URL: https://biuletynimm.pl/de/?c=48U4VV&m=p&d=z&f=1032&p=1
Submission Tags: falconsandbox
Submission: On January 31 via api from US — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 46.229.144.46, located in Kolonia Opacz, Poland and belongs to ATMAN-ISP-AS ATM S.A., PL. The main domain is biuletynimm.pl.
TLS certificate: Issued by Certum Domain Validation CA SHA2 on May 20th 2021. Valid for: a year.
This is the only time biuletynimm.pl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

MIME: PDF document, version 1.4
Size: 907 KB (928700 bytes, 100% done)
Downloaded from: https://biuletynimm.pl/ddt/?c=48U4VV&m=p&d=z&f=1032&p=1&user_hash=75f67d020a6c2c4561d1ca4670345b0a&user_hash1=1232214500

Domain & IP information

IP Address AS Autonomous System
3 46.229.144.46 15694 (ATMAN-ISP...)
3 1
Apex Domain
Subdomains
Transfer
3 biuletynimm.pl
biuletynimm.pl
27 KB
3 1
Domain Requested by
3 biuletynimm.pl biuletynimm.pl
3 1

This site contains no links.

Subject Issuer Validity Valid
*.biuletynimm.pl
Certum Domain Validation CA SHA2
2021-05-20 -
2022-05-20
a year crt.sh

This page contains 1 frames:

Frame: https://biuletynimm.pl/ddt/?c=48U4VV&m=p&d=z&f=1032&p=1&user_hash=75f67d020a6c2c4561d1ca4670345b0a&user_hash1=1232214500
Frame ID: 558883C49A23D9B112729F5B4F2000D5
Requests: 3 HTTP requests in this frame

Screenshot


Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

27 kB
Transfer

64 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
biuletynimm.pl/de/
1 KB
2 KB
Document
General
Full URL
https://biuletynimm.pl/de/?c=48U4VV&m=p&d=z&f=1032&p=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
46.229.144.46 Kolonia Opacz, Poland, ASN15694 (ATMAN-ISP-AS ATM S.A., PL),
Reverse DNS
host-46.229.144.46.edulogistic.pl
Software
/ Express
Resource Hash
26376970a59728ce598b274226ac8ccba9cadabcd496c2c7d5466aa39e4e518f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

X-Powered-By
Express
Access-Control-Allow-Headers
X-Requested-With, Origin, Content-Type, Accept, Authtoken, Mobile
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
undefined
Content-Type
text/html; charset=utf-8
Content-Length
1218
ETag
W/"4c2-P+DooM1CJnpcH5y35nBhrkaZ9Qs"
Date
Mon, 31 Jan 2022 08:10:02 GMT
X-Robots-Tag
noindex
direct_download.min.js
biuletynimm.pl/static/main/js/
63 KB
25 KB
Script
General
Full URL
https://biuletynimm.pl/static/main/js/direct_download.min.js?v=3
Requested by
Host: biuletynimm.pl
URL: https://biuletynimm.pl/de/?c=48U4VV&m=p&d=z&f=1032&p=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
46.229.144.46 Kolonia Opacz, Poland, ASN15694 (ATMAN-ISP-AS ATM S.A., PL),
Reverse DNS
host-46.229.144.46.edulogistic.pl
Software
/ Express
Resource Hash
1998ff9177fe81b8860aa60f02fdbec4b183b4785852e986c071e5c00a520789

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://biuletynimm.pl/de/?c=48U4VV&m=p&d=z&f=1032&p=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Mon, 31 Jan 2022 08:10:02 GMT
Content-Encoding
gzip
ETag
W/"fbd0-17e770c16a0"
Last-Modified
Thu, 20 Jan 2022 10:33:08 GMT
X-Powered-By
Express
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=2592000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
noindex
Access-Control-Allow-Headers
X-Requested-With, Origin, Content-Type, Accept
/
biuletynimm.pl/ddt/
0
0
Document
General
Full URL
https://biuletynimm.pl/ddt/?c=48U4VV&m=p&d=z&f=1032&p=1&user_hash=75f67d020a6c2c4561d1ca4670345b0a&user_hash1=1232214500
Requested by
Host: biuletynimm.pl
URL: https://biuletynimm.pl/static/main/js/direct_download.min.js?v=3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
46.229.144.46 Kolonia Opacz, Poland, ASN15694 (ATMAN-ISP-AS ATM S.A., PL),
Reverse DNS
host-46.229.144.46.edulogistic.pl
Software
/ Express
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://biuletynimm.pl/de/?c=48U4VV&m=p&d=z&f=1032&p=1

Response headers

X-Powered-By
Express
Access-Control-Allow-Headers
X-Requested-With, Origin, Content-Type, Accept, Authtoken, Mobile
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
undefined
Content-Disposition
attachment; filename="forbes_diamenty_forbesa_2022_02_01_diamenty_forbesa___przychody_od_5_do_50_mln_pln__miejsca_613___637__pdf_k.pdf"
Accept-Ranges
bytes
Cache-Control
public, max-age=0
Last-Modified
Sun, 30 Jan 2022 21:50:16 GMT
ETag
W/"e2bbc-17eacf79e2c"
Content-Type
application/pdf
Content-Length
928700
Date
Mon, 31 Jan 2022 08:10:03 GMT
X-Robots-Tag
noindex

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| IMM_REDIRECT_URL object| FingerprintJS string| fp number| fp1 function| download_redirect function| ClientJS

2 Cookies

Domain/Path Name / Value
biuletynimm.pl/ Name: IMMTRCK
Value: 587c32676a02da1f36ac58d59da50eff1f5289280bb6e1ecd36770e2fbc06540e5ed6d03a7129a14f4897b9acabee1c01c0f967a2fe1d60c7fc80e686e4745d76c66
biuletynimm.pl/ Name: connect.sid
Value: s%3AGO7YqmAqwzwF7UGQQpUSwD3FDL0UIBVl.6x8NmlQc5r0DhQArMu6FrOpk67QhP7vcRWl%2BiUllmj8

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

biuletynimm.pl
46.229.144.46
1998ff9177fe81b8860aa60f02fdbec4b183b4785852e986c071e5c00a520789
26376970a59728ce598b274226ac8ccba9cadabcd496c2c7d5466aa39e4e518f