z2.isecurity.site Open in urlscan Pro
5.161.139.162  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	403	Primary Request / Show response z2.isecurity.site/	6 KB 5 KB	439ms 114ms	Document text/html	5.161.139.162 HETZNER-CLOUD2-AS
General Check archive.org Show headers Download Go to Full URL https://z2.isecurity.site/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 5.161.139.162 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE), Reverse DNS static.162.139.161.5.clients.your-server.de Software nginx/1.24.0 / Resource Hash 532f197c5c2741e8aa1a68ad3143b787bc44ba8b4c5c16031d59bcfd1b3ca924 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-mitigated challenge cf-ray 82572f328fe2396e-IAD content-encoding br content-type text/html; charset=UTF-8 cross-origin-embedder-policy require-corp cross-origin-opener-policy same-origin cross-origin-resource-policy same-origin date Mon, 13 Nov 2023 12:58:07 GMT expires Thu, 01 Jan 1970 00:00:01 GMT origin-agent-cluster ?1 permissions-policy accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() referrer-policy same-origin server nginx/1.24.0 strict-transport-security max-age=31536000; includeSubDomains; preload vary Accept-Encoding x-content-type-options nosniff x-frame-options SAMEORIGIN
GET H2	200	challenges.css z2.isecurity.site/cdn-cgi/styles/	6 KB 3 KB	109ms 109ms	Stylesheet text/css	5.161.139.162 HETZNER-CLOUD2-AS
General Check archive.org Show headers Download Go to Full URL https://z2.isecurity.site/cdn-cgi/styles/challenges.css Requested by Host: z2.isecurity.site URL: https://z2.isecurity.site/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 5.161.139.162 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE), Reverse DNS static.162.139.161.5.clients.your-server.de Software nginx/1.24.0 / Resource Hash 2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://z2.isecurity.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Mon, 13 Nov 2023 12:58:07 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 08 Nov 2023 16:16:02 GMT server nginx/1.24.0 etag W/"654bb442-19c8" x-frame-options DENY vary Accept-Encoding content-type text/css cache-control max-age=7200, public cf-ray 82572f3358705728-IAD expires Mon, 13 Nov 2023 14:58:07 GMT
GET H2	200	v1 Show response z2.isecurity.site/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/	171 KB 58 KB	160ms 160ms	Script application/javascript	5.161.139.162 HETZNER-CLOUD2-AS
General Check archive.org Show headers Download Go to Full URL https://z2.isecurity.site/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82572f328fe2396e Requested by Host: z2.isecurity.site URL: https://z2.isecurity.site/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 5.161.139.162 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE), Reverse DNS static.162.139.161.5.clients.your-server.de Software nginx/1.24.0 / Resource Hash 45fba577819a73c43a051f52795428406a42b637230f1aed24ef832fd8b4ee47 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://z2.isecurity.site/?__cf_chl_rt_tk=f_m0aSQU3DseTLQXctZL2l2dUgwhUQ_xCZPCeeiCuqA-1699880287-0-gaNycGzNCtA User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Mon, 13 Nov 2023 12:58:07 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff content-encoding br server nginx/1.24.0 vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 82572f340a7e9c46-IAD
GET H2	200	favicon.ico z2.isecurity.site/	15 KB 4 KB	235ms 235ms	Image image/x-icon	5.161.139.162 HETZNER-CLOUD2-AS
General Check archive.org Show headers Download Go to Show image Full URL https://z2.isecurity.site/favicon.ico Requested by Host: z2.isecurity.site URL: https://z2.isecurity.site/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 5.161.139.162 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE), Reverse DNS static.162.139.161.5.clients.your-server.de Software nginx/1.24.0 / Resource Hash 6e9e4aefec755103010def1151655624c2d184861243090df4c426e8b7e69158 Security Headers Name Value Content-Security-Policy default-src *.blockchain.com; script-src 'self' 'unsafe-eval' https://cdn.polyfill.io https://www.facebook.com http://www.google-analytics.com https://www.google.com https://www.gstatic.com *.blockchain.com *.blockchain.info https://www.googletagmanager.com nonce-lTXIqXyjUUiZu6EBcF00fhFYGEF2UDoM data:; script-src-elem 'self' 'unsafe-inline' https://cdn.polyfill.io http://www.google-analytics.com https://www.googletagmanager.com https://analytics.twitter.com http://static.ads-twitter.com https://connect.facebook.net nonce-lTXIqXyjUUiZu6EBcF00fhFYGEF2UDoM; connect-src 'self' *.blockchain.com *.blockchain.info *.cryptocompare.com https://script.google.com https://webto.salesforce.com/* wss://streamer.cryptocompare.com https://blockchain.info https://api.greenhouse.io *.doubleclick.net *.google.com *.googleusercontent.com https://www.google-analytics.com https://cdn.embedly.com nonce-lTXIqXyjUUiZu6EBcF00fhFYGEF2UDoM; frame-src 'self' *.blockchain.com *.blockchain.info *.apple.com https://www.google.com https://www.youtube.com https://www.googletagmanager.com https://cdn.embedly.com https://dxmfp9dfv1uwi.cloudfront.net/; img-src 'self' *.blockchain.com *.blockchain.info *.medium.com https://www.googletagmanager.com *.adsrvr.org data: *.cryptocompare.com *.googleusercontent.com https://www.facebook.com http://www.google-analytics.com https://www.google.com http://t.co/i/adsct https://raw.githubusercontent.com *.medium.com; style-src 'self' 'unsafe-inline' https://rsms.me https://fonts.googleapis.com nonce-lTXIqXyjUUiZu6EBcF00fhFYGEF2UDoM; font-src 'self' https://rsms.me https://fonts.gstatic.com data:; manifest-src 'self'; object-src 'self'; media-src 'self' *.archive.org; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://z2.isecurity.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Mon, 13 Nov 2023 12:58:07 GMT content-security-policy default-src *.blockchain.com; script-src 'self' 'unsafe-eval' https://cdn.polyfill.io https://www.facebook.com http://www.google-analytics.com https://www.google.com https://www.gstatic.com *.blockchain.com *.blockchain.info https://www.googletagmanager.com nonce-lTXIqXyjUUiZu6EBcF00fhFYGEF2UDoM data:; script-src-elem 'self' 'unsafe-inline' https://cdn.polyfill.io http://www.google-analytics.com https://www.googletagmanager.com https://analytics.twitter.com http://static.ads-twitter.com https://connect.facebook.net nonce-lTXIqXyjUUiZu6EBcF00fhFYGEF2UDoM; connect-src 'self' *.blockchain.com *.blockchain.info *.cryptocompare.com https://script.google.com https://webto.salesforce.com/* wss://streamer.cryptocompare.com https://blockchain.info https://api.greenhouse.io *.doubleclick.net *.google.com *.googleusercontent.com https://www.google-analytics.com https://cdn.embedly.com nonce-lTXIqXyjUUiZu6EBcF00fhFYGEF2UDoM; frame-src 'self' *.blockchain.com *.blockchain.info *.apple.com https://www.google.com https://www.youtube.com https://www.googletagmanager.com https://cdn.embedly.com https://dxmfp9dfv1uwi.cloudfront.net/; img-src 'self' *.blockchain.com *.blockchain.info *.medium.com https://www.googletagmanager.com *.adsrvr.org data: *.cryptocompare.com *.googleusercontent.com https://www.facebook.com http://www.google-analytics.com https://www.google.com http://t.co/i/adsct https://raw.githubusercontent.com *.medium.com; style-src 'self' 'unsafe-inline' https://rsms.me https://fonts.googleapis.com nonce-lTXIqXyjUUiZu6EBcF00fhFYGEF2UDoM; font-src 'self' https://rsms.me https://fonts.gstatic.com data:; manifest-src 'self'; object-src 'self'; media-src 'self' *.archive.org; x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status MISS content-encoding br x-original-host www.blockchain.com x-blockchain-cp-f zzfv 0.002 - 042e1f7c9c621abf729ac8bd805f3ce9 x-xss-protection 1; mode=block x-request-id 042e1f7c9c621abf729ac8bd805f3ce9 last-modified Mon, 13 Nov 2023 12:58:07 GMT server nginx/1.24.0 x-blockchain-cp-b blockchain-com x-blockchain-server BlockchainFE/1.0 x-frame-options SAMEORIGIN vary Accept-Encoding content-type image/x-icon x-blockchain-language de cache-control public, max-age=600 x-blockchain-language-id 0:0:1 (en:en:de) cf-ray 82572f3608c905b0-IAD
GET DATA	200 OK	truncated /	586 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	609 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a0cc5067bb1f71a16754b57729bcfdbc7a882475c2bf375ce92e73c3a0198850 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers Content-Type image/png
GET BLOB	200 OK	bc837801-21ca-40f5-a944-75dfec167625 https://z2.isecurity.site/	13 B 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://z2.isecurity.site/bc837801-21ca-40f5-a944-75dfec167625 Requested by Host: z2.isecurity.site URL: https://z2.isecurity.site/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04 Request headers accept-language de-DE,de;q=0.9 Referer https://z2.isecurity.site/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers Content-Length 13 Content-Type text/javascript

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| _cf_chl_opt function| FAIg1 boolean| WrwZ6 function| scUG3 function| IyIbT4 function| SgWID6 function| LGYdpr9 function| FdoAsB7 object| nCiPQs6 function| mgSMVQzBWl object| BoUQfS8

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://z2.isecurity.site/ Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

z2.isecurity.site
5.161.139.162
2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2
45fba577819a73c43a051f52795428406a42b637230f1aed24ef832fd8b4ee47
532f197c5c2741e8aa1a68ad3143b787bc44ba8b4c5c16031d59bcfd1b3ca924
6e9e4aefec755103010def1151655624c2d184861243090df4c426e8b7e69158
8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04
a0cc5067bb1f71a16754b57729bcfdbc7a882475c2bf375ce92e73c3a0198850
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa