mail1.link.s.dhl.pl - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 2 HTTP transactions. The main IP is 46.229.151.14, located in Warsaw, Poland and belongs to ATMAN-ISP-AS ATM S.A., PL. The main domain is mail1.link.s.dhl.pl.

This is the only time mail1.link.s.dhl.pl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	46.229.151.14 46.229.151.14	15694 (ATMAN-ISP...) (ATMAN-ISP-AS ATM S.A.)
1	185.54.185.114 185.54.185.114	31242 (TKPSA-AS) (TKPSA-AS)
2	2

1 46.229.151.14 (Warsaw, Poland)

ASN15694 (ATMAN-ISP-AS ATM S.A., PL)
PTR: app2.enewsletter.pl

mail1.link.s.dhl.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.54.185.114 (Poland)

ASN31242 (TKPSA-AS, PL)
PTR: app.enewsletter.pl

s.enewsletter.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	enewsletter.pl s.enewsletter.pl	11 KB
1	dhl.pl mail1.link.s.dhl.pl	3 KB
2	2

	Domain	Requested by
1	s.enewsletter.pl	mail1.link.s.dhl.pl
1	mail1.link.s.dhl.pl
2	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://mail1.link.s.dhl.pl/rfsf.php?u=12370&key=852b2ba861c74&mkey=02e9158cd6e143c5&ml=485
Frame ID: C43C359ED72600A615FCF5D53D957BEC
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SARE

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

2
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

14 kB
Transfer

10 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request rfsf.php Show response
mail1.link.s.dhl.pl/ 720 B
3 KB 206ms
106ms Document
text/html 46.229.151.14
ATMAN-ISP-AS ATM ...

General

Check archive.org

Show headers Download Go to

Full URL

http://mail1.link.s.dhl.pl/rfsf.php?u=12370&key=852b2ba861c74&mkey=02e9158cd6e143c5&ml=485

Protocol

HTTP/1.1

Server

46.229.151.14 Warsaw, Poland, ASN15694 (ATMAN-ISP-AS ATM S.A., PL),

Reverse DNS

app2.enewsletter.pl

Software

nginx /

Resource Hash

5dfba76516189e679cf016db0fa4f96bd59d694f2d42666a2a055674ec703cae

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://editor.sareapps.pl/ https://editor.digiapps.pl/ https://dev-editor.sare25.com/;block-all-mixed-content;default-src 'self' data:;object-src 'none';base-uri 'self' http://n.enewsletter.pl https://n.enewsletter.pl;manifest-src 'self';font-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://cdn.sare25.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.enewsletter.com.pl https://cdn.sareapps.pl https://cdn.digiapps.pl https://cdn.speakhub.live https://public.speakhub.live https://cdnjs.cloudflare.com https://cdn.heapanalytics.com https://polyfill.io https://code.jquery.com https://uicdn.toast.com https://blueimp.github.io https://cdn.sare25.com https://cdn.livechatinc.com https://api.livechatinc.com https://ajax.googleapis.com https://www.google.com https://www.gstatic.com;style-src 'self' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://uicdn.toast.com https://cdn.sare25.com n.enewsletter.pl;frame-src 'self' dev-editor.sare25.com editor.sareapps.pl editor.digiapps.pl integrations.app-link.me https://secure.livechatinc.com data: https://www.google.com;img-src * data:;worker-src 'self' blob:;media-src * data:;connect-src 'self' .enewsletter.pl .sare25.com .sareapps.pl .digiapps.pl wss://ws-sare-wire.sareapps.pl wss://ws-sare-wire.digiapps.pl wss://ws.speakhub.live public.speakhub.live cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com;child-src 'self' https://cdn.sare25.com;
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Length: 507
Content-Security-Policy: frame-ancestors 'self' https://editor.sareapps.pl/ https://editor.digiapps.pl/ https://dev-editor.sare25.com/;block-all-mixed-content;default-src 'self' data:;object-src 'none';base-uri 'self' http://n.enewsletter.pl https://n.enewsletter.pl;manifest-src 'self';font-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://cdn.sare25.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.enewsletter.com.pl https://cdn.sareapps.pl https://cdn.digiapps.pl https://cdn.speakhub.live https://public.speakhub.live https://cdnjs.cloudflare.com https://cdn.heapanalytics.com https://polyfill.io https://code.jquery.com https://uicdn.toast.com https://blueimp.github.io https://cdn.sare25.com https://cdn.livechatinc.com https://api.livechatinc.com https://ajax.googleapis.com https://www.google.com https://www.gstatic.com;style-src 'self' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://uicdn.toast.com https://cdn.sare25.com n.enewsletter.pl;frame-src 'self' dev-editor.sare25.com editor.sareapps.pl editor.digiapps.pl integrations.app-link.me https://secure.livechatinc.com data: https://www.google.com;img-src * data:;worker-src 'self' blob:;media-src * data:;connect-src 'self' *.enewsletter.pl *.sare25.com *.sareapps.pl *.digiapps.pl wss://ws-sare-wire.sareapps.pl wss://ws-sare-wire.digiapps.pl wss://ws.speakhub.live public.speakhub.live cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com;child-src 'self' https://cdn.sare25.com;
Content-Type: text/html; charset=UTF-8
Date: Tue, 19 Dec 2023 11:14:21 GMT
Expect-CT: max-age=86400, enforce
Permissions-Policy: default 'none'
Referrer-Policy: same-origin
Server: nginx
Vary: Accept-Encoding
X-Content-Type-Options: nosniff nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK logo.jpg
s.enewsletter.pl/n/12370/logo/ 9 KB
11 KB 55ms
29ms Image
image/jpeg 185.54.185.114
TKPSA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://s.enewsletter.pl/n/12370/logo/logo.jpg

Requested by

Host: mail1.link.s.dhl.pl
URL: http://mail1.link.s.dhl.pl/rfsf.php?u=12370&key=852b2ba861c74&mkey=02e9158cd6e143c5&ml=485

Protocol

HTTP/1.1

Server

185.54.185.114 , Poland, ASN31242 (TKPSA-AS, PL),

Reverse DNS

app.enewsletter.pl

Software

nginx /

Resource Hash

76cff5fe5f58f0356ee858a49969b3627655fd647b8baafa0cf5e1a30ec3a137

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://editor.sareapps.pl/ https://editor.digiapps.pl/ https://dev-editor.sare25.com/;block-all-mixed-content;default-src 'self' data:;object-src 'none';base-uri 'self' http://n.enewsletter.pl https://n.enewsletter.pl;manifest-src 'self';font-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://cdn.sare25.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.enewsletter.com.pl https://cdn.sareapps.pl https://cdn.digiapps.pl https://cdn.speakhub.live https://public.speakhub.live https://cdnjs.cloudflare.com https://cdn.heapanalytics.com https://polyfill.io https://code.jquery.com https://uicdn.toast.com https://blueimp.github.io https://cdn.sare25.com https://cdn.livechatinc.com https://api.livechatinc.com https://ajax.googleapis.com https://www.google.com https://www.gstatic.com;style-src 'self' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://uicdn.toast.com https://cdn.sare25.com n.enewsletter.pl;frame-src 'self' dev-editor.sare25.com editor.sareapps.pl editor.digiapps.pl integrations.app-link.me https://secure.livechatinc.com data: https://www.google.com;img-src * data:;worker-src 'self' blob:;media-src * data:;connect-src 'self' .enewsletter.pl .sare25.com .sareapps.pl .digiapps.pl wss://ws-sare-wire.sareapps.pl wss://ws-sare-wire.digiapps.pl wss://ws.speakhub.live public.speakhub.live cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com;child-src 'self' https://cdn.sare25.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Tue, 19 Dec 2023 11:14:21 GMT
Content-Security-Policy: frame-ancestors 'self' https://editor.sareapps.pl/ https://editor.digiapps.pl/ https://dev-editor.sare25.com/;block-all-mixed-content;default-src 'self' data:;object-src 'none';base-uri 'self' http://n.enewsletter.pl https://n.enewsletter.pl;manifest-src 'self';font-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://cdn.sare25.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.enewsletter.com.pl https://cdn.sareapps.pl https://cdn.digiapps.pl https://cdn.speakhub.live https://public.speakhub.live https://cdnjs.cloudflare.com https://cdn.heapanalytics.com https://polyfill.io https://code.jquery.com https://uicdn.toast.com https://blueimp.github.io https://cdn.sare25.com https://cdn.livechatinc.com https://api.livechatinc.com https://ajax.googleapis.com https://www.google.com https://www.gstatic.com;style-src 'self' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://uicdn.toast.com https://cdn.sare25.com n.enewsletter.pl;frame-src 'self' dev-editor.sare25.com editor.sareapps.pl editor.digiapps.pl integrations.app-link.me https://secure.livechatinc.com data: https://www.google.com;img-src * data:;worker-src 'self' blob:;media-src * data:;connect-src 'self' *.enewsletter.pl *.sare25.com *.sareapps.pl *.digiapps.pl wss://ws-sare-wire.sareapps.pl wss://ws-sare-wire.digiapps.pl wss://ws.speakhub.live public.speakhub.live cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com;child-src 'self' https://cdn.sare25.com;
X-Content-Type-Options: nosniff, nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 9385
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Wed, 22 Feb 2023 12:58:52 GMT
Server: nginx
ETag: "24a9-5f549754be011"
Expect-CT: max-age=86400, enforce
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Permissions-Policy: default 'none'
Accept-Ranges: bytes

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	Message: Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://editor.sareapps.pl/ https://editor.digiapps.pl/ https://dev-editor.sare25.com/;block-all-mixed-content;default-src 'self' data:;object-src 'none';base-uri 'self' http://n.enewsletter.pl https://n.enewsletter.pl;manifest-src 'self';font-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://cdn.sare25.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.enewsletter.com.pl https://cdn.sareapps.pl https://cdn.digiapps.pl https://cdn.speakhub.live https://public.speakhub.live https://cdnjs.cloudflare.com https://cdn.heapanalytics.com https://polyfill.io https://code.jquery.com https://uicdn.toast.com https://blueimp.github.io https://cdn.sare25.com https://cdn.livechatinc.com https://api.livechatinc.com https://ajax.googleapis.com https://www.google.com https://www.gstatic.com;style-src 'self' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://uicdn.toast.com https://cdn.sare25.com n.enewsletter.pl;frame-src 'self' dev-editor.sare25.com editor.sareapps.pl editor.digiapps.pl integrations.app-link.me https://secure.livechatinc.com data: https://www.google.com;img-src * data:;worker-src 'self' blob:;media-src * data:;connect-src 'self' .enewsletter.pl .sare25.com .sareapps.pl .digiapps.pl wss://ws-sare-wire.sareapps.pl wss://ws-sare-wire.digiapps.pl wss://ws.speakhub.live public.speakhub.live cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com;child-src 'self' https://cdn.sare25.com;
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mail1.link.s.dhl.pl
s.enewsletter.pl
185.54.185.114
46.229.151.14
5dfba76516189e679cf016db0fa4f96bd59d694f2d42666a2a055674ec703cae
76cff5fe5f58f0356ee858a49969b3627655fd647b8baafa0cf5e1a30ec3a137

mail1.link.s.dhl.pl Open in urlscan Pro 46.229.151.14 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

2 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

14 kBTransfer

10 kBSize

0 Cookies

0 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

mail1.link.s.dhl.pl Open in urlscan Pro
46.229.151.14 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

14 kB
Transfer

10 kB
Size

0
Cookies

2 HTTP transactions
0 data transactions