{"report_id":"f915af8e-76fa-4f1c-a864-0dcb073ca08c","version":6,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-01-31T14:56:18Z","url":{"schema":"http","addr":"claim.moonbirds.finance","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":0,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"claim.moonbirds.finance/","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"title":"Birb TGE","dom":{"size":17366,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3799)","md5":"be1a365560be526afa44b48c6276fd7b","sha1":"6945f28f6d4d8a6db2c8a65492e0c2476e15a2ba","sha256":"31997b8c6347c864bce584e2917cfe463408305b0a26f14d6305ad5b34993225","sha512":"d96be0c7d9d44d0f9f81666e73ddd26eb4abfffef967b2535ff03de17c944b4d1536aae528be908960cc6771b74cfc9151bea1cffd60417806d963fd10d63626","ssdeep":"384:AR5Aoy/LW/qsNJvhql270mSAPs/HMkAozoCmC:AR+oy/LSNPqE7NSAPs/H9vzoC9","tlshash":"c972e8398bd1023b955bd1bdbfe2e8063974c403d60bde0d75eca1529f8cce4c9aa649","dom_hash":"domhash8f3735aa9fb611dc7fc1e6c92d037777","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"claim.moonbirds.finance","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":0,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-07T14:56:18Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-01-31","alert":"Detects file containing Telegram Bot API","trigger":"claim.moonbirds.finance/wallet-modal/wallet-modal.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"claim.moonbirds.finance","ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-01-31T13:58:35.747082Z","last_seen":"2026-01-31T13:58:35.747083Z","alert_count":38,"request_count":12,"received_data":502498,"sent_data":5677,"comment":"","tags":null,"fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]},{"fqdn":"claim.moonbirds.com","ip":{"addr":"216.150.16.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2002-03-22","domain_rank":0,"first_seen":"2026-01-30T04:23:47.957524Z","last_seen":"2026-01-30T04:23:47.957524Z","alert_count":0,"request_count":1,"received_data":85055,"sent_data":461,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"claim.moonbirds.finance/wallet-modal/wallet-modal.js","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"md5":"dc532fb25f8690a999f97e2259737d12","sha1":"6d8111467bdee7ce4fc03eb1c89211474f639257","sha256":"b1fe306fa722407fdc9f9abe6a6f5f365b9d82ab0ad5dd611c37a466c4be5c30","sha512":"5cc4d1b30aed2d681de41af13991b06789172faf817698b6465ae53da82cd6423b8faf7c5f820e9f0b6f2383d2337c162668cc288d2a7a2f57e11a804d2783dc","size":19744,"token":"8514680998:AAEn9kptYqgE6Gq466py53X7QUWZe9yVf34","is_revoked":false,"bot":{"token":"8514680998:AAEn9kptYqgE6Gq466py53X7QUWZe9yVf34","user_id":"8514680998","username":"Discordeye_bot","first_name":"DiscordEye","last_name":"","chat":{"chat_id":"-1003719922560","title":"Active","type":"supergroup","bot_is":"administrator","total_users":3,"active_members":null,"admins":[{"user_id":8514680998,"username":"Discordeye_bot","first_name":"DiscordEye","last_name":"","is_bot":true},{"user_id":6143472987,"username":"joejuan","first_name":"Tommy","last_name":"","is_bot":false}]},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"claim.moonbirds.finance/wallet-modal/wallet-modal.js","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"dc532fb25f8690a999f97e2259737d12","sha1":"6d8111467bdee7ce4fc03eb1c89211474f639257","sha256":"b1fe306fa722407fdc9f9abe6a6f5f365b9d82ab0ad5dd611c37a466c4be5c30","sha512":"5cc4d1b30aed2d681de41af13991b06789172faf817698b6465ae53da82cd6423b8faf7c5f820e9f0b6f2383d2337c162668cc288d2a7a2f57e11a804d2783dc","ssdeep":"384:cqacyDpgxI1kiZT2ecU5bg0I2ESzVN1FeKGoze76hvnGpRSx2bfXyAB:PacyDpgxI1kiZT2eckbggECVBG4uQbYT","tlshash":"8392ea88a3f51732a18753ba6a17517c3721d8439808de3477ec8b696f42d5c8cb3ac9","size":19744,"data":"","first_seen":"2026-01-31T13:58:40.150898Z","last_seen":"2026-01-31T14:56:19.657338Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-01-31","alert":"Detects file containing Telegram Bot API","trigger":"claim.moonbirds.finance/wallet-modal/wallet-modal.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"claim.moonbirds.finance/","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"a75196ea4a18e785a58db804b8d3bb64","sha1":"3f4e70f4c25efbf10fa4f53caeaae1e96bb2c42c","sha256":"1c77edb1c2c6bfaea79893fef4f62507d398d4d0fbc32073ab46173fdbb21ee9","sha512":"35fea17db31112526b4d860d96963bb634b54a5e7dd4c350410d4c0e5cc1525dabf8153c5bbe7c4cf05a9297416bac6e23f9e4ba0c0c28d1ffcfaebe9e6fe108","ssdeep":"","tlshash":"b3e0c2ae66b635b0023bf23f130fe68935b200873008cd163d0c4dda0f64e2828f19d5","size":334,"data":"","first_seen":"2026-01-31T13:58:40.171737Z","last_seen":"2026-01-31T14:56:19.673604Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claim.moonbirds.finance/","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f5b767c078c6813816231552aca1d562","sha1":"34f99579b527c24b3a5af82abb42079a0d3e1a51","sha256":"c17d50bae5a02a35e0ae5d0005c694495952f093629bb5193c668070161b0f7a","sha512":"7b4aed1d33c4891894a556505047a8f7afd72efc1c30c064b5a428fac50a5475e895f3937869de6d047128910d762069084c41d12fbacecffd43cd98e84b2e48","ssdeep":"","tlshash":"70c0125d7010696614ce687d4ccf088ebe368812a20809c999dcd4547bb1e6c42e484c","size":185,"data":"","first_seen":"2024-04-08T19:47:46Z","last_seen":"2026-04-25T07:20:44.07937Z","times_seen":627,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claim.moonbirds.finance/","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"895f526ab37305311d1e998fa4d5a6e8","sha1":"06d0220830c81bf254c70552e908371c6dc1f18f","sha256":"90916b8b1fb2fbbd765a22eba866c30d8829f59aa2d7ee86869abd20207b2117","sha512":"6b087d2e2025f4d11073254448b124af8839ce24ff37eb45bf2fd1a2b66bee8fd4fdca2b4d23c08786d217dd71dbc660d1054b7876b37752dee3baaefdaeaa4e","ssdeep":"","tlshash":"2871bc3beb00173bdc8fa9fdced5b4c02e62497262496960691ce102a16cd7487bed88","size":3743,"data":"","first_seen":"2025-08-14T22:47:51.287187Z","last_seen":"2026-04-25T07:20:44.080196Z","times_seen":1259,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"claim.moonbirds.finance/Oscine_Trial_XBd.woff2","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claim.moonbirds.finance/","date":"2026-01-31T14:55:58.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim.moonbirds.finance","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 02:52:49 GMT","end":"Fri, 01 May 2026 02:52:48 GMT"},"fingerprint":{"sha1":"27:99:55:A0:8F:67:B1:D4:1B:90:C4:02:E7:0C:DB:36:DC:14:90:F8","sha256":"7C:BD:D0:FA:B4:69:30:35:97:5C:DC:EE:42:FE:F3:9F:62:4F:7A:54:8C:F6:47:63:01:33:18:AB:85:35:0E:35"}}},"request":{"raw":"GET /Oscine_Trial_XBd.woff2 HTTP/1.1\r\nHost: claim.moonbirds.finance\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim.moonbirds.finance/8c6ed6e883426467.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 07 Feb 2026 14:56:08 GMT\r\ncontent-type: font/woff2\r\nlast-modified: Fri, 30 Jan 2026 19:43:53 GMT\r\netag: \"e4ac-697d09f9-e240dfe6dd616258;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 58540\r\ndate: Sat, 31 Jan 2026 14:56:08 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":58540,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 58540, version 1.0","md5":"d4a87a43708f045f346881c233c0e9fa","sha1":"c9cd2d99e62eaf68aad9262677785dfd6f1c0a1f","sha256":"245148074fae888a7692022cac9f434b1a055b32a42847115429ee02fa8fcf44","sha512":"79349b8a3006dda113b12bf457789416bb1826d059c14659d95c7607b9a842e86532dcfd7bd3cc8e23823091cf3937e04c2c4b03e97bc59e5ef784ec95eca3ae","ssdeep":"1536:4FghklrNNn/pTShOAa1dIFcOqbBRZCb/VrT1xXbX/r:4FoklrNpRcqVOqbjEVX1xXbr","tlshash":"3843028a82aac537edd48a706e97c6613b24dc90d0c736a0611715a0b7d07bcd22fafc","first_seen":"2026-01-30T05:56:59.896578Z","last_seen":"2026-03-04T19:03:33.14626Z","times_seen":7,"resource_available":false,"data":null}},"time_used":469,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":461,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim.moonbirds.finance/logo_bird-home-1.png","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://claim.moonbirds.finance/","date":"2026-01-31T14:55:58.281Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim.moonbirds.finance","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 02:52:49 GMT","end":"Fri, 01 May 2026 02:52:48 GMT"},"fingerprint":{"sha1":"27:99:55:A0:8F:67:B1:D4:1B:90:C4:02:E7:0C:DB:36:DC:14:90:F8","sha256":"7C:BD:D0:FA:B4:69:30:35:97:5C:DC:EE:42:FE:F3:9F:62:4F:7A:54:8C:F6:47:63:01:33:18:AB:85:35:0E:35"}}},"request":{"raw":"GET /logo_bird-home-1.png HTTP/1.1\r\nHost: claim.moonbirds.finance\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim.moonbirds.finance/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 07 Feb 2026 14:56:08 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 30 Jan 2026 19:43:53 GMT\r\netag: \"2eb0-697d09f9-8ec8d533d5bae1ef;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 11952\r\ndate: Sat, 31 Jan 2026 14:56:08 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":11952,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 168 x 148, 8-bit colormap, non-interlaced","md5":"f13114fd994c20030be7ecd242870041","sha1":"18dc87eff270f1dd3f2cbdf049db4d9d75906a30","sha256":"5dc5f6327e915ac5c904e113c7f316f59adc2624021e87c35ee3eebd426b4fa4","sha512":"4642dff77c75590691a5a5a53f92d84485a854126c66cf9855ce42b7c3435d5ea43c4da2e47ed87cb517a5dff42ffe29fca6eed6bfa53a07f162dc895a9b84af","ssdeep":"192:LaSdg4L0o2k14iN+ALAZmJX1cz4q7nRaUckZKrvy7mYTLi1UIq4/ZFlvBzTy:LV021b+ALA+Xiz4fRrvy7HTLi1UIq4/G","tlshash":"2632b0d759f878e278e2429cd75e80f40adabf6ba526c35c24a4c0451f8c1f219ade98","first_seen":"2026-01-30T04:23:55.375642Z","last_seen":"2026-03-04T19:03:33.152508Z","times_seen":83,"resource_available":false,"data":null}},"time_used":451,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":451,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim.moonbirds.finance/","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-31T14:55:57.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim.moonbirds.finance","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 02:52:49 GMT","end":"Fri, 01 May 2026 02:52:48 GMT"},"fingerprint":{"sha1":"27:99:55:A0:8F:67:B1:D4:1B:90:C4:02:E7:0C:DB:36:DC:14:90:F8","sha256":"7C:BD:D0:FA:B4:69:30:35:97:5C:DC:EE:42:FE:F3:9F:62:4F:7A:54:8C:F6:47:63:01:33:18:AB:85:35:0E:35"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: claim.moonbirds.finance\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 30 Jan 2026 19:43:53 GMT\r\netag: \"4884-697d09f9-850887bc226f19c1;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 4673\r\ndate: Sat, 31 Jan 2026 14:56:08 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":18564,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (3795)","md5":"e071ee0e5f9ba2bd935ffdee72bbd19b","sha1":"f32aa458904f505bc4bd32bf3ea5c5d1393cb789","sha256":"ed4ba1cc30101022e241c179c20842e5a98498c26eb6714bfda6d3430369432f","sha512":"11fb7599721ea957f69755bb4c25e3b40f4dad00b608c468a471beabca77a60ea6c039d57ca379a60a2bd4db6ff634cce500e56b686d5e5125d7edfec43cdc53","ssdeep":"384:qR5eoy/LW/qsxLHxwloV0mGUzOM8aMkAozoCmtM:qRgoy/LSx1wCVNGUzOM8a9vzoC5","tlshash":"a682f9385b91023b955bd1bdbfe2e80a3974c403d60bde0d75eda1529f8cce4c8aa649","first_seen":"2026-01-31T13:58:40.161109Z","last_seen":"2026-01-31T14:56:19.655635Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1052,"timings":{"blocked":475,"dns":267,"connect":99,"send":0,"wait":102,"receive":0,"ssl":106},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim.moonbirds.finance/wallet-modal/wallet-modal.css","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://claim.moonbirds.finance/","date":"2026-01-31T14:55:57.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim.moonbirds.finance","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 02:52:49 GMT","end":"Fri, 01 May 2026 02:52:48 GMT"},"fingerprint":{"sha1":"27:99:55:A0:8F:67:B1:D4:1B:90:C4:02:E7:0C:DB:36:DC:14:90:F8","sha256":"7C:BD:D0:FA:B4:69:30:35:97:5C:DC:EE:42:FE:F3:9F:62:4F:7A:54:8C:F6:47:63:01:33:18:AB:85:35:0E:35"}}},"request":{"raw":"GET /wallet-modal/wallet-modal.css HTTP/1.1\r\nHost: claim.moonbirds.finance\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim.moonbirds.finance/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 07 Feb 2026 14:56:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 30 Jan 2026 19:43:53 GMT\r\netag: \"3270-697d09f9-34308bf4be1b4960;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2191\r\ndate: Sat, 31 Jan 2026 14:56:08 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12912,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"2a90e22d0502c1c4ad0e55326fdb24ad","sha1":"94d8b8930d1674014f37fe4a1ad5e427f056aeeb","sha256":"b9e2ec35d8ee15a0d666f6b8eaf6b33da1942b77d3880ada48217d9f088adb7b","sha512":"b8dc4fe5e8f5efea68721cec2f73815d2e8925ea628701b54c480b62a245fb15e7e37ea136e755f1d6d0f263f2cbf4c48a1eba2133e67d20eef427fc8915e8b2","ssdeep":"192:a47w6q6en4lmzkCMcsaB4eh8qQ9k4pRY68K5My1+4602rkJLdr0atVG8:aEq6ehBAz9k4piimK+3AJLdr0afd","tlshash":"f6421ed27bb92100f81fe66864929f596319d443c10eeebd3fe0201d9ec82d569b6f9c","first_seen":"2026-01-31T13:58:40.163297Z","last_seen":"2026-04-05T14:28:49.993627Z","times_seen":3,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim.moonbirds.finance/wallet-modal/wallet-modal.js","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://claim.moonbirds.finance/","date":"2026-01-31T14:55:58.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim.moonbirds.finance","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 02:52:49 GMT","end":"Fri, 01 May 2026 02:52:48 GMT"},"fingerprint":{"sha1":"27:99:55:A0:8F:67:B1:D4:1B:90:C4:02:E7:0C:DB:36:DC:14:90:F8","sha256":"7C:BD:D0:FA:B4:69:30:35:97:5C:DC:EE:42:FE:F3:9F:62:4F:7A:54:8C:F6:47:63:01:33:18:AB:85:35:0E:35"}}},"request":{"raw":"GET /wallet-modal/wallet-modal.js HTTP/1.1\r\nHost: claim.moonbirds.finance\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim.moonbirds.finance/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 07 Feb 2026 14:56:08 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Fri, 30 Jan 2026 19:43:53 GMT\r\netag: \"4d20-697d09f9-7695487ad6072adf;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 6203\r\ndate: Sat, 31 Jan 2026 14:56:08 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":19744,"size_decoded":0,"mime_type":"application/x-javascript","magic":"Unicode text, UTF-8 text, with very long lines (4511)","md5":"dc532fb25f8690a999f97e2259737d12","sha1":"6d8111467bdee7ce4fc03eb1c89211474f639257","sha256":"b1fe306fa722407fdc9f9abe6a6f5f365b9d82ab0ad5dd611c37a466c4be5c30","sha512":"5cc4d1b30aed2d681de41af13991b06789172faf817698b6465ae53da82cd6423b8faf7c5f820e9f0b6f2383d2337c162668cc288d2a7a2f57e11a804d2783dc","ssdeep":"384:cqacyDpgxI1kiZT2ecU5bg0I2ESzVN1FeKGoze76hvnGpRSx2bfXyAB:PacyDpgxI1kiZT2eckbggECVBG4uQbYT","tlshash":"8392ea88a3f51732a18753ba6a17517c3721d8439808de3477ec8b696f42d5c8cb3ac9","first_seen":"2026-01-31T13:58:40.150898Z","last_seen":"2026-01-31T14:56:19.657338Z","times_seen":2,"resource_available":true,"data":null}},"time_used":115,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-01-31","alert":"Detects file containing Telegram Bot API","trigger":"claim.moonbirds.finance/wallet-modal/wallet-modal.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"claim.moonbirds.com/assets/icons/favicon.png","fqdn":"claim.moonbirds.com","domain":"moonbirds.com","tld":"com"},"ip":{"addr":"216.150.16.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claim.moonbirds.finance/","date":"2026-01-31T14:55:58.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim.moonbirds.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 29 Jan 2026 10:24:32 GMT","end":"Wed, 29 Apr 2026 10:24:31 GMT"},"fingerprint":{"sha1":"E9:AD:BD:2E:7F:DA:80:91:75:AC:E5:5C:C7:E1:44:B1:4C:71:AF:C4","sha256":"34:2F:08:62:D6:D0:86:D1:83:E4:8C:F5:87:DD:F6:60:5A:8B:04:FE:99:6D:31:13:6D:99:09:6A:C7:0E:57:91"}}},"request":{"raw":"GET /assets/icons/favicon.png HTTP/1.1\r\nHost: claim.moonbirds.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim.moonbirds.finance/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 22206\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline; filename=\"favicon.png\"\r\ncontent-type: image/png\r\ndate: Sat, 31 Jan 2026 14:55:58 GMT\r\netag: \"832b2c60fcd953f15828d8369e9b1e50\"\r\nlast-modified: Sat, 31 Jan 2026 08:45:52 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-matched-path: /assets/icons/favicon.png\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::cpjck-1769871358342-41a0f4c714e5\r\ncontent-length: 84497\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":84497,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 698 x 626, 8-bit/color RGBA, non-interlaced","md5":"832b2c60fcd953f15828d8369e9b1e50","sha1":"720631529f976c033b099f874f90475065e30969","sha256":"62d94607452a6775fb7643edb97821476c6ab1458632953972a007649eda4749","sha512":"2ad5c906febde346be65504f622d4a4633d3711feba8002ab3f172276dd1fd85f947118ab554c0efbb8b3874ee1d5792be2eb978d2acf064e8784122eb585c9a","ssdeep":"1536:acvst2+Edoyy8tgnv3Cxof+CuUJblB73lw4GOBYQ/kN/z1TrHn3:rILy/anH+RUJblB73l0+YTr3","tlshash":"c68302d73014f5a25ce0247a2d9b23240fd258bd48c1fe7adf8a6d63afd4348e91e0a5","first_seen":"2026-01-30T04:23:55.370675Z","last_seen":"2026-03-04T19:03:33.14177Z","times_seen":83,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":65,"connect":1,"send":0,"wait":17,"receive":12,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claim.moonbirds.finance/Oscine_Trial_Rg.woff2","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claim.moonbirds.finance/","date":"2026-01-31T14:55:58.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim.moonbirds.finance","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 02:52:49 GMT","end":"Fri, 01 May 2026 02:52:48 GMT"},"fingerprint":{"sha1":"27:99:55:A0:8F:67:B1:D4:1B:90:C4:02:E7:0C:DB:36:DC:14:90:F8","sha256":"7C:BD:D0:FA:B4:69:30:35:97:5C:DC:EE:42:FE:F3:9F:62:4F:7A:54:8C:F6:47:63:01:33:18:AB:85:35:0E:35"}}},"request":{"raw":"GET /Oscine_Trial_Rg.woff2 HTTP/1.1\r\nHost: claim.moonbirds.finance\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim.moonbirds.finance/8c6ed6e883426467.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 07 Feb 2026 14:56:08 GMT\r\ncontent-type: font/woff2\r\nlast-modified: Fri, 30 Jan 2026 19:43:53 GMT\r\netag: \"dad4-697d09f9-d9d02b91a262a8f0;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 56020\r\ndate: Sat, 31 Jan 2026 14:56:08 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":56020,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 56020, version 1.0","md5":"f4a7d69390e37be3c8e07333b457004c","sha1":"e022d34d97e22a4a979a08204d4b48e129cd6663","sha256":"c1e49a25661d8acab90823c5be34c79750e0d45b2b8b094f58962f78fb943ce9","sha512":"7cef968728b7d19827ad543068506703de88d006c3a4d7fb6963c4fdb8b8ae7c4899a6552a75dd6b09a60d51e4673c9d7d27955e93d00cc9992576b16bf980ae","ssdeep":"768:Ni0bfc540daZ1hKmQKpphJjI0j1VW3YdgCucobva8viut7DJOKhVXhgsZmi0:NiefZZ19pD00j1V2oWva8vhtOKhVXmW0","tlshash":"0b43f25605c054f8f4d5917aa3a4bdd9c91ba1b0437b08c28a633bd855eb7c8a3387fb","first_seen":"2026-01-30T05:56:59.898958Z","last_seen":"2026-03-04T19:03:33.151421Z","times_seen":7,"resource_available":false,"data":null}},"time_used":471,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":342,"receive":129,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim.moonbirds.finance/logo-1.png","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://claim.moonbirds.finance/","date":"2026-01-31T14:55:58.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim.moonbirds.finance","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 02:52:49 GMT","end":"Fri, 01 May 2026 02:52:48 GMT"},"fingerprint":{"sha1":"27:99:55:A0:8F:67:B1:D4:1B:90:C4:02:E7:0C:DB:36:DC:14:90:F8","sha256":"7C:BD:D0:FA:B4:69:30:35:97:5C:DC:EE:42:FE:F3:9F:62:4F:7A:54:8C:F6:47:63:01:33:18:AB:85:35:0E:35"}}},"request":{"raw":"GET /logo-1.png HTTP/1.1\r\nHost: claim.moonbirds.finance\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim.moonbirds.finance/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 07 Feb 2026 14:56:08 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 30 Jan 2026 19:43:53 GMT\r\netag: \"a97-697d09f9-523ea49e161f8cf9;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 2711\r\ndate: Sat, 31 Jan 2026 14:56:08 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":2711,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 65, 8-bit colormap, non-interlaced","md5":"814c0b4cfcf15cf383774a8b3435a5eb","sha1":"98ec3d741fb3d554131e82cf9b74fac0f2026bac","sha256":"8c5b1b63b7b922b7fc4063a57110a03e8107bf60b4d41d0fced7345532db31b0","sha512":"05828b28855012a81e872269f472f6950b2376f14b524ffae676ed6bb2b8c0ec761c529c0608f8655a6ad16f75a36682369307725de1e772a891aed085a37df9","ssdeep":"","tlshash":"ef515cf0eb126d9c8d5ef6eac88358555e181c7b83e69ba14e83e2d318a5bc960c50dc","first_seen":"2026-01-30T04:23:55.374729Z","last_seen":"2026-03-04T19:03:33.140376Z","times_seen":83,"resource_available":false,"data":null}},"time_used":457,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":453,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim.moonbirds.finance/8c6ed6e883426467.css","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://claim.moonbirds.finance/","date":"2026-01-31T14:55:58.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim.moonbirds.finance","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 02:52:49 GMT","end":"Fri, 01 May 2026 02:52:48 GMT"},"fingerprint":{"sha1":"27:99:55:A0:8F:67:B1:D4:1B:90:C4:02:E7:0C:DB:36:DC:14:90:F8","sha256":"7C:BD:D0:FA:B4:69:30:35:97:5C:DC:EE:42:FE:F3:9F:62:4F:7A:54:8C:F6:47:63:01:33:18:AB:85:35:0E:35"}}},"request":{"raw":"GET /8c6ed6e883426467.css HTTP/1.1\r\nHost: claim.moonbirds.finance\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim.moonbirds.finance/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 07 Feb 2026 14:56:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 30 Jan 2026 19:43:53 GMT\r\netag: \"121a7-697d09f9-8eb17deed5df5edf;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 11755\r\ndate: Sat, 31 Jan 2026 14:56:08 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":74151,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (41757)","md5":"49fe466211bdf25d57f6d93577437a94","sha1":"c7010f238afbf35f96ceafca18e61af07005e858","sha256":"574eec4f44c556f2da82f6d8a0a32b005736d90d9957b4dc7e9d0f0f675ee6d4","sha512":"026cce9c97ff3d3b89f3d6b8fdff3fc7c19547b8b6e71be4b051ac24359911dc96dbaa9b1681f3d4a9cec57552d066b18d96651991c352f0cf62a195086a40dd","ssdeep":"1536:uzosn63DKE6Su4wqse6bJz5xwhAuiy+VK:uzosn63DKE6Su4wdJz5xwhAuiyj","tlshash":"b67346097e1c3a3abd1362f581d4a89c610b73caef3d47d7ac9122089fd93e5396a714","first_seen":"2026-01-30T05:56:59.891177Z","last_seen":"2026-01-31T14:56:19.664302Z","times_seen":4,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim.moonbirds.finance/css2.css","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://claim.moonbirds.finance/","date":"2026-01-31T14:55:58.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim.moonbirds.finance","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 02:52:49 GMT","end":"Fri, 01 May 2026 02:52:48 GMT"},"fingerprint":{"sha1":"27:99:55:A0:8F:67:B1:D4:1B:90:C4:02:E7:0C:DB:36:DC:14:90:F8","sha256":"7C:BD:D0:FA:B4:69:30:35:97:5C:DC:EE:42:FE:F3:9F:62:4F:7A:54:8C:F6:47:63:01:33:18:AB:85:35:0E:35"}}},"request":{"raw":"GET /css2.css HTTP/1.1\r\nHost: claim.moonbirds.finance\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim.moonbirds.finance/8c6ed6e883426467.css\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 07 Feb 2026 14:56:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 30 Jan 2026 19:43:53 GMT\r\netag: \"840-697d09f9-cc213ff5038ca04c;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 299\r\ndate: Sat, 31 Jan 2026 14:56:08 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2112,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"94008a89c8d6024db3d861cb7ba4a4f4","sha1":"51705aa43b6b5fe174beb82b06c56178246906ec","sha256":"0a0b13c690f1a1ed9e59cf520667bb9f3d3cee7e8ea89318a03f40ba9b9cf05b","sha512":"e54628d0a2daf050618534f61b4283e15f80ba17123dab3289050740e501a76d9dff62026199c6e2c7df929a7e2d7e3c56b0e22d47a4877dfcd71176264467e0","ssdeep":"","tlshash":"41418b80087ba504d7931cc122ce7e32ee2db19064459d346ffe1498fc5bd59a3b2b4d","first_seen":"2025-01-25T17:56:03.203401Z","last_seen":"2026-04-24T15:24:19.903829Z","times_seen":867,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim.moonbirds.finance/favicon.png","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claim.moonbirds.finance/","date":"2026-01-31T14:55:58.247Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim.moonbirds.finance","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 02:52:49 GMT","end":"Fri, 01 May 2026 02:52:48 GMT"},"fingerprint":{"sha1":"27:99:55:A0:8F:67:B1:D4:1B:90:C4:02:E7:0C:DB:36:DC:14:90:F8","sha256":"7C:BD:D0:FA:B4:69:30:35:97:5C:DC:EE:42:FE:F3:9F:62:4F:7A:54:8C:F6:47:63:01:33:18:AB:85:35:0E:35"}}},"request":{"raw":"GET /favicon.png HTTP/1.1\r\nHost: claim.moonbirds.finance\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim.moonbirds.finance/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 07 Feb 2026 14:56:08 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 30 Jan 2026 19:43:53 GMT\r\netag: \"14a11-697d09f9-6571743a08f6f00b;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 84497\r\ndate: Sat, 31 Jan 2026 14:56:08 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":84497,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 698 x 626, 8-bit/color RGBA, non-interlaced","md5":"832b2c60fcd953f15828d8369e9b1e50","sha1":"720631529f976c033b099f874f90475065e30969","sha256":"62d94607452a6775fb7643edb97821476c6ab1458632953972a007649eda4749","sha512":"2ad5c906febde346be65504f622d4a4633d3711feba8002ab3f172276dd1fd85f947118ab554c0efbb8b3874ee1d5792be2eb978d2acf064e8784122eb585c9a","ssdeep":"1536:acvst2+Edoyy8tgnv3Cxof+CuUJblB73lw4GOBYQ/kN/z1TrHn3:rILy/anH+RUJblB73l0+YTr3","tlshash":"c68302d73014f5a25ce0247a2d9b23240fd258bd48c1fe7adf8a6d63afd4348e91e0a5","first_seen":"2026-01-30T04:23:55.370675Z","last_seen":"2026-03-04T19:03:33.14177Z","times_seen":83,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":167,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim.moonbirds.finance/bg-home.png","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claim.moonbirds.finance/","date":"2026-01-31T14:55:58.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim.moonbirds.finance","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 02:52:49 GMT","end":"Fri, 01 May 2026 02:52:48 GMT"},"fingerprint":{"sha1":"27:99:55:A0:8F:67:B1:D4:1B:90:C4:02:E7:0C:DB:36:DC:14:90:F8","sha256":"7C:BD:D0:FA:B4:69:30:35:97:5C:DC:EE:42:FE:F3:9F:62:4F:7A:54:8C:F6:47:63:01:33:18:AB:85:35:0E:35"}}},"request":{"raw":"GET /bg-home.png HTTP/1.1\r\nHost: claim.moonbirds.finance\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim.moonbirds.finance/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 07 Feb 2026 14:56:08 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 30 Jan 2026 19:43:53 GMT\r\netag: \"18eee-697d09f9-9f9d1c87a46076a7;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 102126\r\ndate: Sat, 31 Jan 2026 14:56:08 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":102126,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 6000 x 3750, 8-bit/color RGBA, non-interlaced","md5":"4d303c40f300cb64caff7f75a332e69f","sha1":"8c1d660f648c79cf86d40d196bc49e5d78f1e19a","sha256":"f54ed1e62da50259d56ab48cbdb7337eda0ee3d3752a4822b874abb6262518a2","sha512":"fd004ee04c65156b2bbed48984d558dd337c9cdbc88903c6a253eb00a1e779a179a4793e813954ad5cc3f057df0001f8a77201fcc45779376d5e96baaaf516bf","ssdeep":"192:iB3v/e2DU36Tv3r0HlDY1ah0k4uN88CO53lihgome9yqNEA:4//4Kj3r0Hl01EN4st1wLme9yq7","tlshash":"f1a341455a2249e6d41448b29e833ffb7bf946051261db5a9fd4ea7038c31c3e3a39b3","first_seen":"2026-01-30T04:23:55.373348Z","last_seen":"2026-03-04T19:03:33.150144Z","times_seen":84,"resource_available":false,"data":null}},"time_used":352,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":249,"receive":103,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim.moonbirds.finance/Oscine_Trial_Lt.woff2","fqdn":"claim.moonbirds.finance","domain":"moonbirds.finance","tld":"finance"},"ip":{"addr":"88.223.85.211","port":443,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claim.moonbirds.finance/","date":"2026-01-31T14:55:58.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim.moonbirds.finance","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 02:52:49 GMT","end":"Fri, 01 May 2026 02:52:48 GMT"},"fingerprint":{"sha1":"27:99:55:A0:8F:67:B1:D4:1B:90:C4:02:E7:0C:DB:36:DC:14:90:F8","sha256":"7C:BD:D0:FA:B4:69:30:35:97:5C:DC:EE:42:FE:F3:9F:62:4F:7A:54:8C:F6:47:63:01:33:18:AB:85:35:0E:35"}}},"request":{"raw":"GET /Oscine_Trial_Lt.woff2 HTTP/1.1\r\nHost: claim.moonbirds.finance\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim.moonbirds.finance/8c6ed6e883426467.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 07 Feb 2026 14:56:08 GMT\r\ncontent-type: font/woff2\r\nlast-modified: Fri, 30 Jan 2026 19:43:53 GMT\r\netag: \"d18c-697d09f9-a6043943c280a7c3;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 53644\r\ndate: Sat, 31 Jan 2026 14:56:08 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":53644,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 53644, version 1.0","md5":"c1f2e8c63b2d63981e65fdccae1da929","sha1":"3590ea10966fcd0eb24b92b75d5be459b9e568de","sha256":"a64d6bedc689497d04e184904dcfb9fc9584083bc23139f3aa521d14f41f2116","sha512":"3ac96ba18ff625837892d9bfa31d2d575a6c1e85fe418a1e9e6bf810f7e77dd98b17013cbcd1d4e3ac733efb6dd261cd3fd5905f02740ea79ae11d497113e591","ssdeep":"768:7QjQA9C6cXRBlBheHVsjEQBzsk5bui1yE3WHBJHm8cTvIKDz4gb6ylo+lkr:S/cXRboVsN/bui1yIIuzTvHKwFi","tlshash":"ab3302d8fe30a287cb568775d2282ff850e86f26113d9e91336698d24d6ef057263620","first_seen":"2026-01-30T05:56:59.901231Z","last_seen":"2026-03-04T19:03:33.145269Z","times_seen":7,"resource_available":false,"data":null}},"time_used":462,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":460,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"claim.moonbirds.finance","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}