urlscan.io logo urlscan.io
SecurityTrails logo

iseg.yandex.by Open in urlscan Pro
2a02:6b8::3:215  Public Scan

Go To Rescan Add Verdict Report
URL: https://iseg.yandex.by/
Submission: On March 13 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 12 HTTP transactions. The main IP is 2a02:6b8::3:215, located in Moscow, Russian Federation and belongs to YANDEX, RU. The main domain is iseg.yandex.by.
TLS certificate: Issued by Yandex CA on January 22nd 2020. Valid for: 6 months.
This is the only time iseg.yandex.by was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2a02:6b8::3:215 13238 (YANDEX)
8 2a02:6b8:20::215 13238 (YANDEX)
1 2a02:6b8::184 13238 (YANDEX)
2 151.101.112.217 54113 (FASTLY)
12 4
Domain Requested by
8 yastatic.net iseg.yandex.by
2 player.vimeo.com iseg.yandex.by
1 avatars.mds.yandex.net iseg.yandex.by
1 iseg.yandex.by
12 4

This site contains links to these domains. Also see Links.

Domain
mariaschildren.ru
Subject Issuer Validity Valid
iseg.yandex.by
Yandex CA		 2020-01-22 -
2020-07-20		 6 months crt.sh
static.yandex.net
Yandex CA		 2019-09-06 -
2020-09-05		 a year crt.sh
*.avatars.yandex.net
Yandex CA		 2019-10-04 -
2020-10-03		 a year crt.sh
*.vimeo.com
DigiCert SHA2 Secure Server CA		 2018-08-24 -
2020-04-02		 2 years crt.sh

This page contains 3 frames:

Primary Page: https://iseg.yandex.by/
Frame ID: DBCE54EFC6F756717EE48E77853E8920
Requests: 10 HTTP requests in this frame

Frame: https://player.vimeo.com/video/105883890?byline=0&portrait=0&color=ffcc00
Frame ID: 196E35B809DBBEA4777184468A4ADA76
Requests: 1 HTTP requests in this frame

Frame: https://player.vimeo.com/video/113919037?byline=0&portrait=0&color=ffcc00
Frame ID: B052DB2D2350109007EEE262AFB68FD0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • html /<[^>]+data-bem/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

12
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

497 kB
Transfer

659 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
iseg.yandex.by/ 		71 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://iseg.yandex.by/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::3:215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx /
Resource Hash
dd73fc80a87817a12c2b0a16654d9bcf01b3898d73075d197fedd4dc6fc5734b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' yastatic.net mc.yandex.ru video.yandex.ru player.vimeo.com www.youtube.com; style-src 'self' 'unsafe-inline' yastatic.net mc.yandex.ru video.yandex.ru player.vimeo.com www.youtube.com; font-src 'self' yastatic.net; img-src 'self' data: avatars.yandex.net avatars.mds.yandex.net mc.yandex.ru yastatic.net video.yandex.ru player.vimeo.com www.youtube.com mc.admetrica.ru; frame-src video.yandex.ru player.video.yandex.net player.vimeo.com www.youtube.com; report-uri https://csp.yandex.net/csp?from=iseg&yandex_login=undefined&yandexuid=undefined;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Host
iseg.yandex.by
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

Server
nginx
Date
Fri, 13 Mar 2020 10:29:24 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=120
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' yastatic.net mc.yandex.ru video.yandex.ru player.vimeo.com www.youtube.com; style-src 'self' 'unsafe-inline' yastatic.net mc.yandex.ru video.yandex.ru player.vimeo.com www.youtube.com; font-src 'self' yastatic.net; img-src 'self' data: avatars.yandex.net avatars.mds.yandex.net mc.yandex.ru yastatic.net video.yandex.ru player.vimeo.com www.youtube.com mc.admetrica.ru; frame-src video.yandex.ru player.video.yandex.net player.vimeo.com www.youtube.com; report-uri https://csp.yandex.net/csp?from=iseg&yandex_login=undefined&yandexuid=undefined;
X-XSS-Protection
1; mode=block
X-Frame-Options
DENY
Set-Cookie
yandexuid=6780543331584095364; Domain=.yandex.by; Path=/; Expires=Wed, 13 Mar 2030 10:29:24 GMT
X-qloud-router
vla5-ff36f2b64eb2.qloud-c.yandex.net
Content-Encoding
gzip
_index.css
yastatic.net/s3/locdoc/static/iseg/0.18.0/desktop.bundles/index/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/s3/locdoc/static/iseg/0.18.0/desktop.bundles/index/_index.css
Requested by
Host: iseg.yandex.by
URL: https://iseg.yandex.by/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.17.8 /
Resource Hash
6fd25f1c9be8d2a04450a2bdf258adb34508be34a0908495371ca0120492641b
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://iseg.yandex.by/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 13 Mar 2020 10:29:24 GMT
content-encoding
br
last-modified
Thu, 08 Aug 2019 15:05:38 GMT
server
nginx/1.17.8
access-control-allow-origin
*
etag
W/"7a7828b982b676d6e7ab2298c413eff2"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
status
200
x-nginx-request-id
962ecbd125b071bb
cache-control
public, max-age=216013
strict-transport-security
max-age=43200000; includeSubDomains;
timing-allow-origin
*
expires
Sun, 15 Mar 2020 22:29:25 GMT
jquery.min.js
yastatic.net/jquery/1.11.3/ 		94 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/jquery/1.11.3/jquery.min.js
Requested by
Host: iseg.yandex.by
URL: https://iseg.yandex.by/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.17.8 /
Resource Hash
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://iseg.yandex.by/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 10:29:24 GMT
content-encoding
br
x-nginx-request-id
f2b9ead73b009a1c
status
200
strict-transport-security
max-age=43200000; includeSubDomains;
content-length
29912
last-modified
Mon, 12 Nov 2018 13:13:43 GMT
server
nginx/1.17.8
etag
"c0ae8dbd1d90120e32098f41767d1130"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=216013
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 14 Mar 2020 15:20:31 GMT
_index.ru.js
yastatic.net/s3/locdoc/static/iseg/0.18.0/desktop.bundles/index/ 		55 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/s3/locdoc/static/iseg/0.18.0/desktop.bundles/index/_index.ru.js
Requested by
Host: iseg.yandex.by
URL: https://iseg.yandex.by/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.17.8 /
Resource Hash
caab9ba6b8b1c7c6f01a109bb6ae4af3988709653a03a8887ee6d325b37ff8b7
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://iseg.yandex.by/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 10:29:24 GMT
content-encoding
br
last-modified
Thu, 08 Aug 2019 15:05:38 GMT
server
nginx/1.17.8
access-control-allow-origin
*
etag
W/"185f69614b0e010e0078274256d6ae54"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
x-nginx-request-id
cd4b79f0c5ff6fbf
cache-control
public, max-age=216013
strict-transport-security
max-age=43200000; includeSubDomains;
timing-allow-origin
*
expires
Sun, 15 Mar 2020 22:29:25 GMT
orig
avatars.mds.yandex.net/get-bunker/61205/6e2397629c59de77a2e1dba20a6f73aa62ab09ea/ 		286 KB
286 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.mds.yandex.net/get-bunker/61205/6e2397629c59de77a2e1dba20a6f73aa62ab09ea/orig
Requested by
Host: iseg.yandex.by
URL: https://iseg.yandex.by/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::184 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx /
Resource Hash
a56ff0f12c6d29e3b226c2b92ab00b03ba8e12e711a14084616e9d68b8ee71a2

Request headers

Referer
https://iseg.yandex.by/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 10:29:24 GMT
last-modified
Thu, 30 Jun 2016 01:49:00 GMT
server
nginx
content-type
image/jpeg
status
200
cache-control
max-age=86400,immutable
timing-allow-origin
*
content-length
292445
x-request-id
983c501c67fb13b5
jquery.magnific-popup.min.js
yastatic.net/magnific-popup/1.0.1/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/magnific-popup/1.0.1/jquery.magnific-popup.min.js
Requested by
Host: iseg.yandex.by
URL: https://iseg.yandex.by/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.17.8 /
Resource Hash
3f5cd6abe1ce40910aac6bb42e6ecc21e5f19fc88dbaf609f41e13e1d91634ff
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://iseg.yandex.by/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 10:29:24 GMT
content-encoding
br
last-modified
Tue, 18 Jun 2019 11:43:55 GMT
server
nginx/1.17.8
access-control-allow-origin
*
etag
W/"992d327d5e12f9ba9e74c7a20f1c2c10"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
x-nginx-request-id
d92f7b52a8e88e2a
cache-control
public, max-age=216013
strict-transport-security
max-age=43200000; includeSubDomains;
timing-allow-origin
*
expires
Sun, 15 Mar 2020 22:29:25 GMT
magnific-popup.css
yastatic.net/magnific-popup/1.0.1/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/magnific-popup/1.0.1/magnific-popup.css
Requested by
Host: iseg.yandex.by
URL: https://iseg.yandex.by/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.17.8 /
Resource Hash
648aacd32da86d341dec60d5ece0de2cfc7d578e981fad920af31a8ad8ab874c
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://iseg.yandex.by/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 13 Mar 2020 10:29:24 GMT
content-encoding
br
last-modified
Tue, 18 Jun 2019 11:43:55 GMT
server
nginx/1.17.8
access-control-allow-origin
*
etag
W/"c70dbd97377e464a7072dae9f8732e3b"
vary
Accept-Encoding
content-type
text/css
status
200
x-nginx-request-id
0b364f0a3882b8f7
cache-control
public, max-age=216013
strict-transport-security
max-age=43200000; includeSubDomains;
timing-allow-origin
*
expires
Sun, 15 Mar 2020 22:29:25 GMT
105883890
player.vimeo.com/video/ Frame 196E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/video/105883890?byline=0&portrait=0&color=ffcc00
Requested by
Host: iseg.yandex.by
URL: https://iseg.yandex.by/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://sentry.io https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://backend.dna-delivery.com https://mimir.cloud.vimeo.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://f.vimeocdn.com; frame-src 'self' https://imasdk.googleapis.com/ https://f.vimeocdn.com; report-uri /_csp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
player.vimeo.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://iseg.yandex.by/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://iseg.yandex.by/

Response headers

Server
nginx
Content-Type
text/html; charset=UTF-8
X-Xss-Protection
1; mode=block
Content-Security-Policy
script-src 'self' 'unsafe-inline' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://sentry.io https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://backend.dna-delivery.com https://mimir.cloud.vimeo.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://f.vimeocdn.com; frame-src 'self' https://imasdk.googleapis.com/ https://f.vimeocdn.com; report-uri /_csp
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Link
<https://i.vimeocdn.com>; rel=preconnect; crossorigin <https://f.vimeocdn.com>; rel=preconnect; crossorigin <https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin
P3p
CP="This is not a P3P policy! See https://vimeo.com/privacy"
Expires
Fri, 13 Mar 2020 10:39:24 GMT
Via
1.1 varnish 1.1 varnish
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Varnish-Cache
0
X-VServer
infra-playproxy-a-6
X-Vimeo-DC
ge
Content-Length
4890
Accept-Ranges
bytes
Date
Fri, 13 Mar 2020 10:29:24 GMT
Age
0
Connection
keep-alive
X-Served-By
cache-hhn4062-HHN
X-Cache
MISS
X-Cache-Hits
0
X-Timer
S1584095365.581310,VS0,VE133
Vary
Accept-Encoding
113919037
player.vimeo.com/video/ Frame B052 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/video/113919037?byline=0&portrait=0&color=ffcc00
Requested by
Host: iseg.yandex.by
URL: https://iseg.yandex.by/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://sentry.io https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://backend.dna-delivery.com https://mimir.cloud.vimeo.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://f.vimeocdn.com; frame-src 'self' https://imasdk.googleapis.com/ https://f.vimeocdn.com; report-uri /_csp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
player.vimeo.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://iseg.yandex.by/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://iseg.yandex.by/

Response headers

Server
nginx
Content-Type
text/html; charset=UTF-8
X-Xss-Protection
1; mode=block
Content-Security-Policy
script-src 'self' 'unsafe-inline' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://sentry.io https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://backend.dna-delivery.com https://mimir.cloud.vimeo.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://f.vimeocdn.com; frame-src 'self' https://imasdk.googleapis.com/ https://f.vimeocdn.com; report-uri /_csp
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Link
<https://i.vimeocdn.com>; rel=preconnect; crossorigin <https://f.vimeocdn.com>; rel=preconnect; crossorigin <https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin
P3p
CP="This is not a P3P policy! See https://vimeo.com/privacy"
Expires
Fri, 13 Mar 2020 10:39:24 GMT
Via
1.1 varnish 1.1 varnish
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Varnish-Cache
0
X-VServer
infra-playproxy-a-3
X-Vimeo-DC
ge
Content-Length
4968
Accept-Ranges
bytes
Date
Fri, 13 Mar 2020 10:29:24 GMT
Age
0
Connection
keep-alive
X-Served-By
cache-hhn4026-HHN
X-Cache
MISS
X-Cache-Hits
0
X-Timer
S1584095365.580886,VS0,VE128
Vary
Accept-Encoding
GEumJGdz6PuI2jZ6GhSq0paPvho.woff2
yastatic.net/islands/_/ 		39 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/islands/_/GEumJGdz6PuI2jZ6GhSq0paPvho.woff2
Requested by
Host: iseg.yandex.by
URL: https://iseg.yandex.by/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.17.8 /
Resource Hash
f844fd27ca0c2326faf01bfecc60ea13b30ee22bfeb19caf1fca47ef3796d770
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://yastatic.net/s3/locdoc/static/iseg/0.18.0/desktop.bundles/index/_index.css
Origin
https://iseg.yandex.by
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 13 Mar 2020 10:29:24 GMT
content-encoding
br
last-modified
Mon, 09 Sep 2019 22:38:35 GMT
server
nginx/1.17.8
access-control-allow-origin
*
etag
"646496228e7b93f21d06d34c576e047a"
vary
Accept-Encoding
status
200
x-nginx-request-id
479060bed7a6ba55
cache-control
public, max-age=216013
strict-transport-security
max-age=43200000; includeSubDomains;
accept-ranges
bytes
timing-allow-origin
*
content-length
39952
expires
Sun, 15 Mar 2020 22:28:55 GMT
jyjCN4zgI57UwoJpEmCnznrQydw.woff2
yastatic.net/islands/_/ 		41 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/islands/_/jyjCN4zgI57UwoJpEmCnznrQydw.woff2
Requested by
Host: iseg.yandex.by
URL: https://iseg.yandex.by/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.17.8 /
Resource Hash
5e306ed7bf382e773cd9311f150a0ae8744b4d3afb6fc7f97388c73fdd57a6d1
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://yastatic.net/s3/locdoc/static/iseg/0.18.0/desktop.bundles/index/_index.css
Origin
https://iseg.yandex.by
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 13 Mar 2020 10:29:24 GMT
content-encoding
br
last-modified
Mon, 09 Sep 2019 22:39:03 GMT
server
nginx/1.17.8
access-control-allow-origin
*
etag
"6429a8696d8b2c9422ec1912e38bc6b4"
vary
Accept-Encoding
status
200
x-nginx-request-id
bac50281dadddba1
cache-control
public, max-age=216013
strict-transport-security
max-age=43200000; includeSubDomains;
accept-ranges
bytes
timing-allow-origin
*
content-length
42308
expires
Sun, 15 Mar 2020 22:26:26 GMT
cXX7mP_o-5hg5efoMGpgrVrpE1Y.woff2
yastatic.net/islands/_/ 		40 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/islands/_/cXX7mP_o-5hg5efoMGpgrVrpE1Y.woff2
Requested by
Host: iseg.yandex.by
URL: https://iseg.yandex.by/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.17.8 /
Resource Hash
924085b95eb1e4cf87f1cf55426f8a6bbcd3925be8cb233fcd8d1d4050ecdb56
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://yastatic.net/s3/locdoc/static/iseg/0.18.0/desktop.bundles/index/_index.css
Origin
https://iseg.yandex.by
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 13 Mar 2020 10:29:24 GMT
content-encoding
br
last-modified
Mon, 09 Sep 2019 22:39:02 GMT
server
nginx/1.17.8
access-control-allow-origin
*
etag
"8f27a274c39674d3f267e35900b0ad3d"
vary
Accept-Encoding
status
200
x-nginx-request-id
5b1ae9444171ce12
cache-control
public, max-age=216013
strict-transport-security
max-age=43200000; includeSubDomains;
accept-ranges
bytes
timing-allow-origin
*
content-length
40456
expires
Sun, 15 Mar 2020 22:25:46 GMT

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery function| BEM object| Lego boolean| _pointerPolyfillInited object| jQuery111301751540183501814 object| BH object| BEMHTML object| bh

2 Cookies

Domain/Path Name / Value
.vimeo.com/ Name: vuid
Value: pl754628493.717370687
.yandex.by/ Name: yandexuid
Value: 6780543331584095364

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' yastatic.net mc.yandex.ru video.yandex.ru player.vimeo.com www.youtube.com; style-src 'self' 'unsafe-inline' yastatic.net mc.yandex.ru video.yandex.ru player.vimeo.com www.youtube.com; font-src 'self' yastatic.net; img-src 'self' data: avatars.yandex.net avatars.mds.yandex.net mc.yandex.ru yastatic.net video.yandex.ru player.vimeo.com www.youtube.com mc.admetrica.ru; frame-src video.yandex.ru player.video.yandex.net player.vimeo.com www.youtube.com; report-uri https://csp.yandex.net/csp?from=iseg&yandex_login=undefined&yandexuid=undefined;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block