urlscan.io logo urlscan.io
SecurityTrails logo

pokupki.market.yandex.ru Open in urlscan Pro
2a02:6b8::2f1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://sso.passport.yandex.ru/push?retpath=https%3A%2F%2Fberu.ru%2Fauth-redir%3Fretpath%3D%252Fmy%252Fcart%253Floggedin%253D1%...
Effective URL: https://pokupki.market.yandex.ru/auth-redir?retpath=%2Fmy%2Fcart%3Floggedin%3D1&csrf=1591004312455%3A9ca2bbcee8257133429899b44406...
Submission: On October 12 via manual from RU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 4 HTTP transactions. The main IP is 2a02:6b8::2f1, located in Moscow, Russian Federation and belongs to YANDEX, RU. The main domain is pokupki.market.yandex.ru.
TLS certificate: Issued by Yandex CA on September 29th 2020. Valid for: 6 months.
This is the only time pokupki.market.yandex.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2a02:6b8::24 13238 (YANDEX)
1 1 2a02:6b8::69 13238 (YANDEX)
1 2a02:6b8::2f1 13238 (YANDEX)
1 2a02:6b8:20::215 13238 (YANDEX)
4 4
Apex Domain
Subdomains		 Transfer
2 beru.ru
sso.beru.ru
beru.ru
3 KB
2 yandex.ru
sso.passport.yandex.ru
pokupki.market.yandex.ru
6 KB
1 yastatic.net
yastatic.net
2 KB
4 3
Domain Requested by
1 yastatic.net pokupki.market.yandex.ru
1 pokupki.market.yandex.ru sso.beru.ru
1 beru.ru 1 redirects
1 sso.beru.ru
1 sso.passport.yandex.ru
4 5

This site contains no links.

Subject Issuer Validity Valid
sso.passport.yandex.kz
Yandex CA		 2020-09-30 -
2021-03-31		 6 months crt.sh
sso.beru.ru
Yandex CA		 2020-09-30 -
2021-03-31		 6 months crt.sh
pokupki.market.yandex.com
Yandex CA		 2020-09-29 -
2021-03-30		 6 months crt.sh
*.yastatic.net
Yandex CA		 2020-09-29 -
2021-03-30		 6 months crt.sh

This page contains 1 frames:

Primary Page: https://pokupki.market.yandex.ru/auth-redir?retpath=%2Fmy%2Fcart%3Floggedin%3D1&csrf=1591004312455%3A9ca2bbcee8257133429899b444061ed7&from_beru=1
Frame ID: E11A192D53A2663244887DAF2B4735D3
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://sso.passport.yandex.ru/push?retpath=https%3A%2F%2Fberu.ru%2Fauth-redir%3Fretpath%3D%252Fmy%252Fcart... Page URL
  2. https://sso.beru.ru/install?uuid=6fc800f4-baf4-4ba9-8947-a085f6334955 Page URL
  3. https://beru.ru/auth-redir?retpath=%2Fmy%2Fcart%3Floggedin%3D1&csrf=1591004312455%3A9ca2bbce... HTTP 301
    https://pokupki.market.yandex.ru/auth-redir?retpath=%2Fmy%2Fcart%3Floggedin%3D1&csrf=1591004312455%3A9ca2bbce... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

4
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

5
Subdomains

4
IPs

1
Countries

10 kB
Transfer

15 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://sso.passport.yandex.ru/push?retpath=https%3A%2F%2Fberu.ru%2Fauth-redir%3Fretpath%3D%252Fmy%252Fcart%253Floggedin%253D1%26csrf%3D1591004312455%253A9ca2bbcee8257133429899b444061ed7&uuid=6fc800f4-baf4-4ba9-8947-a085f6334955 Page URL
  2. https://sso.beru.ru/install?uuid=6fc800f4-baf4-4ba9-8947-a085f6334955 Page URL
  3. https://beru.ru/auth-redir?retpath=%2Fmy%2Fcart%3Floggedin%3D1&csrf=1591004312455%3A9ca2bbcee8257133429899b444061ed7 HTTP 301
    https://pokupki.market.yandex.ru/auth-redir?retpath=%2Fmy%2Fcart%3Floggedin%3D1&csrf=1591004312455%3A9ca2bbcee8257133429899b444061ed7&from_beru=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set push
sso.passport.yandex.ru/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.passport.yandex.ru/push?retpath=https%3A%2F%2Fberu.ru%2Fauth-redir%3Fretpath%3D%252Fmy%252Fcart%253Floggedin%253D1%26csrf%3D1591004312455%253A9ca2bbcee8257133429899b444061ed7&uuid=6fc800f4-baf4-4ba9-8947-a085f6334955
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::24 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx /
Resource Hash
01a3980f26b33f328f0fb28d7068385f0cc59daa2c7b480f04b572bf07e92f36
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors https://*.beru.ru https://beru.ru; connect-src 'self'; script-src 'nonce-1b5c527902ba0c4b4b7e0d0337afbde2' 'self'; img-src 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
sso.passport.yandex.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Mon, 12 Oct 2020 09:35:22 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
close
Vary
Accept-Encoding
X-Download-Options
noopen
X-Content-Type-Options
nosniff
Surrogate-Control
no-store
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate
Pragma
no-cache
Expires
0
X-DNS-Prefetch-Control
off
X-XSS-Protection
1; mode=block
Content-Security-Policy
default-src 'none'; frame-ancestors https://*.beru.ru https://beru.ru; connect-src 'self'; script-src 'nonce-1b5c527902ba0c4b4b7e0d0337afbde2' 'self'; img-src 'self'
Set-Cookie
mda2_beacon=1602495322948; Domain=.passport.yandex.ru; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; Path=/; SameSite=None ys=c_chck.2490617458; Domain=.yandex.ru; Secure; Path=/; SameSite=None mda2_domains=beru.ru; Domain=.passport.yandex.ru; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; Path=/
Referrer-Policy
origin
ETag
W/"606-qDRb34AJnx2UxpsWq81gRbC8T7k"
Strict-Transport-Security
max-age=315360000; includeSubDomains
Content-Encoding
gzip
Cookie set install
sso.beru.ru/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.beru.ru/install?uuid=6fc800f4-baf4-4ba9-8947-a085f6334955
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::24 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx /
Resource Hash
59331c2220b225c295cbd738bdc871e9b6806d72f3161a46cb976785ec0c4560
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors https://*.beru.ru https://beru.ru; connect-src 'self'; script-src 'nonce-82c20020721fef824bfd060f1652cb84' 'self'; img-src 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
sso.beru.ru
Connection
keep-alive
Content-Length
919
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
Origin
https://sso.passport.yandex.ru
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://sso.passport.yandex.ru/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
Origin
https://sso.passport.yandex.ru
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://sso.passport.yandex.ru/

Response headers

Server
nginx
Date
Mon, 12 Oct 2020 09:35:23 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
close
Vary
Accept-Encoding
X-Download-Options
noopen
X-Content-Type-Options
nosniff
Surrogate-Control
no-store
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate
Pragma
no-cache
Expires
0
X-DNS-Prefetch-Control
off
X-XSS-Protection
1; mode=block
Content-Security-Policy
default-src 'none'; frame-ancestors https://*.beru.ru https://beru.ru; connect-src 'self'; script-src 'nonce-82c20020721fef824bfd060f1652cb84' 'self'; img-src 'self'
Referrer-Policy
origin
Set-Cookie
Session_id=noauth:1602495322; Domain=.beru.ru; Max-Age=7200; Secure; HttpOnly; Path=/; SameSite=None yandex_login=; Domain=.beru.ru; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; Path=/; SameSite=None ys=c_chck.2490617458; Domain=.beru.ru; Secure; Path=/; SameSite=None mda2_beacon=1602495322949; Domain=.beru.ru; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; Path=/; SameSite=None
ETag
W/"bdc-3ULyq4XiDAksFuu545/rA9DDtPA"
Strict-Transport-Security
max-age=315360000; includeSubDomains
Content-Encoding
gzip
Primary Request Cookie set auth-redir
pokupki.market.yandex.ru/
Redirect Chain
  • https://beru.ru/auth-redir?retpath=%2Fmy%2Fcart%3Floggedin%3D1&csrf=1591004312455%3A9ca2bbcee8257133429899b444061ed7
  • https://pokupki.market.yandex.ru/auth-redir?retpath=%2Fmy%2Fcart%3Floggedin%3D1&csrf=1591004312455%3A9ca2bbcee8257133429899b444061ed7&from_beru=1
6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pokupki.market.yandex.ru/auth-redir?retpath=%2Fmy%2Fcart%3Floggedin%3D1&csrf=1591004312455%3A9ca2bbcee8257133429899b444061ed7&from_beru=1
Requested by
Host: sso.beru.ru
URL: https://sso.beru.ru/install?uuid=6fc800f4-baf4-4ba9-8947-a085f6334955
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::2f1 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
0f30ad70a3422ccf17ba97f96390bc149c9e2a43d87c891f9f0692aacddd1f06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Host
pokupki.market.yandex.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://sso.beru.ru/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
ys=c_chck.2490617458
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://sso.beru.ru/install?uuid=6fc800f4-baf4-4ba9-8947-a085f6334955

Response headers

Content-Length
2760
Set-Cookie
i=J/F/yBB/a2X2O6ZN9+BaK7Hf076iGOBkbQjJUfmesC2aaWPE6LqAMQ5ZnUYAdR2ndW7ZZV/WGvDt0BKA3oRwGQpPoJ4=; Expires=Wed, 12-Oct-2022 09:35:23 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
Strict-Transport-Security
max-age=31536000
accept-ranges
bytes
access-control-allow-origin
*
cache-control
public, max-age=216013
content-encoding
gzip
content-type
text/html
date
Mon, 12 Oct 2020 09:35:23 GMT
device_type
market_front_blue_desktop
etag
"55f599920a338fa2f20d221ca992ff76"
expires
Wed, 14 Oct 2020 21:35:24 GMT
last-modified
Fri, 09 Oct 2020 13:25:14 GMT
nel
{"report_to": "network-errors", "max_age": 600, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to
{ "group": "network-errors", "max_age": 600, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
timing-allow-origin
*
vary
Accept-Encoding
x-market-req-id
1602495323465/82b5e1cc66f92fed3167820476b10500
x-nginx-request-id
c1a3cebc73105646
x-page-id
mandrel:authRedirect
x-page-type
node

Redirect headers

Content-Length
178
Set-Cookie
i=EOg7sIsrOZ178V5fhb9cegxWUCGaaGv5sSeO1XgBX246YW0nxEGosRvb1y8tkQAd4Ub9X3CkJQ7uLwUqmAaSUW+HQm8=; Expires=Wed, 12-Oct-2022 09:35:23 GMT; Domain=.beru.ru; Path=/; Secure; HttpOnly; SameSite=None
Strict-Transport-Security
max-age=31536000
cache-control
max-age=0, proxy-revalidate
content-type
text/html
date
Mon, 12 Oct 2020 09:35:23 GMT
location
https://pokupki.market.yandex.ru/auth-redir?retpath=%2Fmy%2Fcart%3Floggedin%3D1&csrf=1591004312455%3A9ca2bbcee8257133429899b444061ed7&from_beru=1
referrer-policy
no-referrer-when-downgrade
x-market-req-id
1602495323322/18cdd9ef25ca34d3e836800476b10500
x-xss-protection
1; mode=block
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bd756bbd6f10ef273ca2a796ff6f40a7c626f1a97c28884c14e4543963428d5c

Request headers

Referer
https://pokupki.market.yandex.ru/auth-redir?retpath=%2Fmy%2Fcart%3Floggedin%3D1&csrf=1591004312455%3A9ca2bbcee8257133429899b444061ed7&from_beru=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
zero-sad.svg
yastatic.net/market-export/_/b-image/errors/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yastatic.net/market-export/_/b-image/errors/zero-sad.svg
Requested by
Host: pokupki.market.yandex.ru
URL: https://pokupki.market.yandex.ru/auth-redir?retpath=%2Fmy%2Fcart%3Floggedin%3D1&csrf=1591004312455%3A9ca2bbcee8257133429899b444061ed7&from_beru=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
c68dc5244d4cdd4cd060f6eec119e67a1d85bdda8b064cb7ce8c84fb12e21127
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://pokupki.market.yandex.ru/auth-redir?retpath=%2Fmy%2Fcart%3Floggedin%3D1&csrf=1591004312455%3A9ca2bbcee8257133429899b444061ed7&from_beru=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 12 Oct 2020 09:35:23 GMT
content-encoding
gzip
vary
Accept-Encoding
nel
{"report_to": "network-errors", "max_age": 600, "success_fraction": 0.001, "failure_fraction": 0.01}
status
200
content-length
1450
x-nginx-request-id
72bc4e6528c14e4a
last-modified
Fri, 09 Oct 2020 13:25:31 GMT
server
nginx/1.17.9
etag
"4ce29be7bfe30b95a17ff0b2915fccdc"
strict-transport-security
max-age=43200000; includeSubDomains;
report-to
{ "group": "network-errors", "max_age": 600, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=216013
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 Oct 2020 21:35:10 GMT

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes

2 Cookies

Domain/Path Name / Value
.yandex.ru/ Name: i
Value: J/F/yBB/a2X2O6ZN9+BaK7Hf076iGOBkbQjJUfmesC2aaWPE6LqAMQ5ZnUYAdR2ndW7ZZV/WGvDt0BKA3oRwGQpPoJ4=
.yandex.ru/ Name: ys
Value: c_chck.2490617458

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; frame-ancestors https://*.beru.ru https://beru.ru; connect-src 'self'; script-src 'nonce-1b5c527902ba0c4b4b7e0d0337afbde2' 'self'; img-src 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block