22crownii.top Open in urlscan Pro
172.67.187.240 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://22crownii.top/register?id=351
Submission Tags: @phish_report
Submission: On July 13 via api (July 13th 2024, 8:12:16 pm UTC) from FI — Scanned from FI

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 21 HTTP transactions. The main IP is 172.67.187.240, located in United States and belongs to CLOUDFLARENET, US. The main domain is 22crownii.top.
TLS certificate: Issued by WE1 on July 3rd 2024. Valid for: 3 months.

This is the only time 22crownii.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 17	172.67.187.240 172.67.187.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
21	3

17 172.67.187.240 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

22crownii.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	22crownii.top 1 redirects 22crownii.top	419 KB
1	facebook.net connect.facebook.net — Cisco Umbrella Rank: 191	60 KB
21	2

	Domain	Requested by
17	22crownii.top	1 redirects 22crownii.top
1	connect.facebook.net	22crownii.top
21	2

This site contains no links.

Subject Issuer	Validity	Valid
22crownii.top WE1	`2024-07-03` - `2024-10-01`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-04-22` - `2024-07-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://22crownii.top/register?id=351
Frame ID: F90D4DA899C28518E0EEB632B8FCD9A1
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://22crownii.top/register?id=351 Page URL
https://22crownii.top/cdn-cgi/phish-bypass?atok=1J1z.RdoDxaDpiMsVDWLISX_R3eMDl63QUAcZ0Lx.mU-172090... HTTP 301
https://22crownii.top/register?id=351 Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

21
Requests

81 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

478 kB
Transfer

1880 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://22crownii.top/register?id=351 Page URL
https://22crownii.top/cdn-cgi/phish-bypass?atok=1J1z.RdoDxaDpiMsVDWLISX_R3eMDl63QUAcZ0Lx.mU-1720901501-0.0.1.1-%2Fregister%3Fid%3D351 HTTP 301
https://22crownii.top/register?id=351 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 register Show response
22crownii.top/ 4 KB
2 KB 207ms
62ms Document
text/html 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://22crownii.top/register?id=351

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52934228e996fe4bed750277e8783f14ee6da34807e0d04b786ab2ae361fed0f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cf-ray: 8a2bec71fa2f1e60-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 13 Jul 2024 20:11:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FPv6OhZzy9hPsupX6E7%2BBj3pJfIsHqkpLO2mvcbFpTUhyPyyTJvT6FSgmal1OS550Ryy5usHT3qeB7B5qvxGWINHe2lfBADjHeqLUFg0sejZkKZZR6f%2BN1Vsgxmndyq2"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 cf.errors.css
22crownii.top/cdn-cgi/styles/ 23 KB
5 KB 58ms
58ms Stylesheet
text/css 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://22crownii.top/cdn-cgi/styles/cf.errors.css

Requested by

Host: 22crownii.top
URL: https://22crownii.top/register?id=351

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://22crownii.top/register?id=351
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 20:11:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 11 Jul 2024 08:13:48 GMT
server: cloudflare
etag: W/"668f943c-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8a2bec726ab91e60-FRA
expires: Sat, 13 Jul 2024 22:11:41 GMT

GET
H3 200 icon-exclamation.png
22crownii.top/cdn-cgi/images/ 452 B
634 B 59ms
58ms Image
image/png 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://22crownii.top/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: 22crownii.top
URL: https://22crownii.top/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://22crownii.top/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 20:11:41 GMT
x-content-type-options: nosniff
last-modified: Thu, 11 Jul 2024 08:13:48 GMT
server: cloudflare
etag: "668f943c-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8a2bec72cb6e1e60-FRA
content-length: 452
expires: Sat, 13 Jul 2024 22:11:41 GMT

GET
H3 200 favicon.ico
22crownii.top/ 15 KB
11 KB 559ms
558ms Other
image/x-icon 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://22crownii.top/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1d8fd053110cf5404d0bbbfc98abb8008345dcae91676896d91b0c02c560f1c

Request headers

Referer: https://22crownii.top/register?id=351
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 20:11:42 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Sat, 08 Jun 2024 14:52:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66647011-3c2e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FYDdMpUqshGCp%2FY4Bi0V%2BhPbwvYyN2uNXBdkhUFChUvOkQOmtRU%2BhWeYperDs5t5SYhpM%2BIgLb222JT3vt6PWh2ceaACCEWOhh29igVa3NSJEr96OqE2PnNsH87hQt4r"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
cache-control: max-age=14400
cf-ray: 8a2bec732bf71e60-FRA
alt-svc: h3=":443"; ma=86400

GET
H3

200

Primary Request register Show response
22crownii.top/
Redirect Chain

https://22crownii.top/cdn-cgi/phish-bypass?atok=1J1z.RdoDxaDpiMsVDWLISX_R3eMDl63QUAcZ0Lx.mU-1720901501-0.0.1.1-%2Fregister%3Fid%3D351
https://22crownii.top/register?id=351

16 KB
5 KB

562ms
561ms

Document
text/html

172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://22crownii.top/register?id=351
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89d7a6f5556a963b5d76d78fd09dea6abeff2c61a11adeeaa633cf5c8a6d8443

Request headers

Referer: https://22crownii.top/register?id=351
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a2bec89dc841e60-FRA
content-encoding: br
content-type: text/html
date: Sat, 13 Jul 2024 20:11:46 GMT
last-modified: Thu, 11 Jul 2024 13:51:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I3i8qf8%2FONVwn8kAT77658kQrS7erJI2IMdqpoNXzqYlY7oa9JCkIMzlfPh5yz6l8ocv0v1vuWkIrph1flEmPStsH58C6W9l8gGYCt8oVHaBQkCFQFhp%2BwczQTVkpLPJ"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

cache-control: private, no-cache
cf-ray: 8a2bec897be51e60-FRA
content-length: 167
content-type: text/html
date: Sat, 13 Jul 2024 20:11:45 GMT
location: https://22crownii.top/register?id=351
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3 200 pwa-1.92.js Show response
22crownii.top/ 218 B
550 B 609ms
608ms Script
application/javascript 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://22crownii.top/pwa-1.92.js
Requested by: Host: 22crownii.top
URL: https://22crownii.top/register?id=351
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30afc64c6e4d707f34d4b32f889dd14ddff475d03cf9b6eb4cf682ad782f4041

Request headers

Referer: https://22crownii.top/register?id=351
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 20:11:46 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 30 May 2024 15:34:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66589c6c-da"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BQ%2BD%2Fk3VqSIpYPKn%2Fa1LVLpxTRjTS8iUip%2B5ou5UruBw4d4vjam8eVuH177Eivs5u6OLaMqRFdAAI0IlW5q4na9egDLT1jIdfJm19Hsx%2FWrZbxbmSJLcX3sBa%2FgGiSwT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8a2bec8d6a4d1e60-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 lang.cd803c16.js Show response
22crownii.top/js/ 198 KB
64 KB 611ms
609ms Script
application/javascript 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://22crownii.top/js/lang.cd803c16.js
Requested by: Host: 22crownii.top
URL: https://22crownii.top/register?id=351
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ae6c2fc62c13424a20041528a9c6f439fe83132e7ef452bfa5cf41f15355a3d

Request headers

Referer: https://22crownii.top/register?id=351
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 20:11:46 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Thu, 11 Jul 2024 13:51:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"668fe34f-31761"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wAyu2kdoZjOM7WNO1Xv8hgdUXSGiDQUDMGifixLcueORPxM%2FEW606a7mSpJqZZ%2FLgNOXNiYIBN9gMmg5n%2BETGtaYUaSjwSoZNFmyPoTGxfoPNrxIrMOjtIwP0wvCAEG1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8a2bec8d6a531e60-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 commons-cdd60c62.cd803c16.js Show response
22crownii.top/js/ 552 KB
176 KB 7085ms
7083ms Script
application/javascript 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://22crownii.top/js/commons-cdd60c62.cd803c16.js
Requested by: Host: 22crownii.top
URL: https://22crownii.top/register?id=351
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f99e8637028c834e2498fe937bb9c985b01cc8309cd39303da54f84fd48fdec

Request headers

Referer: https://22crownii.top/register?id=351
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 20:11:46 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Thu, 11 Jul 2024 13:51:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"668fe34f-8a15d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qn7SiCSDHP8QYT8P7XjPhAkLMV5n0tjWJqmk%2BX6ipqrHWe8OcyY4rzCCaTRGGdfbrcCecTpKYqzz6T5wROih6UZa6irCkWzguiKaxrSvF%2FMfAFNjOQAs56Xl4YuuWUpI"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8a2bec8d8ab21e60-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 commons-bb3d84b5.cd803c16.js
22crownii.top/js/ 407 KB
0 14956ms
14955ms Script
application/javascript 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://22crownii.top/js/commons-bb3d84b5.cd803c16.js
Requested by: Host: 22crownii.top
URL: https://22crownii.top/register?id=351
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://22crownii.top/register?id=351
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 20:11:46 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Thu, 11 Jul 2024 13:51:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"668fe34f-7e032"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7RXO57YAbaWQoPFFpq07H%2FIDq3h291rVk0bd7RxjJb8EC3vWo37F20oDR5kFcPSPu17g6AYFnQmd7byZRHJTeQBbEOr%2BAO73EPUVfkreibrTAj2X5Fu9X1lVCV6d0YWl"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8a2bec8d8ab61e60-FRA
alt-svc: h3=":443"; ma=86400

GET commons-0bc0478e.cd803c16.js
22crownii.top/js/ 0
0

GET app.cd803c16.js
22crownii.top/js/ 0
0

GET
H3 200 commons-cdd60c62.cd803c16.css
22crownii.top/css/ 60 KB
11 KB 610ms
608ms Stylesheet
text/css 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://22crownii.top/css/commons-cdd60c62.cd803c16.css
Requested by: Host: 22crownii.top
URL: https://22crownii.top/register?id=351
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee1c55ec473e7798f64396acdabc3cd0a10d6dc207ba79aaeac56d763a11da91

Request headers

Referer: https://22crownii.top/register?id=351
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 20:11:46 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Thu, 11 Jul 2024 13:51:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"668fe34f-ee2c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XD8tWsUrSsf4vOMYzcECTqxXcTvK1MuyQEHTKic6%2FQV%2Fe%2BohMlsp0P6XhiByVDKzeNQm4lQ%2FUakqRIEnGEgJPc9AUM2u261TZXh9hQEqJJGsu4AvXlShcc0yRlzZF2cW"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8a2bec8d6a591e60-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 commons-0bc0478e.cd803c16.css
22crownii.top/css/ 58 KB
12 KB 554ms
552ms Stylesheet
text/css 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://22crownii.top/css/commons-0bc0478e.cd803c16.css
Requested by: Host: 22crownii.top
URL: https://22crownii.top/register?id=351
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 425ed17c2e27b202ef775b326c2d764d3bc9816fc4d807ee85538ea0059c6568

Request headers

Referer: https://22crownii.top/register?id=351
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 20:11:46 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Thu, 11 Jul 2024 13:51:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"668fe34f-e80d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a6941zF2h%2FR%2Bv6c7PGH8HN2F4bq1PYf4msLqlHiCyHs0kbzlQdwQ7hcW%2BVjB9auI4Uu3120go%2FWcidiajUjT85OFT%2FnR4np8WuJABbCznQJNgaaqzNRNAv32vWBODFiP"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8a2bec8d6a5e1e60-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 app.cd803c16.css
22crownii.top/css/ 6 KB
2 KB 738ms
736ms Stylesheet
text/css 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://22crownii.top/css/app.cd803c16.css
Requested by: Host: 22crownii.top
URL: https://22crownii.top/register?id=351
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b511de20c19f8a187c2dd79f5b7e84a44c59b4ad10c7a5fba347ab88d614fc0

Request headers

Referer: https://22crownii.top/register?id=351
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 20:11:46 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Thu, 11 Jul 2024 13:51:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"668fe34f-170c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WOgjiW1wRDfYd2dnOazys9in%2FRlo0YoD2qDo0932zB0GcEM4YwtVW3Z3qNitkieMepx9itUBm%2BiFgT2tH6CUtW9emKjhnCIIF5iJ6T70q6BXzlhgR2c2jnRL03y9cXpj"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8a2bec8d6a5f1e60-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 177.cd803c16.css
22crownii.top/css/ 29 KB
3 KB 737ms
735ms Stylesheet
text/css 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://22crownii.top/css/177.cd803c16.css
Requested by: Host: 22crownii.top
URL: https://22crownii.top/register?id=351
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 17ba3a68ba95fdb79f0c004ea76e02275abec4e16fafd85b699b187ba59d4d8c

Request headers

Referer: https://22crownii.top/register?id=351
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 20:11:46 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Thu, 11 Jul 2024 13:51:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"668fe34f-7572"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IQ%2B0YhksMFl3SM0%2BaPkpeUOg701LngaxrqnJrYWS8qNoyz6ApabWwKPULkYf3LmFXWscjzm3BoGhYfvGd9iu7dp1JxARxPjiTD36A1%2BRX7YgGBQsMBV39%2FCdD5dZhk6f"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8a2bec8d6a621e60-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 home.cd803c16.js Show response
22crownii.top/js/ 133 KB
81 KB 791ms
790ms Script
application/javascript 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://22crownii.top/js/home.cd803c16.js
Requested by: Host: 22crownii.top
URL: https://22crownii.top/register?id=351
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02bf2a068c06a07358f54fd08315471387c582c3589c72260b479cd5c78ed8b9

Request headers

Referer: https://22crownii.top/register?id=351
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 20:11:46 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Thu, 11 Jul 2024 13:51:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"668fe34f-2148e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=krdxqJ6SU%2FrMp%2FxhBiVSaErOyd8EMqL3XWhdHaHYJ0z5z%2BptE6KJ%2BGeBwPWEh2icUI3cFjQ%2Bdy%2BDbs%2Bot4TN8JYQiNz6lYoX7D8%2FHiWLb2gI2LVYPMkE7RvtBVXmSQzY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8a2bec8d6a661e60-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 cstaticdun.min.js Show response
22crownii.top/ 33 KB
12 KB 6703ms
6702ms Script
application/javascript 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://22crownii.top/cstaticdun.min.js
Requested by: Host: 22crownii.top
URL: https://22crownii.top/register?id=351
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f371c17b0dfea0ca574e6b1d902a6dad255da936034f85dbb7e15e5b5960c88c

Request headers

Referer: https://22crownii.top/register?id=351
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 20:11:46 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Thu, 30 May 2024 15:34:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66589c6c-84f6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C6%2F6eviEGE7A%2FM136KTr6U0eLtGZYc2wWJ%2BlVAaDcbIpVZbmpBLucXO%2F2wBlICOjcw9n9%2FvIyuJ52TxXKBG5PdQdpw7UYiexzNlm4V9t8Z9Q0Xkuu9BsJcKvhNvTSQdA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8a2bec8d6a681e60-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 svga.min.js Show response
22crownii.top/ 121 KB
34 KB 6826ms
6825ms Script
application/javascript 172.67.187.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://22crownii.top/svga.min.js
Requested by: Host: 22crownii.top
URL: https://22crownii.top/register?id=351
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7abd6d8ecf2d6bef43804accb82dd6be1b4b3ad96b276358274cb3d59cec023e

Request headers

Referer: https://22crownii.top/register?id=351
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 20:11:46 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Thu, 30 May 2024 15:34:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66589c6c-1e25a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5weGa7VJF5UnCePKBJ3Mc0QnqlBxUu5AWl5zrgfsebPdYQgNEbxjYf4g8oLIoicUJnEPVaB5tDIvRTJ4n41J6XSQGSW2K79JS%2BlHfwNjQkV%2BwNO302Z%2FV6XbCz9iFbGU"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8a2bec8d6a6b1e60-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 223 KB
60 KB 198ms
63ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: 22crownii.top
URL: https://22crownii.top/register?id=351

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c4832b19dd5406ac0855426096610e532861e94c65819651ada45299002455de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://22crownii.top/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 13 Jul 2024 20:11:46 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58653
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=59, rtx=0, c=12, mss=1368, tbw=2799, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: SOUVpy9q6NxyCY2bgfZmgR9wA5rIXyUmSx0+4xt4lxUw8CTWdBQdkUfx27HhOjCwuBxq8zl0NKNAUDc0Z8/sfQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET 783.cd803c16.css
22crownii.top/css/ 0
0

GET GameDetail.cd803c16.js
22crownii.top/js/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 22crownii.top
URL: https://22crownii.top/js/commons-0bc0478e.cd803c16.js

Domain: 22crownii.top
URL: https://22crownii.top/js/app.cd803c16.js

Domain: 22crownii.top
URL: https://22crownii.top/css/783.cd803c16.css

Domain: 22crownii.top
URL: https://22crownii.top/js/GameDetail.cd803c16.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.22crownii.top/	1970-01-20 22:03:07	Name: __cf_mw_byp Value: 1J1z.RdoDxaDpiMsVDWLISX_R3eMDl63QUAcZ0Lx.mU-1720901501-0.0.1.1-/register?id=351

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://22crownii.top/register?id=351 Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

22crownii.top
connect.facebook.net
22crownii.top
172.67.187.240
2a03:2880:f084:d:face:b00c:0:3
02bf2a068c06a07358f54fd08315471387c582c3589c72260b479cd5c78ed8b9
17ba3a68ba95fdb79f0c004ea76e02275abec4e16fafd85b699b187ba59d4d8c
30afc64c6e4d707f34d4b32f889dd14ddff475d03cf9b6eb4cf682ad782f4041
3b511de20c19f8a187c2dd79f5b7e84a44c59b4ad10c7a5fba347ab88d614fc0
425ed17c2e27b202ef775b326c2d764d3bc9816fc4d807ee85538ea0059c6568
4f99e8637028c834e2498fe937bb9c985b01cc8309cd39303da54f84fd48fdec
52934228e996fe4bed750277e8783f14ee6da34807e0d04b786ab2ae361fed0f
6ae6c2fc62c13424a20041528a9c6f439fe83132e7ef452bfa5cf41f15355a3d
7abd6d8ecf2d6bef43804accb82dd6be1b4b3ad96b276358274cb3d59cec023e
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
89d7a6f5556a963b5d76d78fd09dea6abeff2c61a11adeeaa633cf5c8a6d8443
c4832b19dd5406ac0855426096610e532861e94c65819651ada45299002455de
e1d8fd053110cf5404d0bbbfc98abb8008345dcae91676896d91b0c02c560f1c
ee1c55ec473e7798f64396acdabc3cd0a10d6dc207ba79aaeac56d763a11da91
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f371c17b0dfea0ca574e6b1d902a6dad255da936034f85dbb7e15e5b5960c88c

22crownii.top Open in urlscan Pro 172.67.187.240 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

81 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

478 kBTransfer

1880 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

22crownii.top Open in urlscan Pro
172.67.187.240 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

81 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

478 kB
Transfer

1880 kB
Size

1
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!