382c8a22cf844d8d38a88081c2ff4114c439d5a6becd2af49c9a4fd679e78a46c63b643fc3274ea403508f97","ssdeep":"192:fTPUZm3KuJxZTk/mm3thJ+UTpm/m3o8J3k:rxDOZjc","tlshash":"56d19d91042f500063971cd663ce3f365edd6148a049da783ffd1c9aaceadba53a174d","first_seen":"2026-01-27T11:12:46.13403Z","last_seen":"2026-02-14T07:55:45.651285Z","times_seen":16,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2 HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/index_files/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 1086\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FfPVngBPUiNu5Pt3CVv8wHQibshIpBB9YWI44siO524zU6WfNIu39UlNuTGCEcEZnm4sch9qyaCTxTMh5n0ge0C8amTVmCTOInq9vy%2FrA5%2B77A%3D%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 9c738940386b0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.582Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2 HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/index_files/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 1087\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UiHVvj4ocfoGZ6o1n8uVYAo2yxx6tPL74su%2Ft6q%2BKI4s96JvxYZhQR7QShA%2BQTZk6h7oyL1zgj4oTXtQhGmBW5sFJT3pPADS68jgDJpbMteKtg%3D%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 9c73894058730731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.591Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2 HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/index_files/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 1087\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xcgR78iLSI5jY3wnj9DbkOiW7ZTxYhPRWawPSTiq5yEdCTbSe7oecLGMi8v0Cr4U3UFrtUS%2FEbYmU2U3vx41oJJs3AvSB735sv4aGFnl09ciew%3D%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 9c73894068760731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/index_files/9dlxd.css","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /index_files/9dlxd.css HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\netag: W/\"697b20ef-18c3a\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 1087\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rt4qJHN3luxe48rnGc0GUZlSCNVMrCVb6%2FhM8lsE4alH7ZsDWQtDhtJcwJrG9vRpjqOAJwMbikU40i4B2xzREmG1j4cJ1EH6HJsTzVBs6sJZJA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c73893edfe10731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":101434,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (41066)","md5":"77edadcee2aadfb1c573c6849e6b6f4b","sha1":"1781c815f6fd6dfc75312cfb2e99709fcffccc3c","sha256":"dd61f2d3bf2b0a2b6f31242ec61888313fa8dced5eed31e9c67e243bbbf08ff9","sha512":"6af29a86d492ab85e8945bee153b9340698ea27738f8aea5e739c970ec579813452f119599e4a86c96be3ba31ee810b02aa55010915eabb752975cdcd2a140cb","ssdeep":"1536:PMCMPMCMjMCM4MCMwMCM3sVMX70vebPMKXSFPTytGuCprfZC8:q70vedCFbytGuCpfZC8","tlshash":"cfa3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2026-01-27T11:12:46.140606Z","last_seen":"2026-02-14T07:55:45.654268Z","times_seen":16,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/index_files/skfhx.css","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /index_files/skfhx.css HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\netag: W/\"697b20ef-493e\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 1087\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fY19KMjsiQAbDQEeGa1Zz3nVfHT6ZiTK%2F2VcQ5%2F7BzYODCpovA8iFB6NGkGpVA8MoQRMmHm4kDVoU05qmwAnNg6DReEtbI9iQDNvzSTao3Gf6A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c73893eefe40731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18750,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"82aef9a3e1c80478f5323ae7a8ae7668","sha1":"7eb9f4a4d04cba5dca28002dada802abf4c42974","sha256":"5d3197ca298eb840cb43e77bf3fbb6c75bfa01280d4975ba225004c5da5c3934","sha512":"de21db733b730f86bd48a3d43aad885bd42e8166878800363d83bc4673165514a20753ac166c3ee70bb8667eacb69e9f6da7cc1a0c1eedc962318d9899b8fc19","ssdeep":"192:uS6ipGfMckARAjQl+7BNL8k/83Vt5uwrfaTcboz8Dd3AY5UtkJdeENMCKUC0hHv2:adDFuBJ9/GTjvd6bUHyV","tlshash":"018206d2276950247d3bf5582ba79b4db3a8e042990aca7d7bd4206c5fc93ec11e3b4c","first_seen":"2026-01-27T11:12:46.136264Z","last_seen":"2026-02-14T07:55:45.650736Z","times_seen":16,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/index_files/partners.svg","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /index_files/partners.svg HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/index_files/skfhx.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 1087\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=61fTITp39eBjQWTDuUalqfk2K1B205wrNFi8nsjZjcvCnPQ38UaH9qahXKUknXay%2F5HG1%2FagG0XERzbd%2Ba0C6G25y%2B9CUXG4E0aV8%2FXcMdoWrg%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9c73894028680731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.567Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2 HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/index_files/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 1086\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7tVZ6sRYx7xLt2DURz9lFAPn4k0GpGAKbxRTmCjqPzqJ3jqCZA8NII9toUeEnetCFuJEBcwX9u6ryd%2FPwu%2B8w1f8v63zWGwEKFkDp5E55Hu1kA%3D%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 9c73894048700731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moonbird-claim.com/index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2","fqdn":"moonbird-claim.com","domain":"moonbird-claim.com","tld":"com"},"ip":{"addr":"172.67.217.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://moonbird-claim.com/","date":"2026-02-01T18:33:15.585Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moonbird-claim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 07:59:44 GMT","end":"Wed, 29 Apr 2026 08:58:15 GMT"},"fingerprint":{"sha1":"A5:DB:A4:AC:F3:FC:07:3F:6A:2A:08:D7:9B:B3:44:AA:97:F5:57:F4","sha256":"23:4C:CA:18:CA:28:A2:1C:B5:C9:E8:19:7B:D3:4F:57:B0:93:B6:E8:B5:45:01:8C:9E:9D:21:24:D5:58:CC:58"}}},"request":{"raw":"GET /index_files/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2 HTTP/1.1\r\nHost: moonbird-claim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moonbird-claim.com/index_files/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 01 Feb 2026 18:33:15 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 08:57:19 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nage: 1087\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bPVTWbZfApbrjUFlvGYbAjl0mfUdK2Uz%2Fz73ddKI3jHQw8TUDvgZI236f3gg%2FbanrAEPR0S5OG7zOTXVNRrPyPnjzarMIiv3dPx0sWncNWk7KA%3D%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 9c73894058750731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":61577,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5917)","md5":"f84452232546802724545e5435f70482","sha1":"73005b6d68438bab0b9fb3b5125d4bba4826c8e0","sha256":"dbd6299d73a2b622bbd41aeefcdc4da51b33e8ed397538c979800b87cf95c8f9","sha512":"6207a59ba2782ea8c097726f82b8fb6a7a6bd9c18a7d7cb46de6fbd05762c61da7ddff0449b23a3897718fe613844461c252719bf6856ce2fb699487acfb870f","ssdeep":"768:NmdfBORoDkF+gYra8gFvAQFPR/AN2t4qJHSTzaFqJZpKdrh+b9qRhZ69TROpN689:ABVJxyAO","tlshash":"88533fa0b8a1983b345391df3bc64e5f7ab9a413cc26b204b6fd45c14f96dfa9ca3414","first_seen":"2026-01-30T05:45:18.705274Z","last_seen":"2026-02-01T18:33:40.177786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-01","alert":"Sinkholed","trigger":"moonbird-claim.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}