| tgweb.lizy.free.hr/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 |  104.21.68.134 | 200 OK | 11 kB |
URL GET HTTP/3tgweb.lizy.free.hr/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11016, version 1.0 Hash15fa3062f8929bd3b05fdca5259db412 6ff06a34f68ad0324ddec1bbe4d453c959178b36 5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://tgweb.lizy.free.hr/index-6aac8894.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:32 GMT
content-type: font/woff2
content-length: 11016
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "741b4527b63febbccc571bad3f4f23cf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g8%2Fw7HzBMzutYXTF%2F93pmSmb2mx1R%2Bff9zEhZZdHngMq83noGrTj0bUMAorsdlvP5EziUllwSP%2B7cKT3RS3q1v8A3dD821BZORcZyQQYtdiv4Hx1t%2F%2FlBBL6CihkufOcofNo5t8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87ea6fcd6db97127-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/assets/img/favicon-16x16.png?v=jw3mK7G9Ry | 104.21.68.134 | 200 OK | 1.0 kB |
URL GET HTTP/3tgweb.lizy.free.hr/assets/img/favicon-16x16.png?v=jw3mK7G9Ry IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashe3ce05eb00b3215df220efaf0fd06e21 d1533966f79dc2984c34317035f31cf3c91298c9 0d67b7e8ea46e3c959329a0e79a8c8b236187f452edc7049524245e4aa6bee21
GET /assets/img/favicon-16x16.png?v=jw3mK7G9Ry HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:33 GMT
content-type: image/png
content-length: 1012
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "164bab244d543d9719126be57e7b82f4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cz3VX9Avj3%2B5ibNqpq7LShzciticWBoqoGfKlkSrP23DqAmQajnNygXZJYqFABI8zbXPbxoUH%2B%2FCIc1fQB%2Blgd7YGXMeVT6XVQdJIPV3GOqkoC%2F439lmUV7%2FTYrEYoQ1YjBsNZA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87ea6fcec80d7127-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry | 104.21.68.134 | 200 OK | 9.0 kB |
URL GET HTTP/3tgweb.lizy.free.hr/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash87fecdadac0beb95f9b7c87b3b3236f0 822f92446c0033a32462aa21208efaef1f0d8c3c 25aa724658da8e71f5cc7c35ccbb43075866af5bed964edb09979caace667b0b
GET /assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:33 GMT
content-type: image/png
content-length: 9024
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "c35bd3231a46b7b8c79b2578bdec4987"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UHkRP949KDpcpYGaIrXD%2FfOJ%2F2sQ30I5LROyIOaKiceHO6qFvsS1kDwE%2BWXlUPhjffU07rlA60ntkAD9oqkW58BGdLP4E92VL%2FE1%2BhSDXwXaOmxxjBElUaARJHqDRbZMdSj%2FfE4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87ea6fcec8017127-OSL
alt-svc: h3=":443"; ma=86400
|
|
| venus.web.telegram.org/apiw1 |  149.154.167.99 | | 169 B |
URL venus.web.telegram.org/apiw1 IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
File typeHTML document, ASCII text, with CRLF line terminators Hashc2a982d42f89274763eef2a44fe01030 86e6d53f6478cdd0c05611093d9c55a953454af7 d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a
POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/
Content-Length: 0
Origin: https://tgweb.lizy.free.hr
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: nginx/1.18.0
date: Sat, 04 May 2024 18:08:33 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tgweb.lizy.free.hr
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iS0sVfiHG93Os84VHidO0Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Sat, 04 May 2024 18:08:33 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vAK+i7e8GvEC/Vg8dZI1LYRbkcs=
Sec-WebSocket-Protocol: binary
|
|
| tgweb.lizy.free.hr/textToSvgURL-c6ebb454.js | 104.21.68.134 | 200 OK | 434 B |
URL GET HTTP/3tgweb.lizy.free.hr/textToSvgURL-c6ebb454.js IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typeASCII text, with very long lines (306) Hashdb363d8053c3aa976b2e2162860d6932 fef1a8b065868caacf63184d97c10aaf10ec6a28 62ba5e078c4aaa3ff5c8c24cb8216de89afaa7dd10bfd364a0396913bbd34663
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /textToSvgURL-c6ebb454.js HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/pageSignQR-e0d84ebb.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:33 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"745425261de7a48f7926db2f3e90629a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u5q0Cij3%2F6Zo9wPIsep7HcBnC2zgi6mM%2FOcw0ZUf6Zy12wv4ZmyxE%2FL%2BElEDrzCOAoWiJHXkDWMwyB8cnkbBWsgUVDy0vAByxJ93Y%2B68hZ5c%2FnkiA9QfIyCAkJBi5EOEvozHWpY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 87ea6fd2bfa77127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tgweb.lizy.free.hr
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eXocgtkrBIimiNoTJi6cNA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Sat, 04 May 2024 18:08:33 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VTheuZkpQH2o6zJ7i8C0zq0e13M=
Sec-WebSocket-Protocol: binary
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tgweb.lizy.free.hr
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5QOA4nm/5bxL/zgy072uRg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Sat, 04 May 2024 18:08:33 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5KlMTI9Ol+hEnuXAyJFnhlTL7bU=
Sec-WebSocket-Protocol: binary
|
|
| tgweb.lizy.free.hr/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 | 104.21.68.134 | 200 OK | 11 kB |
URL GET HTTP/3tgweb.lizy.free.hr/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11056, version 1.0 Hash07db243db21ed0a6b4ff05ff429686b7 5d62925fdd7ed8e80f206d095ed093994f13d276 ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://tgweb.lizy.free.hr/index-6aac8894.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:34 GMT
content-type: font/woff2
content-length: 11056
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "d0122a2078b736d8f34c46ec02e88eb0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZGky1RfroSeqkYSqQmnxl%2FHUstLG3b6k6jnxK7u%2BthdyrnUFTTxn9FkqaJOUjBn1Y1Uv3K1r2MQmeVuo4W%2FOG1LI1nbILKHfxxsNOyYo6GzGAiXP0%2FngWxYwmDLVPe1GzJ8edZI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87ea6fd43a8d7127-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/button-3c0412b5.js | 104.21.68.134 | 200 OK | 8.6 kB |
URL GET HTTP/3tgweb.lizy.free.hr/button-3c0412b5.js IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typeJava source, ASCII text, with very long lines (7942) Hash196e5e7f9e1c68ee5600eb20d267d413 e0fdc8a4def6f9df5e8a8c744725a23ed8f02d1d 104c9f1ae4c343b710b6df2e418644ba0812b0f39c49b29bf11588ea392a1bec
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /button-3c0412b5.js HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/pageSignQR-e0d84ebb.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:33 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"904427c49011d4cefeb0e0c0b8e64262"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UAMOnY0clE2MCqYS2aJ%2Fe%2BHFLYmCS7fxvicX5%2F3O%2BzUqlZ8iF0LfZWEvlGtAl%2B%2BzKGU9lsC6cGmbKTP2K1s3%2BC16F832Gca6KdG7HctaCmLDg2lsapwUySUv6OmP1mDbzt6JaHs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 87ea6fd2af907127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/putPreloader-4fe8a20c.js | 104.21.68.134 | 200 OK | 6.1 kB |
URL GET HTTP/3tgweb.lizy.free.hr/putPreloader-4fe8a20c.js IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typeASCII text, with very long lines (394) Hash8938721374b58a823b81007a55652c9b 37963038e92e8930922693aff26b187f60957746 387e9b77166bf84a9783ef5d61af9cd3f2cdba1d37b8a2c4cc941332a94da31c
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /putPreloader-4fe8a20c.js HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:33 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"3ad0106e0a39eeb08be1da1e87b1f46b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qTd7%2BNku0uCjL6PjyWuglQ3WaiU3K1tdLvsNFP2SHMIc3uDOMWmEQuDtfndR4o%2BPPCTo0mxrldzwzsotCnI1e64f5WtTsgeoE7H2N6S6svTE45mMkWpwvzXgvNrxeDwItVxVb5E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87ea6fcf186e7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/crypto.worker-b2b2021e.js | 104.21.68.134 | 200 OK | 35 kB |
URL GET HTTP/3tgweb.lizy.free.hr/crypto.worker-b2b2021e.js IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash061a201747d764fcd611ff886b2b27ef d0fbcab1a5c52c5c38f46b2ed048cf8637716686 58fafa3a075d804360271b6b081e9c3c46ba344659ef3cb10d5561afc1147448
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /crypto.worker-b2b2021e.js HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:32 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"860187db15075ef93d9f1f93f6ce3e29"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qTv5EXr4CB5PJCJbWvYIXerqD%2FvAQbISzkrqmRGaqYhYKt89w%2FAFbNC6%2FXS7GcPnyR%2Fo9RMVwZCjp%2BOzivyk1W7RMBw8o3b91mO%2BlKur4W7pSPILFhENcZngb9h41BazCJnrxpM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 87ea6fcd7df97127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/assets/img/logo_padded.svg | 104.21.68.134 | 200 OK | 1.1 kB |
URL GET HTTP/3tgweb.lizy.free.hr/assets/img/logo_padded.svg IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typeSVG Scalable Vector Graphics image Hash4c0b48654a4881c325148a5e00964160 d7d21756c9dd4c1bf4d97087811745aad60506a0 7583a3643a9480ab4d81dd46b700cf3a38ebdd94af1a6059d2b6a3ecff8a65c5
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /assets/img/logo_padded.svg HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:35 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"ddc17b460f3542cd68305d2c727dab6c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oAkwrkbthqu%2BD3IA3xzqyw1R5nmit3cmGw%2B4Wjx85TmkMacMb%2FzD2wMw0UshuYYklNJwS9bsoqXKbwfsVWTPtaR8MEbpJIWHXAtBHZ3got5hiUjZXMJakTLMmg2DVe9zhgypriY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87ea6fde7b707127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/index-6aac8894.css | 104.21.68.134 | 200 OK | 419 kB |
URL GET HTTP/3tgweb.lizy.free.hr/index-6aac8894.css IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
Size419 kB (418751 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /index-6aac8894.css HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:32 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"9334b1c184590982395595ad925438ab"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H01Busz5FK1sJoltVsC000d0ycIvCvYpDbjDrFtE%2F4Hw%2FNdOrSLWmw9yQUKZNiVo38MK9jW5FoAa205RvkSish06Dayt9iQMfY5eDuDuSxrrdcQmnE1HPkiMnEFWTwiy%2FiY%2BBTM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87ea6fca89247127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/langSign-66e8939d.js | 104.21.68.134 | 200 OK | 1.6 kB |
URL GET HTTP/3tgweb.lizy.free.hr/langSign-66e8939d.js IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typeASCII text, with very long lines (1751), with no line terminators Hash0d55451ee39b2aa034b815696a9b13ad 6144047d9652181c02b1e107703a9851ba5838ae 6efafb0c9358c1754c8d06ee1049bae36ff61108eb534f6c79a94d8b62f5b8f2
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /langSign-66e8939d.js HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/index-04b2749c.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:33 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"5a29e5d9c312b68171d6e68b1381397b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TMMZB%2FNxy5WdZZBFjq8dtfjtpSCI7LZ7hLEXDNkG6CL7bKgkirbjRBv%2FEQFzTYMeruFez3alPKhZ%2F1q09OAA%2FPqhJg7UXkVGAPXms7eP1i%2BWbvcCtIwRFiciIjEtKsR1RySZdm8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87ea6fcdde7f7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 104.21.68.134 | 200 OK | 14 kB |
URL User Request GET HTTP/2IP104.21.68.134:443
CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typeHTML document, ASCII text, with very long lines (1757) Hash9d0b6b1ada939f2972ff9cd1408891be 21d3e9c6b41d7877c4e5b7bba3cbd007bbacb41a 1f3258e0c92a6c73c87419f6af9cf4ce331b604f6bcdbe845f9fb5811f6da989
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET / HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 18:08:32 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1P3PNYfPbW8sLy5PoJzxMyIZtP6RAsXPb0hS0NpRuaSvyyvw3crEw%2FRWO0YyAB%2FGEhdlx2XLLZXzSS0KtaeEYgYs46FmOosWYbTLSiQCQ4N8HX%2BSRCQxNpF%2FQ6xIuWMbYcsu93I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87ea6fc78998b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| tgweb.lizy.free.hr/countries-5301fc59.js | 104.21.68.134 | 200 OK | 24 kB |
URL GET HTTP/3tgweb.lizy.free.hr/countries-5301fc59.js IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /countries-5301fc59.js HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/index-04b2749c.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:33 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"e980704d431b4d599e68121466b55e1b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yxt%2FGW%2FdTdeLT%2BbyG540tf98hstm6LWl8mqro5XhmA8h5OmC0Uw2fuxIq3zFgbD7z5A7tKPgkUJEJOwZGUAlhfwozu006ZaDszBCjzPBqwtdypR6BwRR4sTPHPFYLNnOM4PmxHI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87ea6fcdde8a7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/page-ea4c9cdd.js | 104.21.68.134 | 200 OK | 10 kB |
URL GET HTTP/3tgweb.lizy.free.hr/page-ea4c9cdd.js IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typeASCII text, with very long lines (10193) Hash2a3e8e5f6ef043cc8bf9939280b09c2f 7f674e26166aed913a70aeb16e12b570c6d6db2c 44e19ddb86af319760d1e86051ff5dba6690d8909c69fc787ab608cb9e551779
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /page-ea4c9cdd.js HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/pageSignQR-e0d84ebb.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:33 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"fafb47a210ac8d5560748b1f54b30d2c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z5gDhSJq0%2FY2rZuGIBg%2FoMCJDnFsrB6DP2uwus6x73gQ%2FtIqldMnAhyeLsWWOBDF%2BhcmoOZf%2FqT1%2Bvd2h27nTbu%2BAsX%2FZfHkrVuGN1AFyFvOXA8PLye8MbMgs28hpptcq1qXfmo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 87ea6fd2af8d7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/index-04b2749c.js | 104.21.68.134 | 200 OK | 123 kB |
URL GET HTTP/3tgweb.lizy.free.hr/index-04b2749c.js IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
Size123 kB (123174 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /index-04b2749c.js HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:32 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"2ac114357cb0079acbe63c089c239705"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UMe1xeh3shs6Muq3XUmxcS7d4i2jRsdVMvkUQI%2B6XFSPi487lYtkhsTUe5rViW%2BF727%2BM%2FnjZ2%2F6i7fh9Zrgww24FS0hqyYSiH3PrzY6Gm8WX0yEufUpcHIGp52eS0U0f78xXtE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87ea6fca89237127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/lang-28d42960.js | 104.21.68.134 | 200 OK | 99 kB |
URL GET HTTP/3tgweb.lizy.free.hr/lang-28d42960.js IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /lang-28d42960.js HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/index-04b2749c.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:33 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"7116e1fbe75b7c6f47a89c6a3ffc6246"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HIhD2NXjQaWVxiyx13wxRln3LN6U5zg9x3aIQPzmTl0RdKSkuNb7avVjYZ%2FcJPEzzEhxpLnTwmhkMarArUMqHRG0TpoZ%2BNWl4fpsOaOq86p9kHgSJSTTXnfYIKdadg4ZFdvHiJ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87ea6fcdce767127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/pageSignQR-e0d84ebb.js | 104.21.68.134 | 200 OK | 5.5 kB |
URL GET HTTP/3tgweb.lizy.free.hr/pageSignQR-e0d84ebb.js IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typeASCII text, with very long lines (5694), with no line terminators Hash0595c27ff073c780274386709a7018ad f452b533a93b0cf71f862558a4345163b22db508 4c0735581a8fd44624eab27c715bcdbff402f2397c01620f36738bcaa6f69a33
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /pageSignQR-e0d84ebb.js HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/index-04b2749c.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:33 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"7627011b4471b62cfb60e6d80334f814"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BPon0NXAriajV0COP1XOSEKjDRPccynM%2FZSOYlELiSpSHD6E%2Ft%2FBtuTtIk1t5i5PXve6mmnD4UieI%2F8xuNsRqhpMHg6a7nPOOlNgPcrlZ59up5vVJbb8SDQrlHTW4d9wj7ePte8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 87ea6fcf18727127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/qr-code-styling-c40cd486.js | 104.21.68.134 | 200 OK | 66 kB |
URL GET HTTP/3tgweb.lizy.free.hr/qr-code-styling-c40cd486.js IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /qr-code-styling-c40cd486.js HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/pageSignQR-e0d84ebb.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:33 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"2024b4af6efb72a858b6bd36ad6cca0b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cle4Y%2BLJCowBrmhyfA1OtGmRqsWk8dsQEzVTs0uXfBLGBxTNoKBnnYjfHIlC%2F3pGVN8ZF5HOjKwahHNcZzZuCmi7RjG9WcZQJY1Sphg90JsB8aEgWKZMhceZeQZbn8Ww%2B9zsELo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87ea6fd338627127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/pageSignQR-e0d84ebb.js | 104.21.68.134 | 200 OK | 5.5 kB |
URL GET HTTP/3tgweb.lizy.free.hr/pageSignQR-e0d84ebb.js IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typeASCII text, with very long lines (5694), with no line terminators Hash0595c27ff073c780274386709a7018ad f452b533a93b0cf71f862558a4345163b22db508 4c0735581a8fd44624eab27c715bcdbff402f2397c01620f36738bcaa6f69a33
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /pageSignQR-e0d84ebb.js HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:33 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"7627011b4471b62cfb60e6d80334f814"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BPon0NXAriajV0COP1XOSEKjDRPccynM%2FZSOYlELiSpSHD6E%2Ft%2FBtuTtIk1t5i5PXve6mmnD4UieI%2F8xuNsRqhpMHg6a7nPOOlNgPcrlZ59up5vVJbb8SDQrlHTW4d9wj7ePte8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87ea6fcf08567127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgweb.lizy.free.hr/page-ea4c9cdd.js | 104.21.68.134 | 200 OK | 10 kB |
URL GET HTTP/3tgweb.lizy.free.hr/page-ea4c9cdd.js IP104.21.68.134:443
Requested byhttps://tgweb.lizy.free.hr/ CertificateIssuerLet's Encrypt Subjecttgweb.lizy.free.hr Fingerprint80:9C:07:F6:3E:B4:54:11:EA:86:A6:7F:9F:7D:BC:CD:CB:B6:EF:6D ValidityFri, 22 Mar 2024 17:52:44 GMT - Thu, 20 Jun 2024 17:52:43 GMT
File typeASCII text, with very long lines (10193) Hash2a3e8e5f6ef043cc8bf9939280b09c2f 7f674e26166aed913a70aeb16e12b570c6d6db2c 44e19ddb86af319760d1e86051ff5dba6690d8909c69fc787ab608cb9e551779
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Telegram |
GET /page-ea4c9cdd.js HTTP/1.1
Host: tgweb.lizy.free.hr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgweb.lizy.free.hr/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 18:08:33 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"fafb47a210ac8d5560748b1f54b30d2c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z5gDhSJq0%2FY2rZuGIBg%2FoMCJDnFsrB6DP2uwus6x73gQ%2FtIqldMnAhyeLsWWOBDF%2BhcmoOZf%2FqT1%2Bvd2h27nTbu%2BAsX%2FZfHkrVuGN1AFyFvOXA8PLye8MbMgs28hpptcq1qXfmo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87ea6fcf085b7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|