tgweb.lizy.free.hr
Open in
urlscan Pro
172.67.195.205
Malicious Activity!
Public Scan
Submission: On May 04 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by E1 on March 22nd 2024. Valid for: 3 months.
This is the only time tgweb.lizy.free.hr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 172.67.195.205 172.67.195.205 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
20 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
free.hr
tgweb.lizy.free.hr |
160 KB |
20 | 1 |
Domain | Requested by | |
---|---|---|
8 | tgweb.lizy.free.hr |
tgweb.lizy.free.hr
|
20 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
tgweb.lizy.free.hr E1 |
2024-03-22 - 2024-06-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://tgweb.lizy.free.hr/
Frame ID: 63A7CECEDD440693213755148BA48AE2
Requests: 17 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
tgweb.lizy.free.hr/ |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-04b2749c.js
tgweb.lizy.free.hr/ |
120 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-6aac8894.css
tgweb.lizy.free.hr/ |
409 KB 74 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mtproto.worker-6ae247c4.js
tgweb.lizy.free.hr/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
crypto.worker-b2b2021e.js
tgweb.lizy.free.hr/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
369 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
crypto.worker-b2b2021e.js
tgweb.lizy.free.hr/ |
67 KB 0 |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
tgweb.lizy.free.hr/assets/img/ |
15 KB 4 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
lang-28d42960.js
tgweb.lizy.free.hr/ |
97 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
langSign-66e8939d.js
tgweb.lizy.free.hr/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
countries-5301fc59.js
tgweb.lizy.free.hr/ |
24 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pageSignQR-e0d84ebb.js
tgweb.lizy.free.hr/ |
5 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
page-ea4c9cdd.js
tgweb.lizy.free.hr/ |
10 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
button-3c0412b5.js
tgweb.lizy.free.hr/ |
8 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
putPreloader-4fe8a20c.js
tgweb.lizy.free.hr/ |
699 B 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
textToSvgURL-c6ebb454.js
tgweb.lizy.free.hr/ |
357 B 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ee2ba7a9-a696-49ba-bd87-9c2c2e1f58b4
https://tgweb.lizy.free.hr/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
1ace5f74-d6c3-4d6c-b99c-64141531cf5d
https://tgweb.lizy.free.hr/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
f4648ffe-d18c-49df-91c1-fefff6e94c47
https://tgweb.lizy.free.hr/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
qr-code-styling-c40cd486.js
tgweb.lizy.free.hr/ |
65 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_padded.svg
tgweb.lizy.free.hr/assets/img/ |
1 KB 0 |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- tgweb.lizy.free.hr
- URL
- https://tgweb.lizy.free.hr/mtproto.worker-6ae247c4.js
- Domain
- tgweb.lizy.free.hr
- URL
- https://tgweb.lizy.free.hr/crypto.worker-b2b2021e.js
- Domain
- tgweb.lizy.free.hr
- URL
- blob:https://tgweb.lizy.free.hr/ee2ba7a9-a696-49ba-bd87-9c2c2e1f58b4
- Domain
- tgweb.lizy.free.hr
- URL
- blob:https://tgweb.lizy.free.hr/1ace5f74-d6c3-4d6c-b99c-64141531cf5d
- Domain
- tgweb.lizy.free.hr
- URL
- blob:https://tgweb.lizy.free.hr/f4648ffe-d18c-49df-91c1-fefff6e94c47
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| rootScope function| deferredPromise function| AppStorage object| stateStorage function| wrapUrl object| I18n object| webpWorkerController object| appStorage object| singleInstance object| webPushApiManager object| telegramMeWebManager object| opusDecodeController object| cryptoMessagePort object| mtprotoMessagePort object| serviceMessagePort object| apiManagerProxy function| calcImageInBox object| mediaSizes object| customProperties object| windowSize object| liteMode object| themeController object| overlayCounter function| formatDateAccordingToTodayNew function| fillTipDates function| dispatchHeavyAnimationEvent object| pagesManager object| sequentialDom function| putPreloader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
tgweb.lizy.free.hr
tgweb.lizy.free.hr
172.67.195.205
104c9f1ae4c343b710b6df2e418644ba0812b0f39c49b29bf11588ea392a1bec
1f3258e0c92a6c73c87419f6af9cf4ce331b604f6bcdbe845f9fb5811f6da989
387e9b77166bf84a9783ef5d61af9cd3f2cdba1d37b8a2c4cc941332a94da31c
44e19ddb86af319760d1e86051ff5dba6690d8909c69fc787ab608cb9e551779
48d812700c5555c6823724cb0ce93936e5067175e37a41b6f3edd1ceecea2bfc
58fafa3a075d804360271b6b081e9c3c46ba344659ef3cb10d5561afc1147448
62ba5e078c4aaa3ff5c8c24cb8216de89afaa7dd10bfd364a0396913bbd34663
6aac88943a428f295f9f139424f1a6cfa0de1759287cb920c94d7ad63aef4894
6caa6f0233ed52d8ad32ba75dafebea60b89e521901f1ca34257ba0b509f99bd
6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4
7235469cb623a7743647fa26290488cbe9104167af2e1f3958e4ee11fcd80f1f
7285632faf1a90db84b6da17536028924fd77630408e7ba20172637dd2b7fe32
7b4921656e143af35794b7fc9d4d23580fa232ffcf179bc8569317e424032d80
7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4
ef9e6d083d017fecd5ad109d556485b6b8a37f26a118f621ad144f9195f4bce7