Report - dik.si/fnbpayout

Report Overview

Submitted URL
dik.si/fnbpayout
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 13:02:15
Access
public
Website Title
Diksi
Final URL
dik.si/fnbpayout
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-18	826 B	172 kB	142.250.74.168
dik.si	unknown	2020-08-01	2020-08-02	2024-03-21	12 kB	1.1 MB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-18 13:01:49	low	Client IP	188.114.96.1	ET INFO Observed URL Shortening Service Domain (dik .si in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	dik.si	Sinkholed
2024-04-18	medium	dik.si	Sinkholed
2024-04-18	medium	dik.si	Sinkholed
2024-04-18	medium	dik.si	Sinkholed
2024-04-18	medium	dik.si	Sinkholed
2024-04-18	medium	dik.si	Sinkholed
2024-04-18	medium	dik.si	Sinkholed
2024-04-18	medium	dik.si	Sinkholed
2024-04-18	medium	dik.si	Sinkholed
2024-04-18	medium	dik.si	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=AW-464971556	212 kB	2024-04-18	2024-04-18
Pretty URL www.googletagmanager.com/gtag/js?id=AW-464971556 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 15:02:16 Last Seen2024-04-18 15:02:16 Times Seen2 Hash f3ebe70b67d71ee1a852ed279abe87ea f5ec7009f4cf5eea50326a2d43ebb57dc0c5394e da87eca15fff5db73f674df2ffbca4e4cef675214071d57f6d1c3a9940ec1775 Loading...

	www.googletagmanager.com/gtag/js?id=G-872PZL4RZW	271 kB	2024-04-18	2024-04-18
Pretty URL www.googletagmanager.com/gtag/js?id=G-872PZL4RZW IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 15:02:16 Last Seen2024-04-18 15:02:16 Times Seen2 Hash 6c93bba5538e61afeeb1341d14688f0a 0feff2d435f0cbf2c38a311040fbdaae64f770a3 95c4958f6699d1f762febf0bda1ad7b90e2c5b1bf3199e65b482a591276cefdf Loading...

	dik.si/build/assets/main.af18942f.js	970 kB	2023-11-07	2024-04-18
Pretty URL dik.si/build/assets/main.af18942f.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-07 02:02:43 Last Seen2024-04-18 15:02:16 Times Seen5 Hash 1c5a9ad2b51471f62b85e44a36e7c6dc fab4bcf3c794d395e6cddf5e44c5c7878b0fc92b a07b0bdae8052408cbebb07c216361d6af170fcd59cbe4e0eed79df803e762d3 Loading...

	unknown	247 B	2024-04-18	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 15:02:16 Last Seen2024-04-18 15:02:16 Times Seen1 Hash 9e1b268c8ce34a5419f8f727318aeea1 152af130bd578c28bcf6e1f60da268a7c391a40f 9d688c46e73d5231c7d9b7f8e38c3f361e65224f1c666a5dbdf3758377cf561e Loading...

	dik.si/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.8 kB	2024-04-18	2024-04-18
Pretty URL dik.si/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 15:02:16 Last Seen2024-04-18 15:02:16 Times Seen2 Hash fd4137832ec1e1bb75dfdec0dacdde65 b6bab740894b6a499611de7ef2ac68cf91cef54c 681bda522836474984887666fd795a11f16c2e47984b00aeef24d7892ef125ba Loading...

	dik.si/fnbpayout	176 B	2023-03-10	2024-04-18
Pretty URL dik.si/fnbpayout IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 03:28:41 Last Seen2024-04-18 15:02:16 Times Seen11 Hash d8babd30d3312986373d0b682979fa1b a549594d5aae07645af66610dd298c85d3e8ce10 6594bf1528fa74f5db4f68b3e63685d42dee0810387c69156ce3bd8bd08cc006 Loading...

	dik.si/fnbpayout	42 kB	2024-04-18	2024-04-18
Pretty URL dik.si/fnbpayout IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 15:02:16 Last Seen2024-04-18 15:02:16 Times Seen1 Hash 24ab3539552cf97dacafe5a3fa11e501 abb9c8e63e9e53395556b65ac1d17667c3f8539a 58af223ebc2ca19e87f96f684644b7658c720fb248d0d629127b55a0e25ea575 Loading...

	dik.si/fnbpayout	1.1 kB	2024-04-18	2024-04-18
Pretty URL dik.si/fnbpayout IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 15:02:16 Last Seen2024-04-18 15:02:16 Times Seen1 Hash cfebc0ae6034ba85862baa031adfe27c 2fc3b3790a16eeb5defb5e4f163cfb77a30e0751 9b25f49fd412c798d1d448c601827e2da07fff9b62ee5e5df02f454cf7728236 Loading...

HTTP Transactions (12)

URL IP Response Size

www.googletagmanager.com/gtag/js?id=AW-464971556

142.250.74.168

200 OK

77 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=AW-464971556
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://dik.si/fnbpayout
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (2165)
Size
77 kB (77119 bytes)
Hash
f3ebe70b67d71ee1a852ed279abe87ea
f5ec7009f4cf5eea50326a2d43ebb57dc0c5394e
da87eca15fff5db73f674df2ffbca4e4cef675214071d57f6d1c3a9940ec1775

HTTP Headers

GET /gtag/js?id=AW-464971556 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dik.si/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 13:01:50 GMT
expires: Thu, 18 Apr 2024 13:01:50 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77119
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-872PZL4RZW

142.250.74.168

200 OK

94 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-872PZL4RZW
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://dik.si/fnbpayout
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
94 kB (93765 bytes)
Hash
6c93bba5538e61afeeb1341d14688f0a
0feff2d435f0cbf2c38a311040fbdaae64f770a3
95c4958f6699d1f762febf0bda1ad7b90e2c5b1bf3199e65b482a591276cefdf

HTTP Headers

GET /gtag/js?id=G-872PZL4RZW HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dik.si/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 13:01:50 GMT
expires: Thu, 18 Apr 2024 13:01:50 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93765
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dik.si/fnbpayout

188.114.96.1

200 OK

29 kB

URL User Request GET HTTP/2
dik.si/fnbpayout
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectdik.si
FingerprintB1:6B:48:01:F3:DC:F0:5F:7D:74:70:DF:89:BB:EA:8B:08:A9:B4:DC
ValidityWed, 21 Feb 2024 16:43:21 GMT - Tue, 21 May 2024 16:43:20 GMT

File type
HTML document, ASCII text, with very long lines (41766)
Size
29 kB (29309 bytes)
Hash
40ce99de7a84f413148d44452cf96ca6
f5975b4c8dc992a6afa88fb681c88c19c866f4ac
96b418a9b75434cab607053a353a45ca60d29f440fd9b3eefc128c2fa5dd220d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fnbpayout HTTP/1.1
Host: dik.si
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:01:50 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InFmK1RwRE13YTRSRlJTcEVscllTaFE9PSIsInZhbHVlIjoiMFRlU2FsU0x6YzZOVUVpbTJYQjdJbFBRcnQrWkVyd0YrMEFBZHR2RTF6NytkeHVkWm9TRE5mcGJ2empwb1FiT2JwYlZqbFlWWkxOcmNqdTdRaVBDRVhPUmcyUzRIbVZmZzU0ZWRheVF2YnpEVmlSRWtJR0JaQ1hDMUFoeU5KU0siLCJtYWMiOiIyNGE3N2I4NGVhOGY2YzNlYTVjYWIzYjY5ZWI2ZTQ2MTVlNWJjOTU0ZmU3YmI3MjdjMGRiZGFhMWVjNDViNjZmIiwidGFnIjoiIn0%3D; expires=Thu, 18-Apr-2024 15:01:50 GMT; Max-Age=7200; path=/; samesite=lax
diksi_session=eyJpdiI6IkR0K3poK0JPdDBxdzF3dFdaVXZVUGc9PSIsInZhbHVlIjoiOXRrRUw1QUVwR3ZsN0tNSU9lRXhvcTlIa2F0Q3RqYkt2TWFJNnlzOFd6MHZNNHlVdG9CZEY4c21mdnY1VmJneWdIbnFRRnNaSHd6NWNrVjl1NTlRWVJwaHZzUUgydjlSaXliQkRjNGpJdTJUc1ZaQk1zd2IwSENMMXVhSFFSdTYiLCJtYWMiOiI5NTliNTY3NzI3ZjI1MDFjMjIzOTBlMDBmYjMwYmFmZmRiYWNmMmE1YWE1OTQzM2VkMjQ2YTJhOWY0MTVhMzMyIiwidGFnIjoiIn0%3D; expires=Thu, 18-Apr-2024 15:01:50 GMT; Max-Age=7200; path=/; httponly; samesite=lax
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MQt6I3Smop71%2FL9iRlEHO6lUb2bd2vrm3%2FkSJX8xnj%2B83UIPpZ9sqpDhnEulhxgh%2BcKFTmT0%2Fmm0xA3ArW1eQSKW1CInl9ama2ROOtBMIrgmZcPak%2FzZWtU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8764d87e3a795689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

dik.si/favicon/icon-144x144.png

188.114.96.1

200 OK

1.4 kB

URL GET HTTP/3
dik.si/favicon/icon-144x144.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dik.si/fnbpayout
Certificate
IssuerLet's Encrypt
Subjectdik.si
FingerprintB1:6B:48:01:F3:DC:F0:5F:7D:74:70:DF:89:BB:EA:8B:08:A9:B4:DC
ValidityWed, 21 Feb 2024 16:43:21 GMT - Tue, 21 May 2024 16:43:20 GMT

File type
PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced
Size
1.4 kB (1369 bytes)
Hash
fac17b0b38a540a190305f0705215558
26f69e7a177ea2803da9addb4032bd0f0db64b0b
10b25aaa8e1cc66b5e0160020e2932233a27c44f19abc75ff8e433b5e43b6b0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon/icon-144x144.png HTTP/1.1
Host: dik.si
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dik.si/fnbpayout
Cookie: XSRF-TOKEN=eyJpdiI6InFmK1RwRE13YTRSRlJTcEVscllTaFE9PSIsInZhbHVlIjoiMFRlU2FsU0x6YzZOVUVpbTJYQjdJbFBRcnQrWkVyd0YrMEFBZHR2RTF6NytkeHVkWm9TRE5mcGJ2empwb1FiT2JwYlZqbFlWWkxOcmNqdTdRaVBDRVhPUmcyUzRIbVZmZzU0ZWRheVF2YnpEVmlSRWtJR0JaQ1hDMUFoeU5KU0siLCJtYWMiOiIyNGE3N2I4NGVhOGY2YzNlYTVjYWIzYjY5ZWI2ZTQ2MTVlNWJjOTU0ZmU3YmI3MjdjMGRiZGFhMWVjNDViNjZmIiwidGFnIjoiIn0%3D; diksi_session=eyJpdiI6IkR0K3poK0JPdDBxdzF3dFdaVXZVUGc9PSIsInZhbHVlIjoiOXRrRUw1QUVwR3ZsN0tNSU9lRXhvcTlIa2F0Q3RqYkt2TWFJNnlzOFd6MHZNNHlVdG9CZEY4c21mdnY1VmJneWdIbnFRRnNaSHd6NWNrVjl1NTlRWVJwaHZzUUgydjlSaXliQkRjNGpJdTJUc1ZaQk1zd2IwSENMMXVhSFFSdTYiLCJtYWMiOiI5NTliNTY3NzI3ZjI1MDFjMjIzOTBlMDBmYjMwYmFmZmRiYWNmMmE1YWE1OTQzM2VkMjQ2YTJhOWY0MTVhMzMyIiwidGFnIjoiIn0%3D; _gcl_au=1.1.1892417297.1713445311; _ga_872PZL4RZW=GS1.1.1713445310.1.0.1713445310.0.0.0; _ga=GA1.1.1708644027.1713445311
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:01:51 GMT
content-type: image/png
content-length: 1369
last-modified: Sat, 20 Jan 2024 09:05:18 GMT
etag: "559-60f5ce546c239"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1328
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8yJ%2Buyxt3eHoUXr15z0hUIAw97ei5SfDCbTWu2C%2BKMAH3ILNK66j32gDg8Qc7IBg07207Si%2FfDL7A8spBok8aYLJxmJQkuKJ%2BoMPtWGhJfHRvaY9nmbbB1k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764d88e3db70b61-OSL
alt-svc: h3=":443"; ma=86400

dik.si/favicon/icon-192x192.png

188.114.96.1

200 OK

2.1 kB

URL GET HTTP/3
dik.si/favicon/icon-192x192.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dik.si/fnbpayout
Certificate
IssuerLet's Encrypt
Subjectdik.si
FingerprintB1:6B:48:01:F3:DC:F0:5F:7D:74:70:DF:89:BB:EA:8B:08:A9:B4:DC
ValidityWed, 21 Feb 2024 16:43:21 GMT - Tue, 21 May 2024 16:43:20 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
2.1 kB (2106 bytes)
Hash
09d4e64da0f0ddb21363805bf8266513
1b10bdbbda0c85754a175a6c5c432dca0c5bd4be
7d3e419309a4bb97610250d3148d4ce73ae7b4fce0c3eaec55eda7f57eb47d1c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon/icon-192x192.png HTTP/1.1
Host: dik.si
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dik.si/fnbpayout
Cookie: XSRF-TOKEN=eyJpdiI6InFmK1RwRE13YTRSRlJTcEVscllTaFE9PSIsInZhbHVlIjoiMFRlU2FsU0x6YzZOVUVpbTJYQjdJbFBRcnQrWkVyd0YrMEFBZHR2RTF6NytkeHVkWm9TRE5mcGJ2empwb1FiT2JwYlZqbFlWWkxOcmNqdTdRaVBDRVhPUmcyUzRIbVZmZzU0ZWRheVF2YnpEVmlSRWtJR0JaQ1hDMUFoeU5KU0siLCJtYWMiOiIyNGE3N2I4NGVhOGY2YzNlYTVjYWIzYjY5ZWI2ZTQ2MTVlNWJjOTU0ZmU3YmI3MjdjMGRiZGFhMWVjNDViNjZmIiwidGFnIjoiIn0%3D; diksi_session=eyJpdiI6IkR0K3poK0JPdDBxdzF3dFdaVXZVUGc9PSIsInZhbHVlIjoiOXRrRUw1QUVwR3ZsN0tNSU9lRXhvcTlIa2F0Q3RqYkt2TWFJNnlzOFd6MHZNNHlVdG9CZEY4c21mdnY1VmJneWdIbnFRRnNaSHd6NWNrVjl1NTlRWVJwaHZzUUgydjlSaXliQkRjNGpJdTJUc1ZaQk1zd2IwSENMMXVhSFFSdTYiLCJtYWMiOiI5NTliNTY3NzI3ZjI1MDFjMjIzOTBlMDBmYjMwYmFmZmRiYWNmMmE1YWE1OTQzM2VkMjQ2YTJhOWY0MTVhMzMyIiwidGFnIjoiIn0%3D; _gcl_au=1.1.1892417297.1713445311; _ga_872PZL4RZW=GS1.1.1713445310.1.0.1713445310.0.0.0; _ga=GA1.1.1708644027.1713445311
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:01:52 GMT
content-type: image/png
content-length: 2106
last-modified: Sat, 20 Jan 2024 09:05:18 GMT
etag: "83a-60f5ce546f8e9"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ilJAnBoKNxTmRoWmGm80dNwnPhYZi4%2Fi0afqrLV8K%2FBtMBEebVDdpP75Wezv%2Fx%2FhzpNMQqhD4aDyxyy60ymShjWizu6UMtUVw4XPrtjr355ObFv4AjX%2BSiE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764d88e3db50b61-OSL
alt-svc: h3=":443"; ma=86400

dik.si/build/assets/404-2.14c4a897.png

188.114.96.1

5.9 kB

URL GET
dik.si/build/assets/404-2.14c4a897.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

Requested by
https://dik.si/fnbpayout
Certificate
IssuerLet's Encrypt
Subjectdik.si
FingerprintB1:6B:48:01:F3:DC:F0:5F:7D:74:70:DF:89:BB:EA:8B:08:A9:B4:DC
ValidityWed, 21 Feb 2024 16:43:21 GMT - Tue, 21 May 2024 16:43:20 GMT

File type
PNG image data, 516 x 190, 8-bit/color RGBA, non-interlaced
Size
5.9 kB (5924 bytes)
Hash
dc42df7f2447d30eb00c6157206dfb6e
632a616dd32cf1cfa4b9ced501287239aeedbbf5
14c4a897cdea748534b6788293935781e687fada8e1727148592878a454292f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /build/assets/404-2.14c4a897.png HTTP/1.1
Host: dik.si
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dik.si/fnbpayout
Cookie: XSRF-TOKEN=eyJpdiI6InFmK1RwRE13YTRSRlJTcEVscllTaFE9PSIsInZhbHVlIjoiMFRlU2FsU0x6YzZOVUVpbTJYQjdJbFBRcnQrWkVyd0YrMEFBZHR2RTF6NytkeHVkWm9TRE5mcGJ2empwb1FiT2JwYlZqbFlWWkxOcmNqdTdRaVBDRVhPUmcyUzRIbVZmZzU0ZWRheVF2YnpEVmlSRWtJR0JaQ1hDMUFoeU5KU0siLCJtYWMiOiIyNGE3N2I4NGVhOGY2YzNlYTVjYWIzYjY5ZWI2ZTQ2MTVlNWJjOTU0ZmU3YmI3MjdjMGRiZGFhMWVjNDViNjZmIiwidGFnIjoiIn0%3D; diksi_session=eyJpdiI6IkR0K3poK0JPdDBxdzF3dFdaVXZVUGc9PSIsInZhbHVlIjoiOXRrRUw1QUVwR3ZsN0tNSU9lRXhvcTlIa2F0Q3RqYkt2TWFJNnlzOFd6MHZNNHlVdG9CZEY4c21mdnY1VmJneWdIbnFRRnNaSHd6NWNrVjl1NTlRWVJwaHZzUUgydjlSaXliQkRjNGpJdTJUc1ZaQk1zd2IwSENMMXVhSFFSdTYiLCJtYWMiOiI5NTliNTY3NzI3ZjI1MDFjMjIzOTBlMDBmYjMwYmFmZmRiYWNmMmE1YWE1OTQzM2VkMjQ2YTJhOWY0MTVhMzMyIiwidGFnIjoiIn0%3D; _gcl_au=1.1.1892417297.1713445311; _ga_872PZL4RZW=GS1.1.1713445310.1.0.1713445310.0.0.0; _ga=GA1.1.1708644027.1713445311
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:01:52 GMT
content-type: image/png
content-length: 5924
last-modified: Fri, 14 Jul 2023 09:48:32 GMT
etag: "1724-6006f5a065c00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1330
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xqFhtGlfOuGD81VgTuwwFqb1dln1TsFgOfFWigUvSCcS1sZsr2zksg1BITr93Bw3oP8HuAQgnb8LMEfq28pDzFfBAP0Yy6SOnTpWgkudbqtYHpWiDXRAgcw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764d892ca840b61-OSL
alt-svc: h3=":443"; ma=86400

dik.si/build/assets/404-1.176145e9.png

188.114.96.1

200 OK

19 kB

URL GET HTTP/3
dik.si/build/assets/404-1.176145e9.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dik.si/fnbpayout
Certificate
IssuerLet's Encrypt
Subjectdik.si
FingerprintB1:6B:48:01:F3:DC:F0:5F:7D:74:70:DF:89:BB:EA:8B:08:A9:B4:DC
ValidityWed, 21 Feb 2024 16:43:21 GMT - Tue, 21 May 2024 16:43:20 GMT

File type
PNG image data, 539 x 400, 8-bit/color RGBA, non-interlaced
Size
19 kB (18917 bytes)
Hash
09ac461516dda937afcbc9a3b623c54d
3990c87ffeedf00b5208a5d1a42460940fcb3a11
176145e91b05856cfdd1fc405af37c35250c80e971908be988f3f73657c9c93b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /build/assets/404-1.176145e9.png HTTP/1.1
Host: dik.si
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dik.si/fnbpayout
Cookie: XSRF-TOKEN=eyJpdiI6InFmK1RwRE13YTRSRlJTcEVscllTaFE9PSIsInZhbHVlIjoiMFRlU2FsU0x6YzZOVUVpbTJYQjdJbFBRcnQrWkVyd0YrMEFBZHR2RTF6NytkeHVkWm9TRE5mcGJ2empwb1FiT2JwYlZqbFlWWkxOcmNqdTdRaVBDRVhPUmcyUzRIbVZmZzU0ZWRheVF2YnpEVmlSRWtJR0JaQ1hDMUFoeU5KU0siLCJtYWMiOiIyNGE3N2I4NGVhOGY2YzNlYTVjYWIzYjY5ZWI2ZTQ2MTVlNWJjOTU0ZmU3YmI3MjdjMGRiZGFhMWVjNDViNjZmIiwidGFnIjoiIn0%3D; diksi_session=eyJpdiI6IkR0K3poK0JPdDBxdzF3dFdaVXZVUGc9PSIsInZhbHVlIjoiOXRrRUw1QUVwR3ZsN0tNSU9lRXhvcTlIa2F0Q3RqYkt2TWFJNnlzOFd6MHZNNHlVdG9CZEY4c21mdnY1VmJneWdIbnFRRnNaSHd6NWNrVjl1NTlRWVJwaHZzUUgydjlSaXliQkRjNGpJdTJUc1ZaQk1zd2IwSENMMXVhSFFSdTYiLCJtYWMiOiI5NTliNTY3NzI3ZjI1MDFjMjIzOTBlMDBmYjMwYmFmZmRiYWNmMmE1YWE1OTQzM2VkMjQ2YTJhOWY0MTVhMzMyIiwidGFnIjoiIn0%3D; _gcl_au=1.1.1892417297.1713445311; _ga_872PZL4RZW=GS1.1.1713445310.1.0.1713445310.0.0.0; _ga=GA1.1.1708644027.1713445311
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:01:52 GMT
content-type: image/png
content-length: 18917
last-modified: Fri, 14 Jul 2023 09:48:32 GMT
etag: "49e5-6006f5a065c00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1330
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fndZSbTzbrnT1jrElqYMrw9H0tLlDjKuPGMohz5DSJshtcN5%2BGuSJO73rwk3FzguZhRoZa3DQZTiXO2gwUdOMk3zw2BW0pb6gt9LI39kSTOU8HigAhdfX24%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764d892ca880b61-OSL
alt-svc: h3=":443"; ma=86400

dik.si/cdn-cgi/challenge-platform/scripts/jsd/main.js

188.114.96.1

302 Found

0 B

URL GET HTTP/3
dik.si/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dik.si/fnbpayout
Certificate
IssuerLet's Encrypt
Subjectdik.si
FingerprintB1:6B:48:01:F3:DC:F0:5F:7D:74:70:DF:89:BB:EA:8B:08:A9:B4:DC
ValidityWed, 21 Feb 2024 16:43:21 GMT - Tue, 21 May 2024 16:43:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: dik.si
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InFmK1RwRE13YTRSRlJTcEVscllTaFE9PSIsInZhbHVlIjoiMFRlU2FsU0x6YzZOVUVpbTJYQjdJbFBRcnQrWkVyd0YrMEFBZHR2RTF6NytkeHVkWm9TRE5mcGJ2empwb1FiT2JwYlZqbFlWWkxOcmNqdTdRaVBDRVhPUmcyUzRIbVZmZzU0ZWRheVF2YnpEVmlSRWtJR0JaQ1hDMUFoeU5KU0siLCJtYWMiOiIyNGE3N2I4NGVhOGY2YzNlYTVjYWIzYjY5ZWI2ZTQ2MTVlNWJjOTU0ZmU3YmI3MjdjMGRiZGFhMWVjNDViNjZmIiwidGFnIjoiIn0%3D; diksi_session=eyJpdiI6IkR0K3poK0JPdDBxdzF3dFdaVXZVUGc9PSIsInZhbHVlIjoiOXRrRUw1QUVwR3ZsN0tNSU9lRXhvcTlIa2F0Q3RqYkt2TWFJNnlzOFd6MHZNNHlVdG9CZEY4c21mdnY1VmJneWdIbnFRRnNaSHd6NWNrVjl1NTlRWVJwaHZzUUgydjlSaXliQkRjNGpJdTJUc1ZaQk1zd2IwSENMMXVhSFFSdTYiLCJtYWMiOiI5NTliNTY3NzI3ZjI1MDFjMjIzOTBlMDBmYjMwYmFmZmRiYWNmMmE1YWE1OTQzM2VkMjQ2YTJhOWY0MTVhMzMyIiwidGFnIjoiIn0%3D; _gcl_au=1.1.1892417297.1713445311; _ga_872PZL4RZW=GS1.1.1713445310.1.0.1713445310.0.0.0; _ga=GA1.1.1708644027.1713445311
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Thu, 18 Apr 2024 13:01:52 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
cache-control: max-age=300, public
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M1IpTAL%2BbGCsv5NZyw%2Blbu5wObMmFVgUwkIzSODU1cfgOUeUpe8i6v%2BnCA3mfAtQwKRqR2OGPU3WN4e1LuRdYXSX8N6elFRZKBrM7ve5V6lHcG%2Fmivzbc7Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764d892da9d0b61-OSL
alt-svc: h3=":443"; ma=86400

dik.si/cdn-cgi/challenge-platform/h/g/jsd/r/8764d87e3a795689

188.114.96.1

200 OK

0 B

URL POST HTTP/3
dik.si/cdn-cgi/challenge-platform/h/g/jsd/r/8764d87e3a795689
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dik.si/fnbpayout
Certificate
IssuerLet's Encrypt
Subjectdik.si
FingerprintB1:6B:48:01:F3:DC:F0:5F:7D:74:70:DF:89:BB:EA:8B:08:A9:B4:DC
ValidityWed, 21 Feb 2024 16:43:21 GMT - Tue, 21 May 2024 16:43:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/jsd/r/8764d87e3a795689 HTTP/1.1
Host: dik.si
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12122
Origin: https://dik.si
DNT: 1
Connection: keep-alive
Referer: https://dik.si/fnbpayout
Cookie: XSRF-TOKEN=eyJpdiI6InFmK1RwRE13YTRSRlJTcEVscllTaFE9PSIsInZhbHVlIjoiMFRlU2FsU0x6YzZOVUVpbTJYQjdJbFBRcnQrWkVyd0YrMEFBZHR2RTF6NytkeHVkWm9TRE5mcGJ2empwb1FiT2JwYlZqbFlWWkxOcmNqdTdRaVBDRVhPUmcyUzRIbVZmZzU0ZWRheVF2YnpEVmlSRWtJR0JaQ1hDMUFoeU5KU0siLCJtYWMiOiIyNGE3N2I4NGVhOGY2YzNlYTVjYWIzYjY5ZWI2ZTQ2MTVlNWJjOTU0ZmU3YmI3MjdjMGRiZGFhMWVjNDViNjZmIiwidGFnIjoiIn0%3D; diksi_session=eyJpdiI6IkR0K3poK0JPdDBxdzF3dFdaVXZVUGc9PSIsInZhbHVlIjoiOXRrRUw1QUVwR3ZsN0tNSU9lRXhvcTlIa2F0Q3RqYkt2TWFJNnlzOFd6MHZNNHlVdG9CZEY4c21mdnY1VmJneWdIbnFRRnNaSHd6NWNrVjl1NTlRWVJwaHZzUUgydjlSaXliQkRjNGpJdTJUc1ZaQk1zd2IwSENMMXVhSFFSdTYiLCJtYWMiOiI5NTliNTY3NzI3ZjI1MDFjMjIzOTBlMDBmYjMwYmFmZmRiYWNmMmE1YWE1OTQzM2VkMjQ2YTJhOWY0MTVhMzMyIiwidGFnIjoiIn0%3D; _gcl_au=1.1.1892417297.1713445311; _ga_872PZL4RZW=GS1.1.1713445310.1.0.1713445310.0.0.0; _ga=GA1.1.1708644027.1713445311
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:01:52 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=3M_yepued.Ebs526.KXHEAoDVA1VWg7vb3DnJK_dYY8-1713445312-1.0.1.1-lTFQdKfgg1P4cLvCKtqY2CscatArHfkioMbw5kcgpgHQqI4TjzzBR0jX.fgJx4sShtP65mVjcN4enAJZT.bmBQ; path=/; expires=Fri, 18-Apr-25 13:01:52 GMT; domain=.dik.si; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=12MTOLVNRIpRxyc2%2F8sIv%2BcqQk%2Feeb9hY%2FmFfAlt1leMYt%2BXNMCs3Qf%2FPbVddbYGDpAli%2BJxdbb3tiUzLK5HLZaAE0Em47HKY0wOTSFVvrOEBm2kn7Pbs2k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8764d893cba30b61-OSL
alt-svc: h3=":443"; ma=86400

dik.si/build/assets/main.9e8f57d4.css

188.114.96.1

200 OK

82 kB

URL GET HTTP/3
dik.si/build/assets/main.9e8f57d4.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dik.si/fnbpayout
Certificate
IssuerLet's Encrypt
Subjectdik.si
FingerprintB1:6B:48:01:F3:DC:F0:5F:7D:74:70:DF:89:BB:EA:8B:08:A9:B4:DC
ValidityWed, 21 Feb 2024 16:43:21 GMT - Tue, 21 May 2024 16:43:20 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
82 kB (81705 bytes)
Hash
cf8a039f1ce68ef0ea967248395c3137
f664725d3a3aaecab83f45b5a6a8f495e68b41af
0fb51fe2c423d3b646e80616d2e6ea0f7e387f6d9bbd07cfb38da0cda795c14f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /build/assets/main.9e8f57d4.css HTTP/1.1
Host: dik.si
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dik.si/fnbpayout
Cookie: XSRF-TOKEN=eyJpdiI6InFmK1RwRE13YTRSRlJTcEVscllTaFE9PSIsInZhbHVlIjoiMFRlU2FsU0x6YzZOVUVpbTJYQjdJbFBRcnQrWkVyd0YrMEFBZHR2RTF6NytkeHVkWm9TRE5mcGJ2empwb1FiT2JwYlZqbFlWWkxOcmNqdTdRaVBDRVhPUmcyUzRIbVZmZzU0ZWRheVF2YnpEVmlSRWtJR0JaQ1hDMUFoeU5KU0siLCJtYWMiOiIyNGE3N2I4NGVhOGY2YzNlYTVjYWIzYjY5ZWI2ZTQ2MTVlNWJjOTU0ZmU3YmI3MjdjMGRiZGFhMWVjNDViNjZmIiwidGFnIjoiIn0%3D; diksi_session=eyJpdiI6IkR0K3poK0JPdDBxdzF3dFdaVXZVUGc9PSIsInZhbHVlIjoiOXRrRUw1QUVwR3ZsN0tNSU9lRXhvcTlIa2F0Q3RqYkt2TWFJNnlzOFd6MHZNNHlVdG9CZEY4c21mdnY1VmJneWdIbnFRRnNaSHd6NWNrVjl1NTlRWVJwaHZzUUgydjlSaXliQkRjNGpJdTJUc1ZaQk1zd2IwSENMMXVhSFFSdTYiLCJtYWMiOiI5NTliNTY3NzI3ZjI1MDFjMjIzOTBlMDBmYjMwYmFmZmRiYWNmMmE1YWE1OTQzM2VkMjQ2YTJhOWY0MTVhMzMyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:01:50 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=82319
etag: W/"1418f-6006f5a065c00-gzip"
last-modified: Fri, 14 Jul 2023 09:48:32 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1331
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kPGNTaIMMsO%2BEfxyjni7iZZ%2B%2BZtTJs3OnQHy0rqjlqCpn%2BQIh812NxnI4A5Sd9MnIx0a5CagfRUYTlrUXJOpVQiO9XbOAAR0w%2FkvP5tYMkLs%2FjOn5Xp9RsU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8764d8860cbf0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dik.si/build/assets/main.af18942f.js

188.114.96.1

200 OK

970 kB

URL GET HTTP/3
dik.si/build/assets/main.af18942f.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dik.si/fnbpayout
Certificate
IssuerLet's Encrypt
Subjectdik.si
FingerprintB1:6B:48:01:F3:DC:F0:5F:7D:74:70:DF:89:BB:EA:8B:08:A9:B4:DC
ValidityWed, 21 Feb 2024 16:43:21 GMT - Tue, 21 May 2024 16:43:20 GMT

File type

Size
970 kB (969717 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /build/assets/main.af18942f.js HTTP/1.1
Host: dik.si
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dik.si/fnbpayout
Cookie: XSRF-TOKEN=eyJpdiI6InFmK1RwRE13YTRSRlJTcEVscllTaFE9PSIsInZhbHVlIjoiMFRlU2FsU0x6YzZOVUVpbTJYQjdJbFBRcnQrWkVyd0YrMEFBZHR2RTF6NytkeHVkWm9TRE5mcGJ2empwb1FiT2JwYlZqbFlWWkxOcmNqdTdRaVBDRVhPUmcyUzRIbVZmZzU0ZWRheVF2YnpEVmlSRWtJR0JaQ1hDMUFoeU5KU0siLCJtYWMiOiIyNGE3N2I4NGVhOGY2YzNlYTVjYWIzYjY5ZWI2ZTQ2MTVlNWJjOTU0ZmU3YmI3MjdjMGRiZGFhMWVjNDViNjZmIiwidGFnIjoiIn0%3D; diksi_session=eyJpdiI6IkR0K3poK0JPdDBxdzF3dFdaVXZVUGc9PSIsInZhbHVlIjoiOXRrRUw1QUVwR3ZsN0tNSU9lRXhvcTlIa2F0Q3RqYkt2TWFJNnlzOFd6MHZNNHlVdG9CZEY4c21mdnY1VmJneWdIbnFRRnNaSHd6NWNrVjl1NTlRWVJwaHZzUUgydjlSaXliQkRjNGpJdTJUc1ZaQk1zd2IwSENMMXVhSFFSdTYiLCJtYWMiOiI5NTliNTY3NzI3ZjI1MDFjMjIzOTBlMDBmYjMwYmFmZmRiYWNmMmE1YWE1OTQzM2VkMjQ2YTJhOWY0MTVhMzMyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:01:51 GMT
content-type: application/javascript
last-modified: Fri, 14 Jul 2023 09:48:32 GMT
etag: W/"ecbf5-6006f5a065c00-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h8l8WatLHGx7uNU%2Bj7YeKxqgpcZHSQA08vBIYwxNwmpOWY2LQBNPTqO%2BVVuifaOCkkV8Xqzq5hyuSHn4RnqO6NN1WhwG%2FoNPRHHpsTP0luWCSugVgrWwdVU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8764d8860cc30b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dik.si/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js

188.114.96.1

200 OK

7.8 kB

URL GET HTTP/3
dik.si/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dik.si/fnbpayout
Certificate
IssuerLet's Encrypt
Subjectdik.si
FingerprintB1:6B:48:01:F3:DC:F0:5F:7D:74:70:DF:89:BB:EA:8B:08:A9:B4:DC
ValidityWed, 21 Feb 2024 16:43:21 GMT - Tue, 21 May 2024 16:43:20 GMT

File type
JavaScript source, ASCII text, with very long lines (7849), with no line terminators
Size
7.8 kB (7849 bytes)
Hash
fd4137832ec1e1bb75dfdec0dacdde65
b6bab740894b6a499611de7ef2ac68cf91cef54c
681bda522836474984887666fd795a11f16c2e47984b00aeef24d7892ef125ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js HTTP/1.1
Host: dik.si
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InFmK1RwRE13YTRSRlJTcEVscllTaFE9PSIsInZhbHVlIjoiMFRlU2FsU0x6YzZOVUVpbTJYQjdJbFBRcnQrWkVyd0YrMEFBZHR2RTF6NytkeHVkWm9TRE5mcGJ2empwb1FiT2JwYlZqbFlWWkxOcmNqdTdRaVBDRVhPUmcyUzRIbVZmZzU0ZWRheVF2YnpEVmlSRWtJR0JaQ1hDMUFoeU5KU0siLCJtYWMiOiIyNGE3N2I4NGVhOGY2YzNlYTVjYWIzYjY5ZWI2ZTQ2MTVlNWJjOTU0ZmU3YmI3MjdjMGRiZGFhMWVjNDViNjZmIiwidGFnIjoiIn0%3D; diksi_session=eyJpdiI6IkR0K3poK0JPdDBxdzF3dFdaVXZVUGc9PSIsInZhbHVlIjoiOXRrRUw1QUVwR3ZsN0tNSU9lRXhvcTlIa2F0Q3RqYkt2TWFJNnlzOFd6MHZNNHlVdG9CZEY4c21mdnY1VmJneWdIbnFRRnNaSHd6NWNrVjl1NTlRWVJwaHZzUUgydjlSaXliQkRjNGpJdTJUc1ZaQk1zd2IwSENMMXVhSFFSdTYiLCJtYWMiOiI5NTliNTY3NzI3ZjI1MDFjMjIzOTBlMDBmYjMwYmFmZmRiYWNmMmE1YWE1OTQzM2VkMjQ2YTJhOWY0MTVhMzMyIiwidGFnIjoiIn0%3D; _gcl_au=1.1.1892417297.1713445311; _ga_872PZL4RZW=GS1.1.1713445310.1.0.1713445310.0.0.0; _ga=GA1.1.1708644027.1713445311
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:01:52 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
cache-control: max-age=14400, public
content-encoding: br
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u6KZ7dzAc6GwTnOtK8vp8iM2rNxVOOdR%2FddgdMMPTQ5wmCm9wp4Bqh9PzyPdnZRx40owomQVf2mxPIQp8QRyattMiRL5rYhMyLySzxlfSeEmXIsUo6CtY00%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8764d892fad30b61-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)