URL: https://ensana-cloudflare.two.do/
Submission: On July 01 via automatic, source certstream-suspicious — Scanned from NL

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 11 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is ensana-cloudflare.two.do.
TLS certificate: Issued by GTS CA 1P5 on May 6th 2023. Valid for: 3 months.
This is the only time ensana-cloudflare.two.do was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 2a06:98c1:312... 13335 (CLOUDFLAR...)
6 81.95.110.230 25234 (GLOBE-AS ...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
11 3
Domain Requested by
5 www.zoomletter.com ensana-cloudflare.two.do
www.zoomletter.com
4 ensana-cloudflare.two.do ensana-cloudflare.two.do
1 static.cloudflareinsights.com ensana-cloudflare.two.do
1 2022.zoomvoucher.com ensana-cloudflare.two.do
11 4

This site contains no links.

Subject Issuer Validity Valid
two.do
GTS CA 1P5
2023-05-06 -
2023-08-04
3 months crt.sh
www.zoomletter.com
R3
2023-05-16 -
2023-08-14
3 months crt.sh
beta.zoomvoucher.com
R3
2023-06-21 -
2023-09-19
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-04-10 -
2024-04-09
a year crt.sh

This page contains 1 frames:

Primary Page: https://ensana-cloudflare.two.do/
Frame ID: 637D7A81DBE0016C5A5750D0F2010CB9
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Ensana Health Spa Hotels & Resorts, Europe’s leading health hotels

Detected technologies

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

71 kB
Transfer

892 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
ensana-cloudflare.two.do/
9 KB
2 KB
Document
General
Full URL
https://ensana-cloudflare.two.do/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a383e23b7dfe21b778e7da36cfc1d65d5de6a544f6f463df96f603067732c40

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7e01667a2b752bfa-FRA
content-encoding
br
content-type
text/html
date
Sat, 01 Jul 2023 20:29:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ePqhZN0%2BzM84pAc6Yrovu8%2FGhIN6cTLZEP3TeOBAOvndQes6M%2Bc7S8JsOuRtaXH7CCcxjkcw0XAA2jsAcGma1T53jrJ19UMOi7H46sZ7dWwKFLlKLDAJrsA3m%2FjSZZRXfAaY7xg5%2BW6XrT5xKe49C2aTtHXaR0%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
clientscripts.php
www.zoomletter.com/klienti/www-ensanahotels-com/
271 B
477 B
Script
General
Full URL
https://www.zoomletter.com/klienti/www-ensanahotels-com/clientscripts.php
Requested by
Host: ensana-cloudflare.two.do
URL: https://ensana-cloudflare.two.do/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.95.110.230 Kyjov, Czech Republic, ASN25234 (GLOBE-AS www.active24.cz, CZ),
Reverse DNS
gds57g.active24.cz
Software
nginx /
Resource Hash
eab8608af634003a66c7ba7ad9d83824fec48dbac37e137d9044f03c0a633c7e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOWALL

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://ensana-cloudflare.two.do/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 01 Jul 2023 20:29:18 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
server
nginx
content-security-policy
upgrade-insecure-requests
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, public, must-revalidate
content-length
218
vouchersshop.js
2022.zoomvoucher.com/klienti/ensana/js/
4 KB
2 KB
Script
General
Full URL
https://2022.zoomvoucher.com/klienti/ensana/js/vouchersshop.js
Requested by
Host: ensana-cloudflare.two.do
URL: https://ensana-cloudflare.two.do/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.95.110.230 Kyjov, Czech Republic, ASN25234 (GLOBE-AS www.active24.cz, CZ),
Reverse DNS
gds57g.active24.cz
Software
nginx /
Resource Hash
f5a5b20e032a963c20a899636668ee8c498df58e9cc66aa9957f185098a8da32
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://ensana-cloudflare.two.do/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Jul 2023 20:29:17 GMT
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
server
nginx
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Content-Type, Content-Range, Content-Disposition, Content-Description
content-length
1329
expires
0
iframe.js
www.zoomletter.com/klienti/www-ensanahotels-com/loyalty2/
2 KB
804 B
Script
General
Full URL
https://www.zoomletter.com/klienti/www-ensanahotels-com/loyalty2/iframe.js
Requested by
Host: ensana-cloudflare.two.do
URL: https://ensana-cloudflare.two.do/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.95.110.230 Kyjov, Czech Republic, ASN25234 (GLOBE-AS www.active24.cz, CZ),
Reverse DNS
gds57g.active24.cz
Software
nginx /
Resource Hash
ec8e46aa443345ca1f739e6948cabfb2c3a2e94d3ec32947b07aa2f829be1208
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOWALL

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://ensana-cloudflare.two.do/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 01 Jul 2023 20:29:17 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
server
nginx
content-security-policy
upgrade-insecure-requests
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=604800, public, must-revalidate
content-length
541
polyfills.f014404006b2bed9.js
ensana-cloudflare.two.do/
363 KB
0
Script
General
Full URL
https://ensana-cloudflare.two.do/polyfills.f014404006b2bed9.js
Requested by
Host: ensana-cloudflare.two.do
URL: https://ensana-cloudflare.two.do/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://ensana-cloudflare.two.do/
Origin
https://ensana-cloudflare.two.do
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 01 Jul 2023 20:29:17 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Fri, 19 May 2023 14:04:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1d98a5acc1021f1"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IiSm%2FnUyBa0w2t28Dxn4%2Fvk2ZUCo73a8vTP00LMrBD1CDuNFWdiwigTLsvsjrbjoBQNh8YZdVO50fl45pQwfAhaZ7%2Fhy3lby2aCpzLd1yj6aTTn%2FrZzWT7tdxNhWSJZw87SxO0%2FWL6xwshqD7rATEqVN1wrvx2g%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cf-ray
7e01667aac052bfa-FRA
alt-svc
h3=":443"; ma=86400
main.30b71860c4f13e6f.js
ensana-cloudflare.two.do/
300 KB
0
Script
General
Full URL
https://ensana-cloudflare.two.do/main.30b71860c4f13e6f.js
Requested by
Host: ensana-cloudflare.two.do
URL: https://ensana-cloudflare.two.do/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://ensana-cloudflare.two.do/
Origin
https://ensana-cloudflare.two.do
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 01 Jul 2023 20:29:17 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Fri, 19 May 2023 14:04:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1d98a5acc1036f6"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IEg7Bt0DzYtMpZLHg8%2B4OTFXI%2Fm6SVIiigvLImDCLEyHJWsy9FAGqw9PZY4iThSvQ7T0GMxX1HtrC%2FHtf63TRrjTlzNuVYV0TicNtU8zKq%2Fbu6%2FhOxOitt%2BgxTMRH5mVzKK%2FSaOSEgo85ldaIs0zI4LK3ymFkvc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cf-ray
7e01667aac072bfa-FRA
alt-svc
h3=":443"; ma=86400
v52afc6f149f6479b8c77fa569edb01181681764108816
static.cloudflareinsights.com/beacon.min.js/
19 KB
7 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Requested by
Host: ensana-cloudflare.two.do
URL: https://ensana-cloudflare.two.do/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

Request headers

Referer
https://ensana-cloudflare.two.do/
Origin
https://ensana-cloudflare.two.do
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 01 Jul 2023 20:29:18 GMT
content-encoding
gzip
last-modified
Mon, 17 Apr 2023 20:41:48 GMT
server
cloudflare
etag
W/2023.4.2
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
7e01667afd072ba8-FRA
styles.a8b8739b3f49203f.css
ensana-cloudflare.two.do/
30 KB
9 KB
Stylesheet
General
Full URL
https://ensana-cloudflare.two.do/styles.a8b8739b3f49203f.css
Requested by
Host: ensana-cloudflare.two.do
URL: https://ensana-cloudflare.two.do/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
351e94d221c81c39c1e4ec50946c70b4fdc842a465aac98c6cce929bc562d0c4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://ensana-cloudflare.two.do/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 01 Jul 2023 20:29:17 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Fri, 19 May 2023 14:04:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1d98a5acc18c800"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LVfZk49%2Fo9Nrc0AyELfZTq1IBdb4goSyFrHNRdHrV%2FWL4pl9y02eRRha5w%2BSc%2FZ%2FEXZ%2BbS1%2FZhq2IapWvBovdxvSiIX50Bvl1fA7d0di06ePnhuD3lmJ2c0gI%2BPanTGhqr%2BA%2BSygSqeKNn7%2FFMD%2FB45HjHsWHPo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
7e01667aac092bfa-FRA
alt-svc
h3=":443"; ma=86400
popupdesigner.js
www.zoomletter.com/plugins/popupdesigner/
42 KB
8 KB
Script
General
Full URL
https://www.zoomletter.com/plugins/popupdesigner/popupdesigner.js?t=9f76e03f5c2d232ca564a87b629bdf7d43ba4041
Requested by
Host: www.zoomletter.com
URL: https://www.zoomletter.com/klienti/www-ensanahotels-com/clientscripts.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.95.110.230 Kyjov, Czech Republic, ASN25234 (GLOBE-AS www.active24.cz, CZ),
Reverse DNS
gds57g.active24.cz
Software
nginx /
Resource Hash
9f9007031cbdca4c0d46af85031186efdb490d6babeddc52199034aa72955e95
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOWALL

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://ensana-cloudflare.two.do/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Jul 2023 20:29:18 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
server
nginx
content-security-policy
upgrade-insecure-requests
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-length
7717
expires
0
jquery-1.10.2.min.js
www.zoomletter.com/lib/jquery/
91 KB
32 KB
Script
General
Full URL
https://www.zoomletter.com/lib/jquery/jquery-1.10.2.min.js
Requested by
Host: www.zoomletter.com
URL: https://www.zoomletter.com/plugins/popupdesigner/popupdesigner.js?t=9f76e03f5c2d232ca564a87b629bdf7d43ba4041
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.95.110.230 Kyjov, Czech Republic, ASN25234 (GLOBE-AS www.active24.cz, CZ),
Reverse DNS
gds57g.active24.cz
Software
nginx /
Resource Hash
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOWALL

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://ensana-cloudflare.two.do/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 01 Jul 2023 20:29:18 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
server
nginx
content-security-policy
upgrade-insecure-requests
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=604800, public, must-revalidate
content-length
32802
fpmodule.js
www.zoomletter.com/service/fingerprint/
33 KB
10 KB
Script
General
Full URL
https://www.zoomletter.com/service/fingerprint/fpmodule.js
Requested by
Host: www.zoomletter.com
URL: https://www.zoomletter.com/plugins/popupdesigner/popupdesigner.js?t=9f76e03f5c2d232ca564a87b629bdf7d43ba4041
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.95.110.230 Kyjov, Czech Republic, ASN25234 (GLOBE-AS www.active24.cz, CZ),
Reverse DNS
gds57g.active24.cz
Software
nginx /
Resource Hash
12f0e7d8a182cee63e8f102c5a3a47ebba756b3149d88f1bc17db8a404fff270
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOWALL

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://ensana-cloudflare.two.do/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 01 Jul 2023 20:29:18 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
server
nginx
content-security-policy
upgrade-insecure-requests
vary
Accept-Encoding
x-frame-options
ALLOWALL
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=604800, public, must-revalidate
content-length
10167

Verdicts & Comments Add Verdict or Comment

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend object| script string| ConID boolean| loaded function| processVoucherMessage function| callParameters function| removeURLParameter function| sendCookies function| processLoyaltyMessage object| popupdesignerGlobalData object| popupdesignerGlobalData_last boolean| documentLoadedPD string| scriptLocationPD undefined| fancyboxDef object| scripts number| scriptsSizePD number| scriptsLoadedPD string| s function| middleLoadPD function| afterLoadPD function| popupdesignerShowLoggedPopup function| popupdesignerShowLoggedNotPopup function| popupdesignerCloseIframe function| popupdesigner_isIE function| showPopup function| showMobilePopup function| parseQuery function| loadScriptPD function| getObjectSize function| setCookie function| deleteCookie function| getCookie function| checkAndRunAfterOpenEvent function| checkAndRunAfterCloseEvent function| addPopupAnimation function| launchPopupAnimation function| Fingerprint2 function| $ function| jQuery

0 Cookies