Report - lachel7.cafe24.com/web/id0128741231241122.html?id=aHR0cHM6Ly9oYWJhLW1lbGJhLWMyOWIxNC5uZXRsaWZ5LmFwcC92aW9sYXRlL2FwcGVhbA

Report Overview

Visitedpublic

2025-07-21 18:53:13

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
haba-melba-c29b14.netlify.app	unknown	unknown	No data	No data	9.4 kB	1.1 MB	63.176.8.218
api.db-ip.com	98326	2010-05-18	2017-01-30	2025-07-19	460 B	961 B	104.26.5.15
lachel7.cafe24.com	unknown	unknown	No data	No data	576 B	98 kB	203.245.12.96
ajax.googleapis.com	12905	2005-01-25	2012-05-22	2025-07-16	446 B	88 kB	142.250.178.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-07-21 18:52:54	medium	Client IP	63.176.8.218	ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-07-21	medium	haba-melba-c29b14.netlify.app/script/3.js	Detects file containing Telegram Bot API
2025-07-21	medium	javascript.script.md5:fbb6eb0458cf5ce9255bb652b7746b86	Detects file containing Telegram Bot API

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-21	medium	haba-melba-c29b14.netlify.app	Sinkholed

ThreatFox

No alerts detected

Telegram Bot detected (1)

URL

haba-melba-c29b14.netlify.app/script/3.js

IP / ASN

63.176.8.218

#16509 AMAZON-02

Token

6983542438:AAF-7RfYI-xy8offmWl-2j0-zm-aV83F7l0

Bot Overview

User ID6983542438

Usernametvoi_thu_huong2_bot

First NameTVOI THU HƯƠNG (SERVER 2)

Last NameN/A

Chat Info

Chat IDN/A

Chat TypeN/A

TitleN/A

User Count0

Admins0

Pending Msgs0

JavaScript (7)

URL

From

Size

First Seen

Last Seen

haba-melba-c29b14.netlify.app/script/4.js

ScriptElement

88 B

2025-07-08

2025-08-01

haba-melba-c29b14.netlify.app/script/1.js

ScriptElement

155 kB

2025-07-03

2025-08-01

ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js

ScriptElement

88 kB

2023-08-31

2025-08-02

haba-melba-c29b14.netlify.app/script/3.js

ScriptElement

33 kB

2025-07-08

2025-08-01

URL

haba-melba-c29b14.netlify.app/script/3.js

IP / ASN

63.176.8.218

#16509 AMAZON-02

Introduced by ScriptElement

Embedded false

Resource Info

First Seen 2025-07-08

Last Seen 2025-08-01

Times Seen 10

Size 33 kB (33015 bytes)

MD5 fbb6eb0458cf5ce9255bb652b7746b86

SHA1 dcfe0aa06d54ba03d9e7277f70e880dffc7d9cfc

SHA256 da91eddab968ea31f1cd0d1a4bb943927a5cfc84a7cc2f679b9e42e84d1d6f1a

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API

Format Code

haba-melba-c29b14.netlify.app/script/4.js

ScriptElement

88 B

2025-07-08

2025-08-01

haba-melba-c29b14.netlify.app/script/2.js

ScriptElement

2.3 kB

2025-07-03

2025-08-01

haba-melba-c29b14.netlify.app/violate/appeal

ScriptElement

611 B

2025-07-03

2025-08-01

HTTP Transactions (23)

URL IP Response Size

GET haba-melba-c29b14.netlify.app/styles/bootstrap.min.css

63.176.8.218

200 OK

156 kB

URL

haba-melba-c29b14.netlify.app/styles/bootstrap.min.css

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typeUnicode text, UTF-8 text, with very long lines (65306)

First Seen2023-05-03

Last Seen2025-08-02

Times Seen2443

Size156 kB (155798 bytes)

MD5b4dd849207168b85ac838a42c9918373

SHA1408e4d863dd139eebbeb93afea9ae0367570c7cd

SHA25677dec0eb636b3e7b02d88b5858f21d7cabd174e99bfc22cc93cefb3042aeb99b

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/bootstrap.min.css HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-encoding: br
content-type: text/css; charset=UTF-8
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "07ba05c7080faab30a8eed95c48883a2-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01K0Q5A1AYZJ5ZNMJSRCZWKGHG
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/script/3.js

63.176.8.218

200 OK

33 kB

URL

haba-melba-c29b14.netlify.app/script/3.js

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typeUnicode text, UTF-8 text, with very long lines (5808), with CRLF line terminators

First Seen2025-07-08

Last Seen2025-08-01

Times Seen10

Size33 kB (33020 bytes)

MD5fbb6eb0458cf5ce9255bb652b7746b86

SHA1dcfe0aa06d54ba03d9e7277f70e880dffc7d9cfc

SHA256da91eddab968ea31f1cd0d1a4bb943927a5cfc84a7cc2f679b9e42e84d1d6f1a

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API
Quad9 DNS	malicious	Sinkholed
urlquery	suspicious	Suspicious - Suspicious Javascript code

HTTP Headers

GET /script/3.js HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-encoding: br
content-type: application/javascript; charset=UTF-8
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "4d590a43606fa7b7dd5c143eb1099af6-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01K0Q5A1DE1R7A28218V19MC0B
X-Firefox-Spdy: h2

GET api.db-ip.com/v2/free/self/

104.26.5.15

200 OK

208 B

URL

api.db-ip.com/v2/free/self/

IP / ASN

104.26.5.15

#13335 CLOUDFLARENET

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typeJSON text data

First Seen2023-05-09

Last Seen2025-08-02

Times Seen8504

Size208 B (208 bytes)

MD5b3cbea51f9a9fcaf6275e88da822e6aa

SHA1b9740712e7a8e51a3cfa95a11c75c671644c5ab2

SHA2569976a8ae9b1a43de4fb568b400d7026c135c71935aa1041418252b0882ba41ff

Certificate Info

IssuerGoogle Trust Services

Subjectdb-ip.com

FingerprintB1:E6:8A:14:9B:5C:F2:3F:BD:0F:4B:A9:BA:08:91:ED:44:1D:EA:A0

ValidityWed, 02 Jul 2025 00:31:11 GMT - Tue, 30 Sep 2025 01:31:09 GMT

HTTP Headers

GET /v2/free/self/ HTTP/1.1
Host: api.db-ip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://haba-melba-c29b14.netlify.app/
Origin: https://haba-melba-c29b14.netlify.app
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 21 Jul 2025 18:53:01 GMT
content-type: application/json
server: cloudflare
access-control-allow-origin: *
cache-control: max-age=1800
x-iplb-request-id: A29EDE0B:38DE_93878F2E:0050_687E8C8D_990F730C:5647
x-iplb-instance: 54033
cf-cache-status: MISS
last-modified: Mon, 21 Jul 2025 18:53:01 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gMIu7LUAN93LeGl5fvb%2BkrWyrPQva7P6%2BgGY%2FxmMVfK4mBbsKhrLK1t9pyuR709oj5HHJ%2FF%2FUSLqtg6%2B4cZaz3kxWt3BChnZBBY%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 962ce6133bf6b517-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET lachel7.cafe24.com/web/id0128741231241122.html?id=aHR0cHM6Ly9oYWJhLW1lbGJhLWMyOWIxNC5uZXRsaWZ5LmFwcC92aW9sYXRlL2FwcGVhbA

203.245.12.96

200 OK

97 kB

URL

lachel7.cafe24.com/web/id0128741231241122.html?id=aHR0cHM6Ly9oYWJhLW1lbGJhLWMyOWIxNC5uZXRsaWZ5LmFwcC92aW9sYXRlL2FwcGVhbA

IP / ASN

203.245.12.96

#4766 Korea Telecom

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (65098), with CRLF line terminators

First Seen2025-07-06

Last Seen2025-08-01

Times Seen31

Size97 kB (97205 bytes)

MD54e3f7909f458f71042c32f3007cb4b9a

SHA1e15f4662baec1a70c9ef0004a139c397d204ad1e

SHA256bf842fa912aa5c38f59403f6af44934ed0183dd25eec2931385c56989085decf

Certificate Info

IssuerSectigo Limited

Subject*.cafe24.com

Fingerprint62:64:6C:5B:2A:A2:C0:B0:BF:DE:46:6E:93:AE:A0:77:90:BB:2A:5F

ValidityMon, 26 Aug 2024 00:00:00 GMT - Fri, 05 Sep 2025 23:59:59 GMT

HTTP Headers

GET /web/id0128741231241122.html?id=aHR0cHM6Ly9oYWJhLW1lbGJhLWMyOWIxNC5uZXRsaWZ5LmFwcC92aW9sYXRlL2FwcGVhbA HTTP/1.1
Host: lachel7.cafe24.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Mon, 21 Jul 2025 18:52:54 GMT
content-type: text/html
content-length: 37977
last-modified: Fri, 20 Jun 2025 05:13:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-hurl: /web/id0128741231241122.html?id=aHR0cHM6Ly9oYWJhLW1lbGJhLWMyOWIxNC5uZXRsaWZ5LmFwcC92aW9sYXRlL2FwcGVhbAlachel7
x-iscacheurl: YES
x-ttl: 7200.000
x-cache: HIT
x-hits: 11
x-anigif: webp
accept-ranges: bytes
x-via: magneto-edge-icn01-ktog-134
x-reqid: 5fcb92d1ad1e36c927b8d3a9a961fff8
x-xss-protection: 1;mode=block
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/script/1.js

63.176.8.218

200 OK

155 kB

URL

haba-melba-c29b14.netlify.app/script/1.js

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typeJavaScript source, ASCII text, with very long lines (617), with CRLF line terminators

First Seen2025-07-03

Last Seen2025-08-01

Times Seen23

Size155 kB (155260 bytes)

MD53cf4d68e803db7416e8d6ff0ad306fa4

SHA168d72f22bc67bcd940bc7c4baeafcaddc8e4caf1

SHA256b44e8ce7107847a763d986d505606d1ec8548fa26dc04d39248cd48a0cacbf08

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /script/1.js HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-encoding: br
content-type: application/javascript; charset=UTF-8
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "8585fb34644ff73354d395476a32f23f-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01K0Q5A1B6DP8HPVWTHA900YRY
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/img/meta-logo-grey.png

63.176.8.218

200 OK

106 kB

URL

haba-melba-c29b14.netlify.app/img/meta-logo-grey.png

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typePNG image data, 900 x 240, 8-bit/color RGBA, non-interlaced

First Seen2024-01-09

Last Seen2025-08-02

Times Seen13686

Size106 kB (105511 bytes)

MD5ffba640622dd859d554ee43a03d53769

SHA1c91a100db7bfc04df9a5f3223d5b6f17536bf5ee

SHA256139d38d0fbfed2fd9f2b782af9b3eb08005b9bc75faaa31fe29720cc64bcab0f

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/meta-logo-grey.png HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-type: image/png
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "db33657ce611b9f2d0bb4754b3b18618-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01K0Q5A1BTRKVADDVMNNC0X38E
content-length: 105511
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/violate/page

63.176.8.218

200 OK

80 kB

URL

haba-melba-c29b14.netlify.app/violate/page

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://lachel7.cafe24.com/web/id0128741231241122.html?id=aHR0cHM6Ly9oYWJhLW1lbGJhLWMyOWIxNC5uZXRsaWZ5LmFwcC92aW9sYXRlL2FwcGVhbA

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (2134), with CRLF line terminators

First Seen2025-07-21

Last Seen2025-07-24

Times Seen2

Size80 kB (80142 bytes)

MD58f80075e19331648f05d6977c2aec6f0

SHA1d3d883b56c2cf0a9fef9505bf8432ed4e22b396c

SHA256eecba057f812b49327096e034a57b6dda762054fbfb217d961a30c586959f802

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /violate/page HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/appeal
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "e7093f55da46250dcf12925273a4d73b-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01K0Q5A105MN1PW3YT7EP5SY70
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/img/doc.png

63.176.8.218

200 OK

5.7 kB

URL

haba-melba-c29b14.netlify.app/img/doc.png

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typePNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced

First Seen2023-12-25

Last Seen2025-08-02

Times Seen14001

Size5.7 kB (5723 bytes)

MD595382a6dab40d5911185a921c53e6f6b

SHA14229cb577571111d747021988aac9dd6cd50634f

SHA256e341d9055288dfcd7dd5facab6c915f6b7bcffbf80f8b48468c7275b8cada069

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/doc.png HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-type: image/png
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "8270521d3d689b807b0b038f11a97a2a-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01K0Q5A1D5SDZ9KT6ED5GTKT2Z
content-length: 5723
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/img/dir.png

63.176.8.218

200 OK

5.1 kB

URL

haba-melba-c29b14.netlify.app/img/dir.png

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typePNG image data, 120 x 120, 8-bit colormap, non-interlaced

First Seen2024-01-09

Last Seen2025-08-01

Times Seen9786

Size5.1 kB (5071 bytes)

MD5aef2b30f6701ba271c07e3e26ffc416e

SHA171cb73ec54a5fc973ccd4f4127b6716f6370709f

SHA25660a4bddc93553f14c2dfef0299fa5f3ad0e4005f7b8054e34db89b8afe6a0f2f

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/dir.png HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-type: image/png
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "654e57d817ca6795c13e7e805799d7ce-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01K0Q5A1D9JGF3N3BMMPF18Z65
content-length: 5071
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/script/2.js

63.176.8.218

200 OK

2.3 kB

URL

haba-melba-c29b14.netlify.app/script/2.js

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typeJavaScript source, ASCII text, with very long lines (1629), with CRLF line terminators

First Seen2025-07-03

Last Seen2025-08-01

Times Seen23

Size2.3 kB (2272 bytes)

MD5345b65dd1f092f544d6e6a690511b48a

SHA16ce26331f4474ec2d0219082387a13ece8998f85

SHA256a0af3bad378cc1ed12545c643cd7b9213268dd35e5229b72fa5e0057c8e1f14c

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /script/2.js HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-encoding: br
content-type: application/javascript; charset=UTF-8
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "3bc57dc08ad7334b13505273789efbfd-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01K0Q5A1DDGMJB4J9T8DETRQ36
content-length: 1341
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/violate/appeal

63.176.8.218

200 OK

1.5 kB

URL

haba-melba-c29b14.netlify.app/violate/appeal

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://lachel7.cafe24.com/web/id0128741231241122.html?id=aHR0cHM6Ly9oYWJhLW1lbGJhLWMyOWIxNC5uZXRsaWZ5LmFwcC92aW9sYXRlL2FwcGVhbA

Resource Info

File typeJavaScript source, ASCII text, with CRLF line terminators

First Seen2025-07-08

Last Seen2025-08-01

Times Seen12

Size1.5 kB (1479 bytes)

MD58fdf9eedb4af813ff8677e57b2f64ae4

SHA106be29e309ef3f959b2ef4ed11e481f73be161c7

SHA256e4f329e6c06cc9695ccea49bf69ba2c91c3ea818b21e5786a72bd86d7d652848

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /violate/appeal HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lachel7.cafe24.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 1
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 21 Jul 2025 18:52:55 GMT
etag: "c79ff08a6c24975097b0d51515a27d1a-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01K0Q59VS09XZGDRN0NA945DV2
content-length: 488
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/script/4.js

63.176.8.218

200 OK

88 B

URL

haba-melba-c29b14.netlify.app/script/4.js

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/appeal

Resource Info

File typeASCII text, with CRLF line terminators

First Seen2025-07-08

Last Seen2025-08-01

Times Seen12

Size88 B (88 bytes)

MD5d2e2cba6a75306d4e68262cfbccfcca9

SHA11b802117b9615bfc08b9cb236b6c50fed7e10a84

SHA25682ad567c127a696438c5b1423078ea3912fb8f3f1f5e3694e7cbd1ee3b6e721f

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /script/4.js HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/appeal
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 2
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-type: application/javascript; charset=UTF-8
date: Mon, 21 Jul 2025 18:52:56 GMT
etag: "7116ad8514d16d7954389e70fd656ad7-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01K0Q59WQ3A6GH10A41QAZ37Q4
content-length: 88
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/img/fb_round_logo.png

63.176.8.218

200 OK

43 kB

URL

haba-melba-c29b14.netlify.app/img/fb_round_logo.png

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typePNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced

First Seen2024-01-09

Last Seen2025-08-02

Times Seen13701

Size43 kB (42676 bytes)

MD581bb5cf1e451109cf0b1868b2152914b

SHA1b70017639afc079394be1ea8625f7c4beb44d617

SHA256676c83478e410d324fe56aca428d3305505732c648667b22e15c8222117c75e6

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fb_round_logo.png HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-type: image/png
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "627bb060090f6f956bcac85bc2b7c9ec-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01K0Q5A1BJZR4D8K2C3NE0VKYB
content-length: 42676
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/img/star.png

63.176.8.218

200 OK

2.0 kB

URL

haba-melba-c29b14.netlify.app/img/star.png

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typePNG image data, 41 x 41, 8-bit colormap, non-interlaced

First Seen2024-01-09

Last Seen2025-08-02

Times Seen12731

Size2.0 kB (1980 bytes)

MD5aae920faed2a3fe4c3083b339cd783df

SHA1be5e47195c28b585d65478e2399d0d5f9b74435c

SHA256f75d9bcacc1a1aabc6f93c383f5494307d91f7f302c266626d6dc92b4b86585e

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/star.png HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-type: image/png
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "2356b4d4119b02fa4c2857e8c12da0d0-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01K0Q5A1D8HE4Y79TPWFC88AE5
content-length: 1980
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/img/no_avatar.png

63.176.8.218

200 OK

6.0 kB

URL

haba-melba-c29b14.netlify.app/img/no_avatar.png

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

First Seen2024-01-09

Last Seen2025-08-02

Times Seen12753

Size6.0 kB (6043 bytes)

MD5d5d30f28ca92743610c956684a424b7e

SHA1fd4a7207b724254d981a4ed4c7f675fd87868535

SHA2564b842e25c6be485fd7f06b745ac91db2b6e9eee778c5442b157be78d51f83563

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/no_avatar.png HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-type: image/png
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "63d88964a3d4cd62c81b4073bdf75745-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01K0Q5A1DCRR6K2GD6QE1KDY6D
content-length: 6043
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/img/save_img.png

63.176.8.218

200 OK

7.6 kB

URL

haba-melba-c29b14.netlify.app/img/save_img.png

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typePNG image data, 120 x 120, 8-bit colormap, non-interlaced

First Seen2023-12-25

Last Seen2025-08-02

Times Seen14005

Size7.6 kB (7550 bytes)

MD58d3bcd1278891fc1e52d38e72549b3d0

SHA1af1ab86b5a3993c468c3be9c59a8ed3d9091454d

SHA2568fc3f44a189200b47c93a90ad8dffe40fcdeda8a718e62bb4baf98f00d536e97

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/save_img.png HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-type: image/png
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "1d1b4906bd89108d25460df3f3addef7-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01K0Q5A1BV4VSAKNWH3YCRR8C0
content-length: 7550
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/bot.json

63.176.8.218

200 OK

97 B

URL

haba-melba-c29b14.netlify.app/bot.json

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typeJSON text data

First Seen2025-07-04

Last Seen2025-08-01

Times Seen20

Size97 B (97 bytes)

MD58ef01f2d62585d8b2f881dabb104118a

SHA128c8914a62515220cee779a22e1a333c6003bbb7

SHA256157dc0f0aaa9f8773d358f69175dd281e02d8cee748d3e113873af9871a2658e

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bot.json HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://haba-melba-c29b14.netlify.app/violate/page
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-type: application/json
date: Mon, 21 Jul 2025 18:53:01 GMT
etag: "67ceeab72d8a20e19dbf866f9834cc91-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01K0Q5A1YTBQH1J6RSC13D5DRH
content-length: 97
X-Firefox-Spdy: h2

GET ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js

142.250.178.74

200 OK

88 kB

URL

ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js

IP / ASN

142.250.178.74

#15169 GOOGLE

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65447)

First Seen2023-08-31

Last Seen2025-08-02

Times Seen49990

Size88 kB (87533 bytes)

MD52c872dbe60f4ba70fb85356113d8b35e

SHA1ee48592d1fff952fcf06ce0b666ed4785493afdc

SHA256fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Certificate Info

IssuerGoogle Trust Services

Subjectupload.video.google.com

FingerprintDC:40:BF:B1:59:C9:CC:B5:4A:38:2D:D0:16:8D:06:A5:1D:B4:08:8B

ValidityMon, 23 Jun 2025 08:41:28 GMT - Mon, 15 Sep 2025 08:41:27 GMT

HTTP Headers

GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30462
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Jul 2025 23:34:32 GMT
expires: Thu, 16 Jul 2026 23:34:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 415108
last-modified: Tue, 12 Sep 2023 02:38:22 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/img/Mate.mp4

63.176.8.218

206 Partial Content

82 kB

URL

haba-melba-c29b14.netlify.app/img/Mate.mp4

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/appeal

Resource Info

File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003]

First Seen2024-08-19

Last Seen2025-07-21

Times Seen5

Size82 kB (81920 bytes)

MD561257ad1bccb3965f239dd9707792b0d

SHA1a295304da37cd41bfafa07682bc612d2d09d89be

SHA25673a5d03046c0f4b9216d71dfa5b2870053b04a76912d5d6a34ec5dd74a695e61

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/Mate.mp4 HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/appeal
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-range: bytes 0-292265/292266
content-type: video/mp4
date: Mon, 21 Jul 2025 18:52:56 GMT
etag: "78c55917a141adf1c4c866ca415a8bc9-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01K0Q59X85CJQK2B3MKE9AK7AG
content-length: 292266
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/script/4.js

63.176.8.218

200 OK

88 B

URL

haba-melba-c29b14.netlify.app/script/4.js

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typeASCII text, with CRLF line terminators

First Seen2025-07-08

Last Seen2025-08-01

Times Seen12

Size88 B (88 bytes)

MD5d2e2cba6a75306d4e68262cfbccfcca9

SHA11b802117b9615bfc08b9cb236b6c50fed7e10a84

SHA25682ad567c127a696438c5b1423078ea3912fb8f3f1f5e3694e7cbd1ee3b6e721f

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /script/4.js HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 6
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "7116ad8514d16d7954389e70fd656ad7-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01K0Q5A1AQM007NGZMPA0FE8Y6
content-length: 88
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/styles/style.css

63.176.8.218

200 OK

12 kB

URL

haba-melba-c29b14.netlify.app/styles/style.css

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typeASCII text

First Seen2024-01-09

Last Seen2025-08-01

Times Seen2322

Size12 kB (11622 bytes)

MD5d0057ba3ba52bf55a2e251cd40e43978

SHA1d69d834434feee1dde288a62f26819f8036ca872

SHA256bff6093d0a9bb4b155ad4421357237c65d7cfa1e7907a254ee932ba1dad640a0

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/style.css HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-encoding: br
content-type: text/css; charset=UTF-8
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "a86f0cda55042b75c3570e0a5fd0b5b4-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01K0Q5A1B25NXRMFD4RZ3ZT28Y
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/img/2FA.png

63.176.8.218

200 OK

115 kB

URL

haba-melba-c29b14.netlify.app/img/2FA.png

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typePNG image data, 541 x 252, 8-bit/color RGBA, non-interlaced

First Seen2024-01-09

Last Seen2025-08-02

Times Seen8029

Size115 kB (114767 bytes)

MD503d39d5d071182aba1b01ba2e859de39

SHA17ba8f968b03e92fd59a6c4f6ce5c8aa36a5d2b92

SHA256a7fd65363687e512751d88f7850b61969427e8d3aa9a177946bcd4bc280b71ad

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/2FA.png HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-type: image/png
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "a085ada9775e112bb8d77cf1fab12cfa-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01K0Q5A1D683B405NQ7THS67Z4
content-length: 114767
X-Firefox-Spdy: h2

GET haba-melba-c29b14.netlify.app/img/phone.png

63.176.8.218

200 OK

255 kB

URL

haba-melba-c29b14.netlify.app/img/phone.png

IP / ASN

63.176.8.218

#16509 AMAZON-02

Requested byhttps://haba-melba-c29b14.netlify.app/violate/page

Resource Info

File typePNG image data, 640 x 280, 8-bit/color RGBA, non-interlaced

First Seen2024-01-09

Last Seen2025-08-02

Times Seen13420

Size255 kB (255341 bytes)

MD53c18a93313e72ab9967152a4e92aa238

SHA174671591dd7cc381c6ec6de1137b83c0e2f4d7ec

SHA256fbc7addde1cd6057bd59c03941fcf38a6ac17dd90312d142ebd7520891c3656e

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/phone.png HTTP/1.1
Host: haba-melba-c29b14.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://haba-melba-c29b14.netlify.app/violate/page
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-type: image/png
date: Mon, 21 Jul 2025 18:53:00 GMT
etag: "edad7e5937b07671567ae92fa7f8554f-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01K0Q5A1D7F13X8D98C3YPPG7S
content-length: 255341
X-Firefox-Spdy: h2