Report - heineken.nl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html

Report Overview

Visited public
2025-06-19 05:33:09
Tags
Submit Tags
URL
heineken.nl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html
Finishing URL
heineken%2Enl@linkwp.cc/LyBDtgsY/404.html
IP / ASN
172.67.166.153
#13335 CLOUDFLARENET
Title
404 Not Found

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
linkwp.cc	unknown	2023-10-28	2023-10-28	2025-06-15	3.5 kB	210 kB	188.114.96.1
cdn.onesignal.com	3015	2011-09-10	2015-04-22	2025-06-12	391 B	10 kB	104.16.160.145
ajax.googleapis.com	12905	2005-01-25	2012-05-22	2025-06-18	409 B	90 kB	142.250.74.42
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-06-18	1.3 kB	265 kB	104.17.24.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-06-19	medium	heineken.nl@linkwp.cc/LyBDtgsY/global.js	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-19	medium	linkwp.cc	Sinkholed
2025-06-19	medium	linkwp.cc	Sinkholed
2025-06-19	medium	linkwp.cc	Sinkholed
2025-06-19	medium	linkwp.cc	Sinkholed
2025-06-19	medium	linkwp.cc	Sinkholed
2025-06-19	medium	linkwp.cc	Sinkholed
2025-06-19	medium	linkwp.cc	Sinkholed
2025-06-19	medium	linkwp.cc	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/bootstrap/4.6.0/js/bootstrap.min.js	ScriptElement	64 kB	2023-03-07	2025-06-27
Pretty URL cdnjs.cloudflare.com/ajax/libs/bootstrap/4.6.0/js/bootstrap.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-27 00:31 Times Seen6301 Hash f0c2bcf5ef0c4476508d79ec9cdcce07 3beed68ed7d753c6bf4f61c26386ddd7929ba030 edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba Loading...

	cdn.onesignal.com/sdks/OneSignalSDK.js	ScriptElement	9.2 kB	2024-07-22	2025-06-27
Pretty URL cdn.onesignal.com/sdks/OneSignalSDK.js IP 104.16.160.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-22 22:24 Last Seen2025-06-27 04:53 Times Seen4607 Hash 09282956186c8515ef0d208902803581 ea83b81c9955b3e983a7bef75714a9cefa904151 ec8b1b07980996f574075e1b7e895d5d47794b9dcf345a68d60fbb17034f7bef Loading...

	heineken%2Enl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html	ScriptElement	2.2 kB	2023-03-07	2025-06-26
Pretty URL heineken%2Enl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-06-26 15:30 Times Seen29 Hash bfe75a5c92892be3ada55254cd1aa69c f026f105ac093059a0c530ea292d71de1ac32777 bcd608e3d0f8b083f98972f8cb32a767806c8afe1fdbc278f7ccf86b5705638a Loading...

	heineken%2Enl@linkwp.cc/LyBDtgsY/index_files/config.js	ScriptElement	31 kB	2025-06-18	2025-06-19
Pretty URL heineken%2Enl@linkwp.cc/LyBDtgsY/index_files/config.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-18 16:35 Last Seen2025-06-19 05:33 Times Seen2 Hash 0064adbb336cc728728caf54f512b38c f4206a187824427c5b4f98676a4b9f6053272991 6b7a525e0ad901d8ca8378220b6f59120cf253c7b046a6b28948da53e85f79c7 Loading...

	heineken%2Enl@linkwp.cc/LyBDtgsY/global.js	ScriptElement	32 kB	2025-06-18	2025-06-21
Pretty URL heineken%2Enl@linkwp.cc/LyBDtgsY/global.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-18 16:34 Last Seen2025-06-21 10:26 Times Seen13 Hash 35d5647362f2d412856c4c2a603270da f394287fcb02d5ef22e003865bc9a288177eb81f 9f248b4522313d64ae80c85ce3757bc8ef4d467cb9f2debc17df86979777df97 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-06-27
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-27 05:13 Times Seen224822 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

HTTP Transactions (13)

URL IP Response Size

GET heineken.nl@linkwp.cc/LyBDtgsY/index_files/themecustom.css

188.114.96.1

302 Found

16 kB

URL GET
heineken.nl@linkwp.cc/LyBDtgsY/index_files/themecustom.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://heineken%2Enl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html
Certificate
IssuerGoogle Trust Services
Subjectlinkwp.cc
Fingerprint2F:21:F3:54:F5:31:13:BE:97:62:F5:1C:BE:2D:66:47:6B:8F:1B:FD
ValidityTue, 10 Jun 2025 02:51:56 GMT - Mon, 08 Sep 2025 03:50:37 GMT

File type

Size
16 kB (16138 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /LyBDtgsY/index_files/themecustom.css HTTP/1.1
Host: linkwp.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Thu, 19 Jun 2025 05:32:51 GMT
content-type: text/html
location: https://linkwp.cc/sumheinl/index_files/themecustom.css
server: cloudflare
cf-cache-status: BYPASS
priority: u=2,i=?0
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=1TSgQcca5eLhzjT%2B38vudrFNghdez34KQpaCfobJmyj2Y8nJT5%2BFo%2Br4Lh7YuveinQR%2FjlzM7qAG5AMjBFwLugj1xACBa%2FQ%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9520a5f809c856c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET cdn.onesignal.com/sdks/OneSignalSDK.js

104.16.160.145

200 OK

9.2 kB

URL GET
cdn.onesignal.com/sdks/OneSignalSDK.js
IP
104.16.160.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://heineken%2Enl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html
Certificate
IssuerGoogle Trust Services
Subject*.onesignal.com
FingerprintF3:67:04:59:01:79:B7:C1:A6:E1:54:A2:B6:12:7F:14:70:24:20:2C
ValiditySat, 26 Apr 2025 12:06:17 GMT - Fri, 25 Jul 2025 13:06:16 GMT

File type
JavaScript source, ASCII text, with very long lines (9163)
Size
9.2 kB (9204 bytes)
Hash
09282956186c8515ef0d208902803581
ea83b81c9955b3e983a7bef75714a9cefa904151
ec8b1b07980996f574075e1b7e895d5d47794b9dcf345a68d60fbb17034f7bef

HTTP Headers

GET /sdks/OneSignalSDK.js HTTP/1.1
Host: cdn.onesignal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 19 Jun 2025 05:32:51 GMT
content-type: application/javascript
etag: W/"09282956186c8515ef0d208902803581"
access-control-allow-headers: OneSignal-Subscription-Id
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 3010
expires: Sun, 22 Jun 2025 05:32:51 GMT
cache-control: public, max-age=259200
set-cookie: __cf_bm=SVnvQvfM.NEO3p3iBOYo.XokvSfAPPvJ5.fffB1L9go-1750311171-1.0.1.1-9O1Xc_mtfhy.LU7sde_Ukqpwi0a6TaVkKhS1wZFuiMZVyFKkjNfOGlVUC70Tg2SCD1jgclx1j0tQm5XPTQ3Kmsvp.OsMIB5JE5qLCQoX1bQ; path=/; expires=Thu, 19-Jun-25 06:02:51 GMT; domain=.onesignal.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 9520a5f889cd0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET heineken.nl@linkwp.cc/LyBDtgsY/index_files/config.js

188.114.96.1

302 Found

31 kB

URL GET
heineken.nl@linkwp.cc/LyBDtgsY/index_files/config.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://heineken%2Enl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html
Certificate
IssuerGoogle Trust Services
Subjectlinkwp.cc
Fingerprint2F:21:F3:54:F5:31:13:BE:97:62:F5:1C:BE:2D:66:47:6B:8F:1B:FD
ValidityTue, 10 Jun 2025 02:51:56 GMT - Mon, 08 Sep 2025 03:50:37 GMT

File type

Size
31 kB (31280 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /LyBDtgsY/index_files/config.js HTTP/1.1
Host: linkwp.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Thu, 19 Jun 2025 05:32:51 GMT
content-type: text/html
location: https://linkwp.cc/sumheinl/index_files/config.js
server: cloudflare
cf-cache-status: BYPASS
priority: u=2,i=?0
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hcIzZm2R5eqh8S2xXDlgSusPiRFYFILMP2Tp3GFaWf9653KHV5Vwg36eWHwGSQoVq1Vc4DCjNhWv6AmOEqczoNjk06GSeRo%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9520a5f809c756c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET linkwp.cc/sumheinl/index_files/config.js

188.114.96.1

200 OK

31 kB

URL GET
linkwp.cc/sumheinl/index_files/config.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://heineken%2Enl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html
Certificate
IssuerGoogle Trust Services
Subjectlinkwp.cc
Fingerprint2F:21:F3:54:F5:31:13:BE:97:62:F5:1C:BE:2D:66:47:6B:8F:1B:FD
ValidityTue, 10 Jun 2025 02:51:56 GMT - Mon, 08 Sep 2025 03:50:37 GMT

File type
JavaScript source, ASCII text, with very long lines (31280), with no line terminators
Size
31 kB (31280 bytes)
Hash
0064adbb336cc728728caf54f512b38c
f4206a187824427c5b4f98676a4b9f6053272991
6b7a525e0ad901d8ca8378220b6f59120cf253c7b046a6b28948da53e85f79c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sumheinl/index_files/config.js HTTP/1.1
Host: linkwp.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 05:32:52 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 18 Jun 2025 09:08:11 GMT
etag: "685281fb-7a30"
content-encoding: gzip
age: 201
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=2,i=?0
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9hP7pxGVfRwEfTgR9F2Ag%2Bw0i1Q0d1mEU%2BnXmtTPKPu7uNn3NDDzQA5S3poT6MhZyW6JlHykt%2Ffmn1IzjnWRipiA2zxn8o8%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9520a5f9bb5a56c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET linkwp.cc/sumheinl/index_files/themecustom.css

188.114.96.1

200 OK

16 kB

URL GET
linkwp.cc/sumheinl/index_files/themecustom.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://heineken%2Enl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html
Certificate
IssuerGoogle Trust Services
Subjectlinkwp.cc
Fingerprint2F:21:F3:54:F5:31:13:BE:97:62:F5:1C:BE:2D:66:47:6B:8F:1B:FD
ValidityTue, 10 Jun 2025 02:51:56 GMT - Mon, 08 Sep 2025 03:50:37 GMT

File type
ASCII text
Size
16 kB (16138 bytes)
Hash
2967e526346d5fbd86076432e96c7f53
8ad2b508942bcf43fa9f5cc9ba55d01880a28a23
6984940488726e4293ea70d5d272e7a94fdd5f8cc37072ab1a853ae63c461c37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sumheinl/index_files/themecustom.css HTTP/1.1
Host: linkwp.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 05:32:52 GMT
content-type: text/css
server: cloudflare
last-modified: Mon, 16 Jun 2025 11:15:54 GMT
etag: "684ffcea-3f0a"
content-encoding: gzip
age: 201
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=2,i=?0
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=l%2FhDs5uiRS6MsOwVMH0GDTDPdeaga6HY9j7oAJWv8nuTq9P%2ForE%2BG03o8%2Fp93abKu44hjZpu0a0xpcO50%2FwIcOLGwTsz1%2BM%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9520a5f9bb5c56c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET heineken.nl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html

188.114.96.1

200 OK

78 kB

URL User Request GET
heineken.nl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectlinkwp.cc
Fingerprint2F:21:F3:54:F5:31:13:BE:97:62:F5:1C:BE:2D:66:47:6B:8F:1B:FD
ValidityTue, 10 Jun 2025 02:51:56 GMT - Mon, 08 Sep 2025 03:50:37 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (35239)
Size
78 kB (77857 bytes)
Hash
02c56459e56b88d2838fdc51ad85d984
773530efc1e6206307e0a87d7b0cffdf8adc4cf1
0eedbe396e5937ca915f09c9fa38bbcb455870d8296ab65c4c89126157435090

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /LyBDtgsY/?koelbox-heineken-zomeractie.html HTTP/1.1
Host: linkwp.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 19 Jun 2025 05:32:48 GMT
content-type: text/html
server: cloudflare
last-modified: Wed, 18 Jun 2025 10:18:52 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=LGorDMRWB4DdT%2B4OxgzuG7btxW1AsfWMQBR9TTeyRTSokI0EDKAp8uIc%2BH5uNXGNVCbdJjFgQN6nBinEuKuCq9L3cp9aC%2Fo%3D"}]}
vary: accept-encoding
age: 75
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 9520a5dfea00712e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

142.250.74.42

200 OK

90 kB

URL GET
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://heineken%2Enl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintFF:78:1F:2C:E7:6A:27:90:8B:25:07:97:DD:25:4A:FA:6F:1F:0F:31
ValidityMon, 19 May 2025 08:42:52 GMT - Mon, 11 Aug 2025 08:42:51 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 17 Jun 2025 02:54:23 GMT
expires: Wed, 17 Jun 2026 02:54:23 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 182309
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET heineken.nl@linkwp.cc/LyBDtgsY/global.js

188.114.96.1

200 OK

32 kB

URL GET
heineken.nl@linkwp.cc/LyBDtgsY/global.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://heineken%2Enl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html
Certificate
IssuerGoogle Trust Services
Subjectlinkwp.cc
Fingerprint2F:21:F3:54:F5:31:13:BE:97:62:F5:1C:BE:2D:66:47:6B:8F:1B:FD
ValidityTue, 10 Jun 2025 02:51:56 GMT - Mon, 08 Sep 2025 03:50:37 GMT

File type
ASCII text, with very long lines (31957), with no line terminators
Size
32 kB (31957 bytes)
Hash
35d5647362f2d412856c4c2a603270da
f394287fcb02d5ef22e003865bc9a288177eb81f
9f248b4522313d64ae80c85ce3757bc8ef4d467cb9f2debc17df86979777df97

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /LyBDtgsY/global.js HTTP/1.1
Host: linkwp.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 05:32:51 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:26:45 GMT
etag: W/"6852e8c5-7cd5"
content-encoding: gzip
age: 77
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=2,i=?0
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=64au0Y0owxDimLfSJ2r5496RLEcayQZBXk3Mxy8BQ%2FP6a280b%2FCcskC9Vw%2FERrZMqCSDtpj6hBSU0s71wxmmmWgiFql7moE%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9520a5f7e9b256c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET heineken.nl@linkwp.cc/LyBDtgsY/404.html

188.114.96.1

404 Not Found

146 B

URL User Request GET
heineken.nl@linkwp.cc/LyBDtgsY/404.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectlinkwp.cc
Fingerprint2F:21:F3:54:F5:31:13:BE:97:62:F5:1C:BE:2D:66:47:6B:8F:1B:FD
ValidityTue, 10 Jun 2025 02:51:56 GMT - Mon, 08 Sep 2025 03:50:37 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /LyBDtgsY/404.html HTTP/1.1
Host: linkwp.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 19 Jun 2025 05:32:52 GMT
content-type: text/html
server: cloudflare
age: 77
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=1,i=?0
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=SMRN1RuQA%2Bqbnjo6JXU7ZKbs8lxjZ%2B5B8GPYOXxdVnEdvzAMMzg93vzbD28e19iC2c6grzVYxinl%2BNH9MRkQNWe3fcTkN%2BI%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 9520a5fb9d3f56c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET heineken.nl@linkwp.cc/favicon.ico

188.114.96.1

404 Not Found

146 B

URL GET
heineken.nl@linkwp.cc/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://heineken%2Enl@linkwp.cc/LyBDtgsY/404.html
Certificate
IssuerGoogle Trust Services
Subjectlinkwp.cc
Fingerprint2F:21:F3:54:F5:31:13:BE:97:62:F5:1C:BE:2D:66:47:6B:8F:1B:FD
ValidityTue, 10 Jun 2025 02:51:56 GMT - Mon, 08 Sep 2025 03:50:37 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: linkwp.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://linkwp.cc/LyBDtgsY/404.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 19 Jun 2025 05:33:01 GMT
content-type: text/html
server: cloudflare
age: 86
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=6,i=?0
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=CQD89dNEkl%2Fsg2RyGjqojxtJVCuITTRM2lRyZvJrtZuVwQrjLiGZOZrHC%2F3z75FW3kRPirfFp7gHZA0wJVBYnnWZUnexjL4%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 9520a63408a256c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET cdnjs.cloudflare.com/ajax/libs/bootstrap/4.6.0/js/bootstrap.min.js

104.17.24.14

200 OK

64 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.6.0/js/bootstrap.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://heineken%2Enl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT

File type
JavaScript source, ASCII text, with very long lines (63188)
Size
64 kB (63467 bytes)
Hash
f0c2bcf5ef0c4476508d79ec9cdcce07
3beed68ed7d753c6bf4f61c26386ddd7929ba030
edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba

HTTP Headers

GET /ajax/libs/bootstrap/4.6.0/js/bootstrap.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 19 Jun 2025 05:32:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 13132
cf-ray: 9520a5f879d056c3-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60f698d0-334c"
last-modified: Tue, 20 Jul 2021 09:35:12 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 35358
expires: Tue, 09 Jun 2026 05:32:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xLFiPQiI%2FRT5tJIOtMySjN5K5Ib10I8Yia5KS3g%2FDCFX7Ks%2BzozLKWTmWxKb0FiUWZ2brd4C6DC9BzLwIB3CImEhNE9n7Q4I207wfSQvMSyk%2BmO60r54TGfn4U78jfu2q%2BIRuWsJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/bootstrap/4.6.0/css/bootstrap.min.css

104.17.24.14

200 OK

161 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.6.0/css/bootstrap.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://heineken%2Enl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT

File type
ASCII text, with very long lines (65326)
Size
161 kB (161409 bytes)
Hash
d432e4222814b62dd30c9513dcc29440
2cac4afc120983921411296bd4e8fd8a94ba237e
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601

HTTP Headers

GET /ajax/libs/bootstrap/4.6.0/css/bootstrap.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 19 Jun 2025 05:32:51 GMT
content-type: text/css; charset=utf-8
content-length: 17764
cf-ray: 9520a5f889db56c3-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60f698d0-4564"
last-modified: Tue, 20 Jul 2021 09:35:12 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 35643
expires: Tue, 09 Jun 2026 05:32:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xfWy27cFcrHOEJHG0gQOf7CpG5rtwmZmYLi9uoerCVRXRZtWtlYeaEMB8e76WLmnwdqjsFa%2BgpY8bAjZFyMaCyqmueilEZC%2FJJZHWY8rtky4KgiquoROEHUqcYP1yw6AH8Mf74V7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

104.17.24.14

200 OK

37 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://heineken%2Enl@linkwp.cc/LyBDtgsY/?koelbox-heineken-zomeractie.html
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (372)
Size
37 kB (37414 bytes)
Hash
c495654869785bc3df60216616814ad1
0140952c64e3f2b74ef64e050f2fe86eab6624c8
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 19 Jun 2025 05:32:51 GMT
content-type: text/css; charset=utf-8
content-length: 5884
cf-ray: 9520a5f889da56c3-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-9226"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 778612
expires: Tue, 09 Jun 2026 05:32:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RlgEV1QPYaa3xB0wbqzb8oupmL9q%2B5%2F8f%2BaHvpVCTTPnHkruXlUCtfOP%2BiNkWEp%2FkgZ0axHgjg4hAND223uylj8tg%2FBQ9hsaG65VtUpNvgFoJKvBBRQ2Q9pRTDgAVAcZJB%2Bmgm6b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type