Report - au.policy-fb.com/support/disagree-decision/

Report Overview

Submitted URL
au.policy-fb.com/support/disagree-decision/
IP
107.180.114.159
ASN
#26496 AS-26496-GO-DADDY-COM-LLC
Submitted
2024-04-24 16:02:01
Access
public
Website Title
Facebook
Final URL
au.policy-fb.com/support/disagree-decision/
Tags
meta facebook phishing social
urlquery detections
Phishing - Facebook

Detections

urlquery
7
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ipapi.co	195030	2016-04-19	2017-01-31	2024-04-23	464 B	10 kB	104.26.8.44
au.policy-fb.com	unknown	unknown	No data	No data	3.5 kB	151 kB	107.180.114.159
img1.wsimg.com	9893	2008-03-17	2012-06-20	2024-04-23	862 B	21 kB	23.36.79.43
events.api.secureserver.net	125179	1998-03-30	2020-06-23	2024-04-24	2.5 kB	932 B	104.69.222.195
csp.secureserver.net	unknown	1998-03-30	2022-12-18	2024-04-23	2.2 kB	2.3 kB	104.110.14.92
top.anotherlevel.app	unknown	2024-02-12	2024-02-12	2024-04-18	2.7 kB	1.5 kB	146.70.81.214
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-24	499 B	5.4 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	au.policy-fb.com/support/disagree-decision/	Facebook, Inc.

PhishTank

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	au.policy-fb.com/support/disagree-decision/	Facebook

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	au.policy-fb.com/support/disagree-decision/	376 B	2024-04-24	2024-04-24
Pretty URL au.policy-fb.com/support/disagree-decision/ IP 107.180.114.159 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 18:02:08 Last Seen2024-04-24 18:02:08 Times Seen1 Hash a627613d7bffa6d1a226fc72343a8144 c7e8be1ec9e96fcfda263026c2c65a71b2a0784d e6b7cd0d65997ac7f9a26a833e08ba2ded23039cedcf7d07869a12f2a788b6ce Loading...

	img1.wsimg.com/traffic-assets/js/tccl.min.js	106 kB	2024-03-22	2024-05-05
Pretty URL img1.wsimg.com/traffic-assets/js/tccl.min.js IP 23.36.79.43 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-22 17:30:50 Last Seen2024-05-05 19:49:29 Times Seen492 Hash fdf3f3c180ae2aa6864f9c46a83a37a9 59f698af339af479bc5447e5da54778d909c7068 e301943f5f3cb3486ab3f4c75c0315e96891268a76b8663b6a490324e39d1664 Loading...

	au.policy-fb.com/support/disagree-decision/static/js/main.94f6ac25.js	362 kB	2024-04-24	2024-04-24
Pretty URL au.policy-fb.com/support/disagree-decision/static/js/main.94f6ac25.js IP 107.180.114.159 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 18:02:08 Last Seen2024-04-24 18:02:08 Times Seen2 Hash 8947f8119e1bab399e1a0ddb6e46932a 2ea9dc53aa867bce712112739ab4545f3c985863 263e255a86d1366555a43112751ec434eb1462df3baf091cc05bd61e6ffbabf2 Loading...

HTTP Transactions (21)

URL IP Response Size

au.policy-fb.com/support/disagree-decision/

107.180.114.159

200 OK

584 B

URL User Request GET HTTP/2
au.policy-fb.com/support/disagree-decision/
IP
107.180.114.159:443
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

Certificate
IssuerLet's Encrypt
Subjectau.policy-fb.com
FingerprintC8:E7:72:51:B5:45:E9:C9:2C:70:2C:B6:59:09:8E:07:B1:BC:B8:D3
ValidityWed, 24 Apr 2024 00:34:42 GMT - Tue, 23 Jul 2024 00:34:41 GMT

File type
HTML document, ASCII text, with very long lines (1575), with no line terminators
Size
584 B (584 bytes)
Hash
0d0ddc1080c381516a031e64570e15d3
d38e8acf2be209a9642d325883e28ae0714bdd9d
f1fe1a4ae4ed7b7c4930898c70447ab9df96852c4010e7ab4c68431d434c4ace

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.
PhishTank	phishing	Facebook

HTTP Headers

GET /support/disagree-decision/ HTTP/1.1
Host: au.policy-fb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 24 Apr 2024 10:30:10 GMT
etag: "15c0045-452-616d527b0b080-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 584
content-type: text/html
date: Wed, 24 Apr 2024 16:01:36 GMT
server: Apache
X-Firefox-Spdy: h2

img1.wsimg.com/traffic-assets/js/tccl.min.js

23.36.79.43

301 Moved Permanently

0 B

URL GET HTTP/2
img1.wsimg.com/traffic-assets/js/tccl.min.js
IP
23.36.79.43:443
ASN
#20940 Akamai International B.V.

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.wsimg.com
FingerprintB7:FF:50:92:4F:A1:64:14:99:A1:DE:DB:55:C9:FA:92:78:6B:89:DD
ValidityTue, 19 Sep 2023 21:06:14 GMT - Sun, 20 Oct 2024 21:06:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /traffic-assets/js/tccl.min.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://au.policy-fb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
content-length: 0
location: https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
cache-control: max-age=31536000
expires: Thu, 24 Apr 2025 16:01:36 GMT
date: Wed, 24 Apr 2024 16:01:36 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js

23.36.79.43

200 OK

20 kB

URL GET HTTP/2
img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
IP
23.36.79.43:443
ASN
#20940 Akamai International B.V.

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.wsimg.com
FingerprintB7:FF:50:92:4F:A1:64:14:99:A1:DE:DB:55:C9:FA:92:78:6B:89:DD
ValidityTue, 19 Sep 2023 21:06:14 GMT - Sun, 20 Oct 2024 21:06:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
20 kB (20488 bytes)
Hash
fdf3f3c180ae2aa6864f9c46a83a37a9
59f698af339af479bc5447e5da54778d909c7068
e301943f5f3cb3486ab3f4c75c0315e96891268a76b8663b6a490324e39d1664

HTTP Headers

GET /signals/js/clients/scc-c2/scc-c2.min.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://au.policy-fb.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: HyXAvSj7EC14E9pYublP3xb3ZXNmUpbI7rsYmZVew08Imkac/1BCul1w8UzhfJgSpBBLfb+ME1g=
x-amz-request-id: VZW7NMR39CXK5MKS
last-modified: Fri, 22 Mar 2024 13:06:20 GMT
etag: "fdf3f3c180ae2aa6864f9c46a83a37a9"
x-amz-server-side-encryption: AES256
x-amz-meta-version: 0.2.5
x-amz-version-id: NUbpk_ypfZoRQFFJE7rB4qpj7fMsB7r1
accept-ranges: bytes
content-type: text/javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1800
expires: Wed, 24 Apr 2024 16:31:36 GMT
date: Wed, 24 Apr 2024 16:01:36 GMT
content-length: 20488
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

au.policy-fb.com/support/disagree-decision/static/css/main.c3b41b8e.css

107.180.114.159

200 OK

33 kB

URL GET HTTP/2
au.policy-fb.com/support/disagree-decision/static/css/main.c3b41b8e.css
IP
107.180.114.159:443
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerLet's Encrypt
Subjectau.policy-fb.com
FingerprintC8:E7:72:51:B5:45:E9:C9:2C:70:2C:B6:59:09:8E:07:B1:BC:B8:D3
ValidityWed, 24 Apr 2024 00:34:42 GMT - Tue, 23 Jul 2024 00:34:41 GMT

File type
ASCII text, with very long lines (58732)
Size
33 kB (32809 bytes)
Hash
40008e1a75c40fc7db08bed94c613aae
6ffe07948f0564fa066d695888a04fdda5cf0885
c41a2b75d5dc01d25612e7bf87a32a320cbcd356acf647dfac13b0edc3764d4d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

HTTP Headers

GET /support/disagree-decision/static/css/main.c3b41b8e.css HTTP/1.1
Host: au.policy-fb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://au.policy-fb.com/support/disagree-decision/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 24 Apr 2024 10:30:10 GMT
etag: "15c004d-2653c-616d527b0b080-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 32809
content-type: text/css
date: Wed, 24 Apr 2024 16:01:36 GMT
server: Apache
X-Firefox-Spdy: h2

au.policy-fb.com/support/disagree-decision/static/js/main.94f6ac25.js

107.180.114.159

200 OK

110 kB

URL GET HTTP/2
au.policy-fb.com/support/disagree-decision/static/js/main.94f6ac25.js
IP
107.180.114.159:443
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerLet's Encrypt
Subjectau.policy-fb.com
FingerprintC8:E7:72:51:B5:45:E9:C9:2C:70:2C:B6:59:09:8E:07:B1:BC:B8:D3
ValidityWed, 24 Apr 2024 00:34:42 GMT - Tue, 23 Jul 2024 00:34:41 GMT

File type
JavaScript source, ASCII text, with very long lines (65465)
Size
110 kB (110281 bytes)
Hash
8947f8119e1bab399e1a0ddb6e46932a
2ea9dc53aa867bce712112739ab4545f3c985863
263e255a86d1366555a43112751ec434eb1462df3baf091cc05bd61e6ffbabf2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

HTTP Headers

GET /support/disagree-decision/static/js/main.94f6ac25.js HTTP/1.1
Host: au.policy-fb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://au.policy-fb.com/support/disagree-decision/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 24 Apr 2024 10:30:10 GMT
etag: "15c008c-58609-616d527b0b080-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 110281
content-type: text/javascript
date: Wed, 24 Apr 2024 16:01:36 GMT
server: Apache
X-Firefox-Spdy: h2

events.api.secureserver.net/t/1/tl/event?dh=au.policy-fb.com&dr=&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&client_name=scc-c2&cv=0.2.5&vg=f195355b-d853-4035-992e-4ed0c381661b&vtg=f195355b-d853-4035-992e-4ed0c381661b&dp=%2Fsupport%2Fdisagree-decision&trace_id=b7ab678adab34e83ad7c1f97561fa4fd&cts=2024-04-24T16%3A01%3A37.559Z&hit_id=6713a261-f97b-4553-b685-b7c3d3e98527&ea=pageperf&ht=perf&eid=traffic.tcc.instrumentation.navigation.timing&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl505279%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%229852824%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=226405316&z=569933467&tce=1713974496509&tcs=1713974496050&tdc=1713974497553&tdclee=1713974497552&tdcles=1713974497548&tdi=1713974497326&tdl=1713974496807&tdle=1713974496050&tdls=1713974496050&tfs=1713974496049&tns=1713974496029&trqs=1713974496510&tre=1713974496659&trps=1713974496659&tles=1713974497553&tlee=0&nt=navigate&nav_type=hard

104.69.222.195

200 OK

43 B

URL GET HTTP/2
events.api.secureserver.net/t/1/tl/event?dh=au.policy-fb.com&dr=&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&client_name=scc-c2&cv=0.2.5&vg=f195355b-d853-4035-992e-4ed0c381661b&vtg=f195355b-d853-4035-992e-4ed0c381661b&dp=%2Fsupport%2Fdisagree-decision&trace_id=b7ab678adab34e83ad7c1f97561fa4fd&cts=2024-04-24T16%3A01%3A37.559Z&hit_id=6713a261-f97b-4553-b685-b7c3d3e98527&ea=pageperf&ht=perf&eid=traffic.tcc.instrumentation.navigation.timing&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl505279%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%229852824%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=226405316&z=569933467&tce=1713974496509&tcs=1713974496050&tdc=1713974497553&tdclee=1713974497552&tdcles=1713974497548&tdi=1713974497326&tdl=1713974496807&tdle=1713974496050&tdls=1713974496050&tfs=1713974496049&tns=1713974496029&trqs=1713974496510&tre=1713974496659&trps=1713974496659&tles=1713974497553&tlee=0&nt=navigate&nav_type=hard
IP
104.69.222.195:443
ASN
#20940 Akamai International B.V.

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.api.secureserver.net
Fingerprint86:0A:54:3C:14:92:76:57:19:E1:8B:86:AE:B6:C7:06:3C:C8:7A:58
ValidityMon, 10 Jul 2023 19:26:59 GMT - Sat, 10 Aug 2024 19:26:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /t/1/tl/event?dh=au.policy-fb.com&dr=&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&client_name=scc-c2&cv=0.2.5&vg=f195355b-d853-4035-992e-4ed0c381661b&vtg=f195355b-d853-4035-992e-4ed0c381661b&dp=%2Fsupport%2Fdisagree-decision&trace_id=b7ab678adab34e83ad7c1f97561fa4fd&cts=2024-04-24T16%3A01%3A37.559Z&hit_id=6713a261-f97b-4553-b685-b7c3d3e98527&ea=pageperf&ht=perf&eid=traffic.tcc.instrumentation.navigation.timing&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl505279%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%229852824%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=226405316&z=569933467&tce=1713974496509&tcs=1713974496050&tdc=1713974497553&tdclee=1713974497552&tdcles=1713974497548&tdi=1713974497326&tdl=1713974496807&tdle=1713974496050&tdls=1713974496050&tfs=1713974496049&tns=1713974496029&trqs=1713974496510&tre=1713974496659&trps=1713974496659&tles=1713974497553&tlee=0&nt=navigate&nav_type=hard HTTP/1.1
Host: events.api.secureserver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://au.policy-fb.com
DNT: 1
Connection: keep-alive
Referer: https://au.policy-fb.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/gif
content-length: 43
access-control-allow-origin: https://au.policy-fb.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
cache-control: private
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
date: Wed, 24 Apr 2024 16:01:37 GMT
X-Firefox-Spdy: h2

104.69.222.195

200 OK

43 B

URL GET HTTP/2
events.api.secureserver.net/t/1/tl/event?dh=au.policy-fb.com&dr=&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&client_name=scc-c2&cv=0.2.5&vg=f195355b-d853-4035-992e-4ed0c381661b&vtg=f195355b-d853-4035-992e-4ed0c381661b&dp=%2Fsupport%2Fdisagree-decision&trace_id=b7ab678adab34e83ad7c1f97561fa4fd&cts=2024-04-24T16%3A01%3A37.326Z&hit_id=883f993e-92eb-48fc-9d16-1f88f2fe74e5&ht=pageview&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl505279%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%229852824%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=226405316&z=505051676
IP
104.69.222.195:443
ASN
#20940 Akamai International B.V.

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.api.secureserver.net
Fingerprint86:0A:54:3C:14:92:76:57:19:E1:8B:86:AE:B6:C7:06:3C:C8:7A:58
ValidityMon, 10 Jul 2023 19:26:59 GMT - Sat, 10 Aug 2024 19:26:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /t/1/tl/event?dh=au.policy-fb.com&dr=&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&client_name=scc-c2&cv=0.2.5&vg=f195355b-d853-4035-992e-4ed0c381661b&vtg=f195355b-d853-4035-992e-4ed0c381661b&dp=%2Fsupport%2Fdisagree-decision&trace_id=b7ab678adab34e83ad7c1f97561fa4fd&cts=2024-04-24T16%3A01%3A37.326Z&hit_id=883f993e-92eb-48fc-9d16-1f88f2fe74e5&ht=pageview&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl505279%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%229852824%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=226405316&z=505051676 HTTP/1.1
Host: events.api.secureserver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://au.policy-fb.com
DNT: 1
Connection: keep-alive
Referer: https://au.policy-fb.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/gif
content-length: 43
access-control-allow-origin: https://au.policy-fb.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
cache-control: private
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
date: Wed, 24 Apr 2024 16:01:37 GMT
X-Firefox-Spdy: h2

csp.secureserver.net/eventbus

104.110.14.92

202 Accepted

0 B

URL POST HTTP/1.1
csp.secureserver.net/eventbus
IP
104.110.14.92:443
ASN
#16625 AKAMAI-AS

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.secureserver.net
FingerprintB6:20:47:6F:3C:E3:DC:99:70:44:2D:CB:6A:E0:1C:12:A4:A5:A0:5C
ValidityTue, 10 Oct 2023 22:44:19 GMT - Sun, 10 Nov 2024 22:44:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /eventbus HTTP/1.1
Host: csp.secureserver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Referer: https://au.policy-fb.com/
Origin: https://au.policy-fb.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 0
x-amzn-requestid: c06b2e93-c360-4988-aa3a-0ddd9a2e7f75
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: content-type,authorization
x-amz-apigw-id: WvPzWGhooAMEDlg=
Access-Control-Allow-Methods: OPTIONS,POST
x-amzn-trace-id: Root=1-66292ce1-7ca6a5096ff30d386f1c266c
x-envoy-upstream-service-time: 8
Expires: Wed, 24 Apr 2024 16:01:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 24 Apr 2024 16:01:37 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload

csp.secureserver.net/eventbus

104.110.14.92

202 Accepted

0 B

URL POST HTTP/1.1
csp.secureserver.net/eventbus
IP
104.110.14.92:443
ASN
#16625 AKAMAI-AS

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.secureserver.net
FingerprintB6:20:47:6F:3C:E3:DC:99:70:44:2D:CB:6A:E0:1C:12:A4:A5:A0:5C
ValidityTue, 10 Oct 2023 22:44:19 GMT - Sun, 10 Nov 2024 22:44:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /eventbus HTTP/1.1
Host: csp.secureserver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: api-key 8da2217409854bee82e12dc4ca0b39fb
Content-Type: application/json
Content-Length: 1837
Origin: https://au.policy-fb.com
DNT: 1
Connection: keep-alive
Referer: https://au.policy-fb.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: 0
x-amzn-requestid: 92f8f2c7-efe4-45a2-9095-d9d165c2b898
Access-Control-Allow-Origin: *
x-amz-apigw-id: WvPzXExUoAMEVJg=
x-amzn-trace-id: Root=1-66292ce2-29fd4ef97c4f0a802e4b843f
x-envoy-upstream-service-time: 101
Expires: Wed, 24 Apr 2024 16:01:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 24 Apr 2024 16:01:38 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload

au.policy-fb.com/support/disagree-decision/apple-touch-icon.png

107.180.114.159

200 OK

3.9 kB

URL GET HTTP/2
au.policy-fb.com/support/disagree-decision/apple-touch-icon.png
IP
107.180.114.159:443
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerLet's Encrypt
Subjectau.policy-fb.com
FingerprintC8:E7:72:51:B5:45:E9:C9:2C:70:2C:B6:59:09:8E:07:B1:BC:B8:D3
ValidityWed, 24 Apr 2024 00:34:42 GMT - Tue, 23 Jul 2024 00:34:41 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
3.9 kB (3919 bytes)
Hash
3e9533e36b37b665d85d920c8a58283d
7c0b7cd6fa47ca73ee7c7971f84c6728a5db811f
16161eafeb5ffaa11292d6defea260b5ab286329ea801f6e924a8feab65840eb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

HTTP Headers

GET /support/disagree-decision/apple-touch-icon.png HTTP/1.1
Host: au.policy-fb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://au.policy-fb.com/support/disagree-decision/
Cookie: _tccl_visitor=f195355b-d853-4035-992e-4ed0c381661b; _tccl_visit=f195355b-d853-4035-992e-4ed0c381661b; _scc_session=pc=1&C_TOUCH=2024-04-24T16:01:37.326Z
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 24 Apr 2024 10:29:58 GMT
etag: "15c0044-f4f-616d526f99580"
accept-ranges: bytes
content-length: 3919
content-type: image/png
date: Wed, 24 Apr 2024 16:01:38 GMT
server: Apache
X-Firefox-Spdy: h2

au.policy-fb.com/support/disagree-decision/favicon-16x16.png

107.180.114.159

200 OK

822 B

URL GET HTTP/2
au.policy-fb.com/support/disagree-decision/favicon-16x16.png
IP
107.180.114.159:443
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerLet's Encrypt
Subjectau.policy-fb.com
FingerprintC8:E7:72:51:B5:45:E9:C9:2C:70:2C:B6:59:09:8E:07:B1:BC:B8:D3
ValidityWed, 24 Apr 2024 00:34:42 GMT - Tue, 23 Jul 2024 00:34:41 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
822 B (822 bytes)
Hash
be9b2c044c6f5e1706f07c040da977e7
ed7227409e617008c554bd89f92d42ce74b2fb2a
95d92c83de08c2a0cd4b4c4c564debf02db09b1bcfc6957e9f63d2344e866bd4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

HTTP Headers

GET /support/disagree-decision/favicon-16x16.png HTTP/1.1
Host: au.policy-fb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://au.policy-fb.com/support/disagree-decision/
Cookie: _tccl_visitor=f195355b-d853-4035-992e-4ed0c381661b; _tccl_visit=f195355b-d853-4035-992e-4ed0c381661b; _scc_session=pc=1&C_TOUCH=2024-04-24T16:01:37.326Z
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 24 Apr 2024 10:29:58 GMT
etag: "15c0040-336-616d526f99580"
accept-ranges: bytes
content-length: 822
content-type: image/png
date: Wed, 24 Apr 2024 16:01:38 GMT
server: Apache
X-Firefox-Spdy: h2

csp.secureserver.net/eventbus

104.110.14.92

202 Accepted

0 B

URL POST HTTP/1.1
csp.secureserver.net/eventbus
IP
104.110.14.92:443
ASN
#16625 AKAMAI-AS

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.secureserver.net
FingerprintB6:20:47:6F:3C:E3:DC:99:70:44:2D:CB:6A:E0:1C:12:A4:A5:A0:5C
ValidityTue, 10 Oct 2023 22:44:19 GMT - Sun, 10 Nov 2024 22:44:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /eventbus HTTP/1.1
Host: csp.secureserver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Referer: https://au.policy-fb.com/
Origin: https://au.policy-fb.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 0
x-amzn-requestid: fb09e72d-2282-4f61-8def-1e0125db3285
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: content-type,authorization
x-amz-apigw-id: WvPzcGCjoAMEScA=
Access-Control-Allow-Methods: OPTIONS,POST
x-amzn-trace-id: Root=1-66292ce2-54bdeea23bff00de6b076cbf
x-envoy-upstream-service-time: 7
Expires: Wed, 24 Apr 2024 16:01:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 24 Apr 2024 16:01:38 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload

csp.secureserver.net/eventbus

104.110.14.92

202 Accepted

0 B

URL POST HTTP/1.1
csp.secureserver.net/eventbus
IP
104.110.14.92:443
ASN
#16625 AKAMAI-AS

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.secureserver.net
FingerprintB6:20:47:6F:3C:E3:DC:99:70:44:2D:CB:6A:E0:1C:12:A4:A5:A0:5C
ValidityTue, 10 Oct 2023 22:44:19 GMT - Sun, 10 Nov 2024 22:44:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /eventbus HTTP/1.1
Host: csp.secureserver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: api-key b18ef4f046435b64a469b32c3c1c20a3
Content-Type: application/json
Content-Length: 1106
Origin: https://au.policy-fb.com
DNT: 1
Connection: keep-alive
Referer: https://au.policy-fb.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: 0
x-amzn-requestid: 740444ce-fb06-440d-805e-ee741fe7cdae
Access-Control-Allow-Origin: *
x-amz-apigw-id: WvPzeEEpoAMEIhg=
x-amzn-trace-id: Root=1-66292ce2-155e0e610723484b38f4cff7
x-envoy-upstream-service-time: 100
Expires: Wed, 24 Apr 2024 16:01:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 24 Apr 2024 16:01:38 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload

top.anotherlevel.app/api/activity/shadow

146.70.81.214

200 OK

2 B

URL OPTIONS HTTP/1.1
top.anotherlevel.app/api/activity/shadow
IP
146.70.81.214:443
ASN
#9009 M247 Europe SRL

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerLet's Encrypt
Subjecttop.anotherlevel.app
Fingerprint97:3E:5A:E4:F2:E9:28:A6:4E:FB:25:58:A3:E0:AF:24:9A:6F:EB:61
ValidityFri, 12 Apr 2024 12:56:31 GMT - Thu, 11 Jul 2024 12:56:30 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

OPTIONS /api/activity/shadow HTTP/1.1
Host: top.anotherlevel.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://au.policy-fb.com/
Origin: https://au.policy-fb.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Wed, 24 Apr 2024 16:01:40 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
vary: Origin
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-origin: https://au.policy-fb.com
access-control-allow-headers: content-type

top.anotherlevel.app/api/activity/shadow

146.70.81.214

200 OK

85 B

URL OPTIONS HTTP/1.1
top.anotherlevel.app/api/activity/shadow
IP
146.70.81.214:443
ASN
#9009 M247 Europe SRL

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerLet's Encrypt
Subjecttop.anotherlevel.app
Fingerprint97:3E:5A:E4:F2:E9:28:A6:4E:FB:25:58:A3:E0:AF:24:9A:6F:EB:61
ValidityFri, 12 Apr 2024 12:56:31 GMT - Thu, 11 Jul 2024 12:56:30 GMT

File type
JSON text data
Size
85 B (85 bytes)
Hash
09992d46ca1266fe7a2d1a86e7680954
234ac709243c39d74e48ddc45a6de589336ad724
5bca00413d504d784b3974bb8d78ec197273152c0e4ce073d51250e69e8ee53c

HTTP Headers

POST /api/activity/shadow HTTP/1.1
Host: top.anotherlevel.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 105
Origin: https://au.policy-fb.com
DNT: 1
Connection: keep-alive
Referer: https://au.policy-fb.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Wed, 24 Apr 2024 16:01:40 GMT
Content-Type: application/json
Content-Length: 85
Connection: keep-alive
access-control-allow-origin: *
access-control-allow-credentials: true

au.policy-fb.com/support/disagree-decision/static/media/fb-ypnhlzaiancpcrxa.b1cfbf0dc49d882cc320.svg

107.180.114.159

200 OK

1.1 kB

URL GET HTTP/2
au.policy-fb.com/support/disagree-decision/static/media/fb-ypnhlzaiancpcrxa.b1cfbf0dc49d882cc320.svg
IP
107.180.114.159:443
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerLet's Encrypt
Subjectau.policy-fb.com
FingerprintC8:E7:72:51:B5:45:E9:C9:2C:70:2C:B6:59:09:8E:07:B1:BC:B8:D3
ValidityWed, 24 Apr 2024 00:34:42 GMT - Tue, 23 Jul 2024 00:34:41 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1082 bytes)
Hash
665dd80e557128ca83c069e756e8a687
25684ac0c8c748a9c6fdc9cf2b74b1f197ff061b
be1a79177f078daadb07a28bed64ce33c1a143fb1e2dc21865482f9b504528e2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

HTTP Headers

GET /support/disagree-decision/static/media/fb-ypnhlzaiancpcrxa.b1cfbf0dc49d882cc320.svg HTTP/1.1
Host: au.policy-fb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://au.policy-fb.com/support/disagree-decision/
Cookie: _tccl_visitor=f195355b-d853-4035-992e-4ed0c381661b; _tccl_visit=f195355b-d853-4035-992e-4ed0c381661b; _scc_session=pc=1&C_TOUCH=2024-04-24T16:01:37.326Z
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 24 Apr 2024 10:30:10 GMT
etag: "15c005a-9f0-616d527b0b080-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 1082
content-type: image/svg+xml
date: Wed, 24 Apr 2024 16:01:40 GMT
server: Apache
X-Firefox-Spdy: h2

top.anotherlevel.app/api/set_status/null/login

146.70.81.214

200 OK

36 B

URL GET HTTP/1.1
top.anotherlevel.app/api/set_status/null/login
IP
146.70.81.214:443
ASN
#9009 M247 Europe SRL

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerLet's Encrypt
Subjecttop.anotherlevel.app
Fingerprint97:3E:5A:E4:F2:E9:28:A6:4E:FB:25:58:A3:E0:AF:24:9A:6F:EB:61
ValidityFri, 12 Apr 2024 12:56:31 GMT - Thu, 11 Jul 2024 12:56:30 GMT

File type
JSON text data
Size
36 B (36 bytes)
Hash
765920e039936e6a4efcef8bf71b17ee
752c679ee557891cae4eefd593c77913f7372dc2
3a81f99aaef5363691cb6067c2fe3c2b5eea5da386a7f80fcf7eafdd42e90de1

HTTP Headers

GET /api/set_status/null/login HTTP/1.1
Host: top.anotherlevel.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://au.policy-fb.com
DNT: 1
Connection: keep-alive
Referer: https://au.policy-fb.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Wed, 24 Apr 2024 16:01:40 GMT
Content-Type: application/json
Content-Length: 36
Connection: keep-alive
access-control-allow-origin: *
access-control-allow-credentials: true

top.anotherlevel.app/stealth

146.70.81.214

0 B

URL
top.anotherlevel.app/stealth
IP
146.70.81.214:0
ASN
#9009 M247 Europe SRL

Certificate
IssuerLet's Encrypt
Subjecttop.anotherlevel.app
Fingerprint97:3E:5A:E4:F2:E9:28:A6:4E:FB:25:58:A3:E0:AF:24:9A:6F:EB:61
ValidityFri, 12 Apr 2024 12:56:31 GMT - Thu, 11 Jul 2024 12:56:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stealth HTTP/1.1
Host: top.anotherlevel.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://au.policy-fb.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8ku8fBeHZKeyBrFTDJznFg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.22.1
Date: Wed, 24 Apr 2024 16:01:41 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QqriUTMgVrJqCVVSu9zyVmgFVnc=
Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=12

fonts.googleapis.com/css2?family=Roboto:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,500;1,700&display=swap

142.250.74.106

200 OK

4.8 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,500;1,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
gzip compressed data, max compression
Size
4.8 kB (4815 bytes)
Hash
f83f4024bfeea095aef570ead4b0bc03
441b04997c122d02b8abb2c038413daff4ed5a71
cd878940b73e4b2b2a3ace16d320e01ccb1a65d0f3134b10e7f970184ed78d09

HTTP Headers

GET /css2?family=Roboto:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,500;1,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://au.policy-fb.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 24 Apr 2024 16:01:37 GMT
date: Wed, 24 Apr 2024 16:01:37 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ipapi.co/json//

104.26.8.44

200 OK

9.8 kB

URL GET HTTP/2
ipapi.co/json//
IP
104.26.8.44:443
ASN
#13335 CLOUDFLARENET

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerLet's Encrypt
Subjectipapi.co
FingerprintF4:65:F9:9B:26:CD:26:53:C7:F0:24:4D:F3:3B:E2:8E:8F:8F:60:D7
ValiditySat, 09 Mar 2024 17:29:09 GMT - Fri, 07 Jun 2024 17:29:08 GMT

File type
JSON text data
Size
9.8 kB (9809 bytes)
Hash
3ea894357e15788b101c2525a13d7ced
e75b69db5ebe486b46035f39fc9c8c4374aec970
1f97c1464ed28eaafaf0cdfe7bff7aa3ede2a10054dbd8c2d3c98fcd3281c035

HTTP Headers

GET /json// HTTP/1.1
Host: ipapi.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://au.policy-fb.com
DNT: 1
Connection: keep-alive
Referer: https://au.policy-fb.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 16:01:41 GMT
content-type: application/json
allow: GET, HEAD, POST, OPTIONS, OPTIONS
x-frame-options: DENY
vary: Host, origin
access-control-allow-origin: https://au.policy-fb.com
x-content-type-options: nosniff
referrer-policy: same-origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BomZOJq5qKZ8VTNndyLYbtGtGcUH%2BKxoYdUc7uhY%2Fq8PUTVQ4hWwyjY6c9gDJMfRfZRxQpHDXD2s%2Bq2Y4dB3mGj26UlO9AAGRSnozGEXJCM1D%2FOFcwPY3eZ%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879750380f7f7129-OSL
content-encoding: br
X-Firefox-Spdy: h2

top.anotherlevel.app/stealth

146.70.81.214

101 Switching Protocols

0 B

URL GET HTTP/1.1
top.anotherlevel.app/stealth
IP
146.70.81.214:443
ASN
#9009 M247 Europe SRL

Requested by
https://au.policy-fb.com/support/disagree-decision/
Certificate
IssuerLet's Encrypt
Subjecttop.anotherlevel.app
Fingerprint97:3E:5A:E4:F2:E9:28:A6:4E:FB:25:58:A3:E0:AF:24:9A:6F:EB:61
ValidityFri, 12 Apr 2024 12:56:31 GMT - Thu, 11 Jul 2024 12:56:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stealth HTTP/1.1
Host: top.anotherlevel.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://au.policy-fb.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8ku8fBeHZKeyBrFTDJznFg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.22.1
Date: Wed, 24 Apr 2024 16:01:41 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QqriUTMgVrJqCVVSu9zyVmgFVnc=
Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=12

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (21)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate