distributemodel.com Open in urlscan Pro
192.243.59.20 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://belvederesquare.com/
Effective URL:
https://distributemodel.com/emr2zm1sk?key=a4f93d2fc3497f24dc29b96c78a0b459
Submission Tags: @phish_report
Submission: On January 03 via api (January 3rd 2025, 2:23:11 pm UTC) from FI — Scanned from FI

Summary HTTP 69 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 5 countries across 12 domains to perform 69 HTTP transactions. The main IP is 192.243.59.20, located in Ashburn, United States and belongs to ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL. The main domain is distributemodel.com.
TLS certificate: Issued by R10 on December 31st 2024. Valid for: 3 months.

This is the only time distributemodel.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	209.87.159.73 209.87.159.73	36444 (NEXCESS-NET) (NEXCESS-NET)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
2	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 10	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX YA...) (YANDEX YANDEX LLC)
2	104.21.112.1 104.21.112.1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	104.21.96.1 104.21.96.1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.243.59.20 192.243.59.20	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS DataWeb Global Group B.V.)
69	9

11 209.87.159.73 (United States)

ASN36444 (NEXCESS-NET, US)
PTR: cloudhost-5952977.us-midwest-1.nxcli.net

belvederesquare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

sync.gsyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

s16.cloudcdnstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:6b8::1:119 (Moscow, Russian Federation) 2 redirects

ASN13238 (YANDEX YANDEX LLC, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.21.112.1 (None, )

ASN13335 (CLOUDFLARENET, US)

www.yametric.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.21.96.1 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www2.citadores.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.243.59.20 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL)

distributemodel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	belvederesquare.com belvederesquare.com	71 KB
8	yandex.com 2 redirects mc.yandex.com — Cisco Umbrella Rank: 9443	5 KB
2	distributemodel.com distributemodel.com	1 KB
2	citadores.com 1 redirects www2.citadores.com	1 KB
2	yametric.com www.yametric.com	26 KB
2	cloudcdnstatic.com s16.cloudcdnstatic.com Failed	2 KB
2	yandex.ru mc.yandex.ru — Cisco Umbrella Rank: 4577 Failed	152 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29 maps.googleapis.com Failed	996 B
1	gsyndication.com sync.gsyndication.com — Cisco Umbrella Rank: 534880	11 KB
0	tech4u.app Failed tech4u.app Failed
0	google.com Failed www.google.com Failed
0	googletagmanager.com Failed www.googletagmanager.com Failed
69	12

	Domain	Requested by
11	belvederesquare.com	belvederesquare.com
8	mc.yandex.com	2 redirects s16.cloudcdnstatic.com mc.yandex.ru www2.citadores.com
2	distributemodel.com
2	www2.citadores.com	1 redirects
2	www.yametric.com	s16.cloudcdnstatic.com www.yametric.com
2	s16.cloudcdnstatic.com	sync.gsyndication.com
2	mc.yandex.ru	sync.gsyndication.com belvederesquare.com s16.cloudcdnstatic.com www2.citadores.com
1	fonts.googleapis.com	belvederesquare.com
1	sync.gsyndication.com	belvederesquare.com
0	tech4u.app Failed
0	www.google.com Failed	belvederesquare.com
0	maps.googleapis.com Failed	belvederesquare.com
0	www.googletagmanager.com Failed	belvederesquare.com
69	13

This site contains no links.

Subject Issuer	Validity	Valid
cffc097157.nxcli.io R10	`2024-12-25` - `2025-03-25`	3 months	crt.sh
gsyndication.com WE1	`2024-12-13` - `2025-03-13`	3 months	crt.sh
upload.video.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
cloudcdnstatic.com WE1	`2024-12-12` - `2025-03-12`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2024-10-20` - `2025-04-01`	5 months	crt.sh
yametric.com WE1	`2024-12-03` - `2025-03-03`	3 months	crt.sh
citadores.com WE1	`2024-11-12` - `2025-02-10`	3 months	crt.sh
distributemodel.com R10	`2024-12-31` - `2025-03-31`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://distributemodel.com/emr2zm1sk?key=a4f93d2fc3497f24dc29b96c78a0b459
Frame ID: 41C7E3002A0193D9EB29B0D2C0208BFE
Requests: 67 HTTP requests in this frame

Frame: https://mc.yandex.com/metrika/metrika_match.html
Frame ID: 8645370AFAA40BA69973CB5C1510CB34
Requests: 1 HTTP requests in this frame

Frame: https://mc.yandex.com/metrika/metrika_match.html
Frame ID: F057AF6D6F6F862E8357C5986CB67914
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://belvederesquare.com/ HTTP 307
https://belvederesquare.com/ Page URL
https://s16.cloudcdnstatic.com/?s16 Page URL
https://www2.citadores.com/ecm HTTP 301
http://www2.citadores.com/ecm/ HTTP 307
https://www2.citadores.com/ecm/ Page URL
https://distributemodel.com/emr2zm1sk?key=a4f93d2fc3497f24dc29b96c78a0b459 Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

69
Requests

38 %
HTTPS

38 %
IPv6

12
Domains

13
Subdomains

9
IPs

5
Countries

268 kB
Transfer

1108 kB
Size

17
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://belvederesquare.com/ HTTP 307
https://belvederesquare.com/ Page URL
https://s16.cloudcdnstatic.com/?s16 Page URL
https://www2.citadores.com/ecm HTTP 301
http://www2.citadores.com/ecm/ HTTP 307
https://www2.citadores.com/ecm/ Page URL
https://distributemodel.com/emr2zm1sk?key=a4f93d2fc3497f24dc29b96c78a0b459 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://belvederesquare.com/ HTTP 307
https://belvederesquare.com/

Request Chain 58

https://mc.yandex.com/watch/97642159?wmode=7&page-url=https%3A%2F%2Fs16.cloudcdnstatic.com%2F%3Fs16&page-ref=https%3A%2F%2Fbelvederesquare.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Afi-FI%3Av%3A1551%3Acn%3A1%3Adp%3A0%3Als%3A988737999305%3Ahid%3A115470011%3Az%3A120%3Ai%3A20250103162305%3Aet%3A1735914185%3Ac%3A1%3Arn%3A941506997%3Arqn%3A1%3Au%3A1735914185106687548%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A26%2C56%2C83%2C2%2C6%2C0%2C%2C13%2C0%2C%2C%2C%2C186%3Aco%3A0%3Acpf%3A1%3Ans%3A1735914184760%3Arqnl%3A1%3Ast%3A1735914185%3At%3A&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(42009092)ti(1) HTTP 302
https://mc.yandex.com/watch/97642159/1?wmode=7&page-url=https%3A%2F%2Fs16.cloudcdnstatic.com%2F%3Fs16&page-ref=https%3A%2F%2Fbelvederesquare.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Afi-FI%3Av%3A1551%3Acn%3A1%3Adp%3A0%3Als%3A988737999305%3Ahid%3A115470011%3Az%3A120%3Ai%3A20250103162305%3Aet%3A1735914185%3Ac%3A1%3Arn%3A941506997%3Arqn%3A1%3Au%3A1735914185106687548%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A26%2C56%2C83%2C2%2C6%2C0%2C%2C13%2C0%2C%2C%2C%2C186%3Aco%3A0%3Acpf%3A1%3Ans%3A1735914184760%3Arqnl%3A1%3Ast%3A1735914185%3At%3A&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009092%29ti%281%29&redirnss=1

Request Chain 60

https://www2.citadores.com/ecm HTTP 301
http://www2.citadores.com/ecm/ HTTP 307
https://www2.citadores.com/ecm/

Request Chain 64

https://mc.yandex.com/watch/99199815?wmode=7&page-url=https%3A%2F%2Fwww2.citadores.com%2Fecm%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Afi-FI%3Av%3A1551%3Acn%3A1%3Adp%3A0%3Als%3A1665184384100%3Ahid%3A373008114%3Az%3A120%3Ai%3A20250103162306%3Aet%3A1735914186%3Ac%3A1%3Arn%3A120540121%3Arqn%3A1%3Au%3A1735914186905236168%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C89%2C2%2C156%2C0%2C%2C14%2C0%2C%2C%2C%2C261%3Aco%3A0%3Acpf%3A1%3Ans%3A1735914185599%3Arqnl%3A1%3Ast%3A1735914186%3At%3A&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(42009092)ti(1) HTTP 302
https://mc.yandex.com/watch/99199815/1?wmode=7&page-url=https%3A%2F%2Fwww2.citadores.com%2Fecm%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Afi-FI%3Av%3A1551%3Acn%3A1%3Adp%3A0%3Als%3A1665184384100%3Ahid%3A373008114%3Az%3A120%3Ai%3A20250103162306%3Aet%3A1735914186%3Ac%3A1%3Arn%3A120540121%3Arqn%3A1%3Au%3A1735914186905236168%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C89%2C2%2C156%2C0%2C%2C14%2C0%2C%2C%2C%2C261%3Aco%3A0%3Acpf%3A1%3Ans%3A1735914185599%3Arqnl%3A1%3Ast%3A1735914186%3At%3A&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009092%29ti%281%29&redirnss=1

Request Chain 65

https://www2.citadores.com/favicon.ico HTTP 302
https://tech4u.app/

69 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
belvederesquare.com/
Redirect Chain

http://belvederesquare.com/
https://belvederesquare.com/

117 KB
21 KB

1404ms
1053ms

Document
text/html

209.87.159.73
NEXCESS-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://belvederesquare.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 209.87.159.73 , United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS: cloudhost-5952977.us-midwest-1.nxcli.net
Software: nginx /
Resource Hash: 1e38c28f485e2a3baa09f404575bb95c4386ce90c82486a18393486fc1a09b02

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 03 Jan 2025 14:23:04 GMT
link: <https://belvederesquare.com/wp-json/>; rel="https://api.w.org/", <https://belvederesquare.com/wp-json/wp/v2/pages/2324>; rel="alternate"; title="JSON"; type="application/json", <https://belvederesquare.com/>; rel=shortlink
server: nginx
vary: Accept-Encoding
x-cache-nxaccel: BYPASS
x-litespeed-tag: d5e_HTTP.200
x-tec-api-origin: https://belvederesquare.com
x-tec-api-root: https://belvederesquare.com/wp-json/tribe/events/v1/
x-tec-api-version: v1

Redirect headers

Location: https://belvederesquare.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 / Show response
sync.gsyndication.com/ 25 KB
11 KB 229ms
141ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.gsyndication.com/
Requested by: Host: belvederesquare.com
URL: https://belvederesquare.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7258aa7e793ecb889c549158dcb22ae5d41cc1c1bc1ff4e81a9324eb99990ec9

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://belvederesquare.com/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cp4h9iYPG%2F%2Ft%2Bxdv8cLw8bhj5M3bS30M8rYpU4bd87zRLS9GVdyWACdROZskkYB%2F73SWc8AFqawbDTYptB4cXNomNs6KWsZz%2BBNO4Q9lW7mmNIssuusycpNz20yfiWl9JcNYeknRAuTzHjKmK%2B9qdlckJ5o%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8fc3a505e9e55433-TLL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=31621&min_rtt=31245&rtt_var=5149&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3992&recv_bytes=2207&delivery_rate=127655&cwnd=253&unsent_bytes=0&cid=a85c966b32aabd8e&ts=147&x=0"
date: Fri, 03 Jan 2025 14:23:04 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
server: cloudflare

GET fa-brands-400.woff2
belvederesquare.com/wp-content/plugins/bb-plugin/fonts/fontawesome/5.15.4/webfonts/ 0
0

GET fa-solid-900.woff2
belvederesquare.com/wp-content/plugins/bb-plugin/fonts/fontawesome/5.15.4/webfonts/ 0
0

GET
H2 200 formidableforms.css
belvederesquare.com/wp-content/plugins/formidable/css/ 107 KB
0 163ms
160ms Stylesheet
text/css 209.87.159.73
NEXCESS-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://belvederesquare.com/wp-content/plugins/formidable/css/formidableforms.css?ver=12301414
Requested by: Host: belvederesquare.com
URL: https://belvederesquare.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 209.87.159.73 , United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS: cloudhost-5952977.us-midwest-1.nxcli.net
Software: nginx /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://belvederesquare.com/

Response headers

cache-control: max-age=31557600
x-cache-nxaccel: STALE
content-encoding: br
etag: W/"25a64-62a7d700f4ed2"
expires: Sat, 03 Jan 2026 20:20:58 GMT
date: Fri, 03 Jan 2025 14:23:04 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Mon, 30 Dec 2024 14:14:59 GMT

GET
H2 200 style.min.css
belvederesquare.com/wp-includes/css/dist/block-library/ 112 KB
14 KB 310ms
307ms Stylesheet
text/css 209.87.159.73
NEXCESS-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://belvederesquare.com/wp-includes/css/dist/block-library/style.min.css?ver=6.7.1
Requested by: Host: belvederesquare.com
URL: https://belvederesquare.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 209.87.159.73 , United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS: cloudhost-5952977.us-midwest-1.nxcli.net
Software: nginx /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://belvederesquare.com/

Response headers

x-nocache: 1
cache-control: max-age=31557600
content-encoding: br
etag: W/"1c012-626d10c1cf1da"
expires: Sat, 03 Jan 2026 20:23:04 GMT
date: Fri, 03 Jan 2025 14:23:04 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Wed, 13 Nov 2024 20:19:13 GMT

GET
H2 200 2324-layout.css
belvederesquare.com/wp-content/uploads/bb-plugin/cache/ 96 KB
9 KB 163ms
160ms Stylesheet
text/css 209.87.159.73
NEXCESS-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://belvederesquare.com/wp-content/uploads/bb-plugin/cache/2324-layout.css?ver=37d7cb5440dbedc1f0196e440aba4503
Requested by: Host: belvederesquare.com
URL: https://belvederesquare.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 209.87.159.73 , United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS: cloudhost-5952977.us-midwest-1.nxcli.net
Software: nginx /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://belvederesquare.com/

Response headers

cache-control: max-age=31557600
x-cache-nxaccel: STALE
content-encoding: br
etag: W/"17e2a-62abe76c5adb8"
expires: Sat, 03 Jan 2026 20:20:58 GMT
date: Fri, 03 Jan 2025 14:23:04 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Thu, 02 Jan 2025 19:49:45 GMT

GET
H2 200 cleantalk-public.min.css
belvederesquare.com/wp-content/plugins/cleantalk-spam-protect/css/ 3 KB
980 B 163ms
160ms Stylesheet
text/css 209.87.159.73
NEXCESS-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://belvederesquare.com/wp-content/plugins/cleantalk-spam-protect/css/cleantalk-public.min.css?ver=6.47
Requested by: Host: belvederesquare.com
URL: https://belvederesquare.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 209.87.159.73 , United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS: cloudhost-5952977.us-midwest-1.nxcli.net
Software: nginx /
Resource Hash: ba4be648e180af840eba117f20203084f95b9933d9eda25650b1a52d4cc7b054

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://belvederesquare.com/

Response headers

cache-control: max-age=31557600
x-cache-nxaccel: STALE
content-encoding: br
etag: W/"c52-62a7d6b2f0db4"
expires: Sat, 03 Jan 2026 20:20:58 GMT
date: Fri, 03 Jan 2025 14:23:04 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Mon, 30 Dec 2024 14:13:37 GMT

GET
H2 200 cleantalk-email-decoder.min.css
belvederesquare.com/wp-content/plugins/cleantalk-spam-protect/css/ 1 KB
519 B 163ms
161ms Stylesheet
text/css 209.87.159.73
NEXCESS-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://belvederesquare.com/wp-content/plugins/cleantalk-spam-protect/css/cleantalk-email-decoder.min.css?ver=6.47
Requested by: Host: belvederesquare.com
URL: https://belvederesquare.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 209.87.159.73 , United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS: cloudhost-5952977.us-midwest-1.nxcli.net
Software: nginx /
Resource Hash: 53c49a3cfb39f581720c3eadcf40b011299dd1bae8a6c8a7fc85fbf49d6986ba

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://belvederesquare.com/

Response headers

cache-control: max-age=31557600
x-cache-nxaccel: STALE
content-encoding: br
etag: W/"50e-62a7d6b2f0db4"
expires: Sat, 03 Jan 2026 20:20:58 GMT
date: Fri, 03 Jan 2025 14:23:04 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Mon, 30 Dec 2024 14:13:37 GMT

GET
H2 200 cleantalk-trp.min.css
belvederesquare.com/wp-content/plugins/cleantalk-spam-protect/css/ 1021 B
399 B 163ms
161ms Stylesheet
text/css 209.87.159.73
NEXCESS-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://belvederesquare.com/wp-content/plugins/cleantalk-spam-protect/css/cleantalk-trp.min.css?ver=6.47
Requested by: Host: belvederesquare.com
URL: https://belvederesquare.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 209.87.159.73 , United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS: cloudhost-5952977.us-midwest-1.nxcli.net
Software: nginx /
Resource Hash: 7bd402f4a0fcf14603af0cb43ddecfa1e2d43d449d8e64743609daa4be1cd0e9

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://belvederesquare.com/

Response headers

cache-control: max-age=31557600
x-cache-nxaccel: STALE
content-encoding: br
etag: W/"3fd-62a7d6b2f0db4"
expires: Sat, 03 Jan 2026 20:20:58 GMT
date: Fri, 03 Jan 2025 14:23:04 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Mon, 30 Dec 2024 14:13:37 GMT

GET
H2 200 ctf-styles.min.css
belvederesquare.com/wp-content/plugins/custom-twitter-feeds/css/ 16 KB
3 KB 163ms
161ms Stylesheet
text/css 209.87.159.73
NEXCESS-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://belvederesquare.com/wp-content/plugins/custom-twitter-feeds/css/ctf-styles.min.css?ver=2.2.5
Requested by: Host: belvederesquare.com
URL: https://belvederesquare.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 209.87.159.73 , United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS: cloudhost-5952977.us-midwest-1.nxcli.net
Software: nginx /
Resource Hash: 40eded4199df55e8a5d634701767422ac6d0a210ccab1d7a687a8f75689bdcaf

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://belvederesquare.com/

Response headers

cache-control: max-age=31557600
x-cache-nxaccel: STALE
content-encoding: br
etag: W/"3f75-62a7d6b5f64cc"
expires: Sat, 03 Jan 2026 20:20:58 GMT
date: Fri, 03 Jan 2025 14:23:04 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Mon, 30 Dec 2024 14:13:40 GMT

GET
H2 200 image-map-pro.min.css
belvederesquare.com/wp-content/plugins/image-map-pro-wordpress/css/ 51 KB
10 KB 163ms
161ms Stylesheet
text/css 209.87.159.73
NEXCESS-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://belvederesquare.com/wp-content/plugins/image-map-pro-wordpress/css/image-map-pro.min.css?ver=5.1.6
Requested by: Host: belvederesquare.com
URL: https://belvederesquare.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 209.87.159.73 , United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS: cloudhost-5952977.us-midwest-1.nxcli.net
Software: nginx /
Resource Hash: c68d568cd02d99d72ca004babdf39de39cb32b3d54e08804b25030e21467b2c5

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://belvederesquare.com/

Response headers

cache-control: max-age=31557600
x-cache-nxaccel: STALE
content-encoding: br
etag: W/"cce3-59b8f2aaa8480"
expires: Sat, 03 Jan 2026 20:20:58 GMT
date: Fri, 03 Jan 2025 14:23:04 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Tue, 07 Jan 2020 16:21:22 GMT

GET
H2 200 style.css
belvederesquare.com/wp-content/uploads/bb-plugin/icons/icon-1525441609/ 917 B
452 B 164ms
161ms Stylesheet
text/css 209.87.159.73
NEXCESS-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://belvederesquare.com/wp-content/uploads/bb-plugin/icons/icon-1525441609/style.css?ver=2.6.2.3
Requested by: Host: belvederesquare.com
URL: https://belvederesquare.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 209.87.159.73 , United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS: cloudhost-5952977.us-midwest-1.nxcli.net
Software: nginx /
Resource Hash: a08cd44609fa386748ea4f14ea8af3f8d41f5377d0b8ba7333ca1f7970992c99

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://belvederesquare.com/

Response headers

cache-control: max-age=31557600
x-cache-nxaccel: STALE
content-encoding: br
etag: W/"395-56b618d3ae440"
expires: Sat, 03 Jan 2026 20:20:58 GMT
date: Fri, 03 Jan 2025 14:23:04 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Fri, 04 May 2018 13:46:49 GMT

GET
H2 200 all.min.css
belvederesquare.com/wp-content/plugins/bb-plugin/fonts/fontawesome/5.15.4/css/ 58 KB
12 KB 165ms
163ms Stylesheet
text/css 209.87.159.73
NEXCESS-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://belvederesquare.com/wp-content/plugins/bb-plugin/fonts/fontawesome/5.15.4/css/all.min.css?ver=2.6.2.3
Requested by: Host: belvederesquare.com
URL: https://belvederesquare.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 209.87.159.73 , United States, ASN36444 (NEXCESS-NET, US),
Reverse DNS: cloudhost-5952977.us-midwest-1.nxcli.net
Software: nginx /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://belvederesquare.com/

Response headers

cache-control: max-age=31557600
x-cache-nxaccel: STALE
content-encoding: br
etag: W/"e7a9-5f52793d08800"
expires: Sat, 03 Jan 2026 20:20:58 GMT
date: Fri, 03 Jan 2025 14:23:04 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Mon, 20 Feb 2023 20:33:36 GMT

GET v4-shims.min.css
belvederesquare.com/wp-content/plugins/bb-plugin/fonts/fontawesome/5.15.4/css/ 0
0

GET jquery.magnificpopup.min.css
belvederesquare.com/wp-content/plugins/bb-plugin/css/ 0
0

GET 0d9d13c0ced1f1a13e5b0660e1ec2a65-layout-bundle.css
belvederesquare.com/wp-content/uploads/bb-plugin/cache/ 0
0

GET pum-site-styles.css
belvederesquare.com/wp-content/uploads/pum/ 0
0

GET bootstrap.min.css
belvederesquare.com/wp-content/themes/bb-theme/css/ 0
0

GET skin-6776edaf67c0f.css
belvederesquare.com/wp-content/uploads/bb-theme/ 0
0

GET
H2 200 css
fonts.googleapis.com/ 7 KB
996 B 254ms
100ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Crimson+Text%3A300%2C400%2C600%2C700%7CCrimson+Pro%3A300%2C400%2C700%2C400&ver=6.7.1

Requested by

Host: belvederesquare.com
URL: https://belvederesquare.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://belvederesquare.com/

Response headers

strict-transport-security: max-age=31536000
cache-control: private, max-age=86400
timing-allow-origin: *
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 03 Jan 2025 14:23:04 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 14:23:04 GMT
x-xss-protection: 0
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
server: ESF
x-frame-options: SAMEORIGIN

GET jquery.min.js
belvederesquare.com/wp-includes/js/jquery/ 0
0

GET jquery-migrate.min.js
belvederesquare.com/wp-includes/js/jquery/ 0
0

GET apbct-public-bundle.min.js
belvederesquare.com/wp-content/plugins/cleantalk-spam-protect/js/ 0
0

GET imagesloaded.min.js
belvederesquare.com/wp-includes/js/ 0
0

GET js
www.googletagmanager.com/gtag/ 0
0

GET style.css
belvederesquare.com/wp-content/themes/zestsms-child-theme/ 0
0

GET BSQ_Home_Featured_RecentNews.jpg.webp
belvederesquare.com/wp-content/uploads/2018/05/ 0
0

GET BSQ_Lady.svg
belvederesquare.com/wp-content/uploads/2018/03/ 0
0

GET BSQ_Senator.svg
belvederesquare.com/wp-content/uploads/2018/03/ 0
0

GET BSQ_Web_2018_Icons_100px_EatDrink.png
belvederesquare.com/wp-content/uploads/2018/04/ 0
0

GET BSQ_Web_2018_Icons_100px_ShopLifestyle.png
belvederesquare.com/wp-content/uploads/2018/04/ 0
0

GET BSQ_Web_2018_Icons_100px_HealthFitness.png
belvederesquare.com/wp-content/uploads/2018/04/ 0
0

GET 2324-layout.js
belvederesquare.com/wp-content/uploads/bb-plugin/cache/ 0
0

GET image-map-pro.min.js
belvederesquare.com/wp-content/plugins/image-map-pro-wordpress/js/ 0
0

GET jquery.ba-throttle-debounce.min.js
belvederesquare.com/wp-content/plugins/bb-plugin/js/ 0
0

GET js
maps.googleapis.com/maps/api/ 0
0

GET jquery.magnificpopup.min.js
belvederesquare.com/wp-content/plugins/bb-plugin/js/ 0
0

GET 0b8569b189853210df5ae771407ffde2-layout-bundle.js
belvederesquare.com/wp-content/uploads/bb-plugin/cache/ 0
0

GET theme.js
belvederesquare.com/wp-content/themes/zestsms-child-theme/js/ 0
0

GET core.min.js
belvederesquare.com/wp-includes/js/jquery/ui/ 0
0

GET pum-site-scripts.js
belvederesquare.com/wp-content/uploads/pum/ 0
0

GET bootstrap.min.js
belvederesquare.com/wp-content/themes/bb-theme/js/ 0
0

GET theme.min.js
belvederesquare.com/wp-content/themes/bb-theme/js/ 0
0

GET frm.min.js
belvederesquare.com/wp-content/plugins/formidable-pro/js/ 0
0

GET api.js
www.google.com/recaptcha/ 0
0

GET tag.js
mc.yandex.ru/metrika/ 0
0

GET 97642155
mc.yandex.ru/watch/ 0
0

GET /
s16.cloudcdnstatic.com/ 0
0

GET
H3 200 / Show response
s16.cloudcdnstatic.com/ 1 KB
1 KB 166ms
84ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s16.cloudcdnstatic.com/?s16
Requested by: Host: sync.gsyndication.com
URL: https://sync.gsyndication.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2eba77fa8ce0a442f8e090e534dfea9229c4b5883f5daca5163fbc69356134b

Request headers

Referer: https://belvederesquare.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8fc3a5077939b200-WAW
content-encoding: zstd
content-type: text/html; charset=UTF-8
date: Fri, 03 Jan 2025 14:23:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
refresh: 0; url=https://www2.citadores.com/ecm
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wEAWZcFYuk9ttcoS5R4oBATlXuuwhtqzAorgg%2BhFdW8FPiDgZZL%2BzpH3MG4BbV6Mbzgeihio4nfs01Zm%2B7Uir%2F5xBBL3da5SeDd%2Fcg8WPJQYqy9nEaRRpdGao2SjJ6I31EUI9T3LC%2BKD"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=47655&min_rtt=47475&rtt_var=17932&sent=10&recv=7&lost=0&retrans=0&sent_bytes=4128&recv_bytes=4396&delivery_rate=63526&cwnd=12000&unsent_bytes=0&cid=6c60ee73d57b56d8&ts=91&x=1" cfExtPri cfHdrFlush;dur=0
vary: accept-encoding

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 222 KB
76 KB 249ms
102ms Script
application/javascript 2a02:6b8::1:119
YANDEX YANDEX LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: s16.cloudcdnstatic.com
URL: https://s16.cloudcdnstatic.com/?s16

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),

Reverse DNS

Software

Resource Hash

ab6f545892f640da445a4695190e0e9eab30b2119cbbb2a0e40b2d96462eb039

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://s16.cloudcdnstatic.com/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=3600
timing-allow-origin: *
content-encoding: br
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "67655eba-12b7d"
expires: Fri, 03 Jan 2025 15:23:05 GMT
access-control-allow-origin: *
content-length: 76669
date: Fri, 03 Jan 2025 14:23:05 GMT
last-modified: Fri, 20 Dec 2024 12:10:34 GMT
content-type: application/javascript

GET
H3 200 matomo.js Show response
www.yametric.com/ 66 KB
25 KB 180ms
113ms Script
application/javascript 104.21.112.1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yametric.com/matomo.js
Requested by: Host: s16.cloudcdnstatic.com
URL: https://s16.cloudcdnstatic.com/?s16
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.112.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89e35b18e2ddd93f040839eb32f71a22a7781f27fca6e294f9405d5fb0ea2cc3

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://s16.cloudcdnstatic.com/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"675a743b-107aa"
age: 586
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2BBo5J%2FIkGRabfJZmVepyJ%2BilP%2Fz7WWsXOFBAVpsRaULyhdP67DwhYWTWCOJtjYn6E0c8KrWCUCRcplKXvepY8l%2BgIbvJKrZ81aWtDh0plF%2FD7c5XpknYfr98%2F3sMJmT3bq1"}],"group":"cf-nel","max_age":604800}
cf-ray: 8fc3a508c8eab23c-WAW
alt-svc: h3=":443"; ma=86400
date: Fri, 03 Jan 2025 14:23:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 12 Dec 2024 05:27:23 GMT
server: cloudflare
vary: Accept-Encoding

POST
H3 204 matomo.php
www.yametric.com/ 0
427 B 146ms
145ms Ping
text/html 104.21.112.1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yametric.com/matomo.php?action_name=&idsite=22&rec=1&r=498695&h=16&m=23&s=5&url=https%3A%2F%2Fs16.cloudcdnstatic.com%2F%3Fs16&urlref=https%3A%2F%2Fbelvederesquare.com%2F&_id=e6d86ae42bdfead3&_idn=1&send_image=0&_refts=1735914185&_ref=https%3A%2F%2Fbelvederesquare.com%2F&pv_id=enHbrg&pf_net=82&pf_srv=83&pf_tfr=2&pf_dm1=11&uadata=%7B%22formFactors%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200
Requested by: Host: www.yametric.com
URL: https://www.yametric.com/matomo.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.112.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Referer: https://s16.cloudcdnstatic.com/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cp9tvXQKWKsZhncabWmGBwJCYzknRmGIgOMRdDiLQq%2BykBirQL9PnfknCUQKdGEk6r4PBHvSGEInObQcuWfijYCj9IW5KfPwmCxToKtRfRK%2Bkr8cIDvr9CUOBCfE2%2Bc0XxSm"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8fc3a50988edb23c-WAW
access-control-allow-origin: https://s16.cloudcdnstatic.com
alt-svc: h3=":443"; ma=86400
date: Fri, 03 Jan 2025 14:23:05 GMT
content-type: text/html; charset=UTF-8
server: cloudflare

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
623 B 188ms
114ms Image
image/gif 2a02:6b8::1:119
YANDEX YANDEX LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: s16.cloudcdnstatic.com
URL: https://s16.cloudcdnstatic.com/?s16

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://s16.cloudcdnstatic.com/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=3600
timing-allow-origin: *
etag: "67655eba-2b"
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
expires: Fri, 03 Jan 2025 15:23:05 GMT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43
date: Fri, 03 Jan 2025 14:23:05 GMT
content-type: image/gif
last-modified: Fri, 20 Dec 2024 12:10:34 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/97642159/
Redirect Chain

https://mc.yandex.com/watch/97642159?wmode=7&page-url=https%3A%2F%2Fs16.cloudcdnstatic.com%2F%3Fs16&page-ref=https%3A%2F%2Fbelvederesquare.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3A...
https://mc.yandex.com/watch/97642159/1?wmode=7&page-url=https%3A%2F%2Fs16.cloudcdnstatic.com%2F%3Fs16&page-ref=https%3A%2F%2Fbelvederesquare.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%...

591 B
674 B

52ms
52ms

Fetch
application/json

2a02:6b8::1:119
YANDEX YANDEX LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/97642159/1?wmode=7&page-url=https%3A%2F%2Fs16.cloudcdnstatic.com%2F%3Fs16&page-ref=https%3A%2F%2Fbelvederesquare.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Afi-FI%3Av%3A1551%3Acn%3A1%3Adp%3A0%3Als%3A988737999305%3Ahid%3A115470011%3Az%3A120%3Ai%3A20250103162305%3Aet%3A1735914185%3Ac%3A1%3Arn%3A941506997%3Arqn%3A1%3Au%3A1735914185106687548%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A26%2C56%2C83%2C2%2C6%2C0%2C%2C13%2C0%2C%2C%2C%2C186%3Aco%3A0%3Acpf%3A1%3Ans%3A1735914184760%3Arqnl%3A1%3Ast%3A1735914185%3At%3A&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009092%29ti%281%29&redirnss=1

Requested by

Host: s16.cloudcdnstatic.com
URL: https://s16.cloudcdnstatic.com/?s16

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),

Reverse DNS

Software

Resource Hash

263c9d39adae960dc7cb4a16b7c5c0a58a0e94eb405234a9d5fb01e1ac2adad1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://s16.cloudcdnstatic.com/

Response headers

strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
pragma: no-cache
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 03-Jan-2025 14:23:05 GMT
access-control-allow-origin: https://s16.cloudcdnstatic.com
content-length: 591
x-xss-protection: 1; mode=block
date: Fri, 03 Jan 2025 14:23:05 GMT
content-type: application/json; charset=utf-8
last-modified: Fri, 03-Jan-2025 14:23:05 GMT

Redirect headers

strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
location: /watch/97642159/1?wmode=7&page-url=https%3A%2F%2Fs16.cloudcdnstatic.com%2F%3Fs16&page-ref=https%3A%2F%2Fbelvederesquare.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Afi-FI%3Av%3A1551%3Acn%3A1%3Adp%3A0%3Als%3A988737999305%3Ahid%3A115470011%3Az%3A120%3Ai%3A20250103162305%3Aet%3A1735914185%3Ac%3A1%3Arn%3A941506997%3Arqn%3A1%3Au%3A1735914185106687548%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A26%2C56%2C83%2C2%2C6%2C0%2C%2C13%2C0%2C%2C%2C%2C186%3Aco%3A0%3Acpf%3A1%3Ans%3A1735914184760%3Arqnl%3A1%3Ast%3A1735914185%3At%3A&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009092%29ti%281%29&redirnss=1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
pragma: no-cache
access-control-allow-credentials: true
expires: Fri, 03-Jan-2025 14:23:05 GMT
access-control-allow-origin: https://s16.cloudcdnstatic.com
date: Fri, 03 Jan 2025 14:23:05 GMT
x-xss-protection: 1; mode=block
last-modified: Fri, 03-Jan-2025 14:23:05 GMT

GET
H2 200 metrika_match.html
mc.yandex.com/metrika/ Frame 8645 0
0 193ms
98ms Document
text/html 2a02:6b8::1:119
YANDEX YANDEX LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/metrika/metrika_match.html

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://s16.cloudcdnstatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-origin: *
cache-control: max-age=3600
content-encoding: br
content-length: 2080
content-type: text/html
date: Fri, 03 Jan 2025 14:23:05 GMT
etag: "67655eba-820"
expires: Fri, 03 Jan 2025 15:23:05 GMT
last-modified: Fri, 20 Dec 2024 12:10:34 GMT
strict-transport-security: max-age=31536000
timing-allow-origin: *

GET
H3

200

/ Show response
www2.citadores.com/ecm/
Redirect Chain

https://www2.citadores.com/ecm
http://www2.citadores.com/ecm/
https://www2.citadores.com/ecm/

672 B
937 B

90ms
90ms

Document
text/html

104.21.96.1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www2.citadores.com/ecm/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.96.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98a1cfa990b004c5d7118c0b821797149e250ff1241aaed4d1a54d9d633c2fdf

Request headers

Referer: https://s16.cloudcdnstatic.com/?s16
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8fc3a50d2b61c04a-WAW
content-encoding: zstd
content-type: text/html; charset=UTF-8
date: Fri, 03 Jan 2025 14:23:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
refresh: 0; url=https://distributemodel.com/emr2zm1sk?key=a4f93d2fc3497f24dc29b96c78a0b459
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i0m%2BIFyoGqGXlC3ORsEAWqgpwjIcUOEfFCSPb1xXSAWPY3lHNaIldwHS4M9i7DYkGzloWt9yl1uI4x%2FV03etRsCI%2FM%2F6aK8V6Y%2BSFCFxZVfGN53vvzsFOOu27Gpu5AtiHqjarew%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding

Redirect headers

Location: https://www2.citadores.com/ecm/
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 404 favicon.ico
s16.cloudcdnstatic.com/ 571 B
845 B 59ms
59ms Other
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s16.cloudcdnstatic.com/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://s16.cloudcdnstatic.com/?s16

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
age: 55
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DWB09xXx4q4CO7si7Rkb2Exx%2FaNG11OwqOq0hilnejy9bE0HI9Qo8vGgyqNB3OIwCVqnuAEYT1JwwdvM2dFioDuRw0aZRzUSgb43HhffFD3RNSyh8LwaaN7K0CcNmJw%2FYLkR%2FvH8HcEu"}],"group":"cf-nel","max_age":604800}
cf-ray: 8fc3a50c2ebab200-WAW
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=51529&min_rtt=47304&rtt_var=12762&sent=14&recv=12&lost=0&retrans=0&sent_bytes=5562&recv_bytes=5128&delivery_rate=18957&cwnd=12000&unsent_bytes=0&cid=6c60ee73d57b56d8&ts=820&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 03 Jan 2025 14:23:05 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 222 KB
76 KB 182ms
92ms Script
application/javascript 2a02:6b8::1:119
YANDEX YANDEX LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: www2.citadores.com
URL: https://www2.citadores.com/ecm/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),

Reverse DNS

Software

Resource Hash

ab6f545892f640da445a4695190e0e9eab30b2119cbbb2a0e40b2d96462eb039

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://www2.citadores.com/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=3600
timing-allow-origin: *
content-encoding: br
etag: "67655eba-12b7d"
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
expires: Fri, 03 Jan 2025 15:23:05 GMT
access-control-allow-origin: *
content-length: 76669
date: Fri, 03 Jan 2025 14:23:05 GMT
last-modified: Fri, 20 Dec 2024 12:10:34 GMT
content-type: application/javascript

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
560 B 57ms
57ms Image
image/gif 2a02:6b8::1:119
YANDEX YANDEX LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: www2.citadores.com
URL: https://www2.citadores.com/ecm/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://www2.citadores.com/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=3600
timing-allow-origin: *
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "67655eba-2b"
expires: Fri, 03 Jan 2025 15:23:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43
date: Fri, 03 Jan 2025 14:23:06 GMT
content-type: image/gif
last-modified: Fri, 20 Dec 2024 12:10:34 GMT

GET
H2

200

1
mc.yandex.com/watch/99199815/
Redirect Chain

https://mc.yandex.com/watch/99199815?wmode=7&page-url=https%3A%2F%2Fwww2.citadores.com%2Fecm%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Afu%3A0%3Aen%3A...
https://mc.yandex.com/watch/99199815/1?wmode=7&page-url=https%3A%2F%2Fwww2.citadores.com%2Fecm%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Afu%3A0%3Aen%...

591 B
894 B

51ms
51ms

Fetch
application/json

2a02:6b8::1:119
YANDEX YANDEX LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/99199815/1?wmode=7&page-url=https%3A%2F%2Fwww2.citadores.com%2Fecm%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Afi-FI%3Av%3A1551%3Acn%3A1%3Adp%3A0%3Als%3A1665184384100%3Ahid%3A373008114%3Az%3A120%3Ai%3A20250103162306%3Aet%3A1735914186%3Ac%3A1%3Arn%3A120540121%3Arqn%3A1%3Au%3A1735914186905236168%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C89%2C2%2C156%2C0%2C%2C14%2C0%2C%2C%2C%2C261%3Aco%3A0%3Acpf%3A1%3Ans%3A1735914185599%3Arqnl%3A1%3Ast%3A1735914186%3At%3A&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009092%29ti%281%29&redirnss=1

Requested by

Host: www2.citadores.com
URL: https://www2.citadores.com/ecm/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://www2.citadores.com/

Response headers

strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 03-Jan-2025 14:23:06 GMT
access-control-allow-origin: https://www2.citadores.com
content-length: 591
date: Fri, 03 Jan 2025 14:23:06 GMT
x-xss-protection: 1; mode=block
content-type: application/json; charset=utf-8
last-modified: Fri, 03-Jan-2025 14:23:06 GMT

Redirect headers

strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
location: /watch/99199815/1?wmode=7&page-url=https%3A%2F%2Fwww2.citadores.com%2Fecm%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Afi-FI%3Av%3A1551%3Acn%3A1%3Adp%3A0%3Als%3A1665184384100%3Ahid%3A373008114%3Az%3A120%3Ai%3A20250103162306%3Aet%3A1735914186%3Ac%3A1%3Arn%3A120540121%3Arqn%3A1%3Au%3A1735914186905236168%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C89%2C2%2C156%2C0%2C%2C14%2C0%2C%2C%2C%2C261%3Aco%3A0%3Acpf%3A1%3Ans%3A1735914185599%3Arqnl%3A1%3Ast%3A1735914186%3At%3A&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009092%29ti%281%29&redirnss=1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
pragma: no-cache
access-control-allow-credentials: true
expires: Fri, 03-Jan-2025 14:23:06 GMT
access-control-allow-origin: https://www2.citadores.com
x-xss-protection: 1; mode=block
date: Fri, 03 Jan 2025 14:23:06 GMT
last-modified: Fri, 03-Jan-2025 14:23:06 GMT

GET
H/1.1 200
OK Primary Request emr2zm1sk Show response
distributemodel.com/ 118 B
948 B 414ms
136ms Document
text/html 192.243.59.20
ADVANCEDHOSTERS-A...

General

Check archive.org

Show headers Download Go to

Full URL

https://distributemodel.com/emr2zm1sk?key=a4f93d2fc3497f24dc29b96c78a0b459

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

fe40b26bcb3f34ba8f180d33623bb3b109597ba9b3f5596ba1bc6b665b8dcb67

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

Referer: https://www2.citadores.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Cache-Control: no-cache max-age=0, private, no-cache
Connection: keep-alive
Content-Length: 118
Content-Type: text/html
Date: Fri, 03 Jan 2025 14:23:06 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Host: distributemodel.com
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Server: nginx/1.19.5
Strict-Transport-Security: max-age=0; includeSubdomains
X-Request-ID: 12d0ea9522c0dec866179697c152e138

GET

/
tech4u.app/
Redirect Chain

https://www2.citadores.com/favicon.ico
https://tech4u.app/

0
0

GET
H2 200 metrika_match.html
mc.yandex.com/metrika/ Frame F057 0
0 170ms
65ms Document
text/html 2a02:6b8::1:119
YANDEX YANDEX LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/metrika/metrika_match.html

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www2.citadores.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-origin: *
cache-control: max-age=3600
content-encoding: br
content-length: 2080
content-type: text/html
date: Fri, 03 Jan 2025 14:23:06 GMT
etag: "67655eba-820"
expires: Fri, 03 Jan 2025 15:23:06 GMT
last-modified: Fri, 20 Dec 2024 12:10:34 GMT
strict-transport-security: max-age=31536000
timing-allow-origin: *

GET
H/1.1 200
OK favicon.ico
distributemodel.com/ 0
382 B 135ms
134ms Other
image/x-icon 192.243.59.20
ADVANCEDHOSTERS-A...

General

Check archive.org

Show headers Download Go to

Full URL

https://distributemodel.com/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://distributemodel.com/emr2zm1sk?key=a4f93d2fc3497f24dc29b96c78a0b459

Response headers

Strict-Transport-Security: max-age=0; includeSubdomains
X-Request-ID: f4c8ab19255833cbb75cbae0dc69d6d3
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Length: 0
Date: Fri, 03 Jan 2025 14:23:06 GMT
Content-Type: image/x-icon
Server: nginx/1.19.5

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/plugins/bb-plugin/fonts/fontawesome/5.15.4/webfonts/fa-brands-400.woff2

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/plugins/bb-plugin/fonts/fontawesome/5.15.4/webfonts/fa-solid-900.woff2

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/plugins/bb-plugin/fonts/fontawesome/5.15.4/css/v4-shims.min.css?ver=2.6.2.3

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/plugins/bb-plugin/css/jquery.magnificpopup.min.css?ver=2.6.2.3

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/uploads/bb-plugin/cache/0d9d13c0ced1f1a13e5b0660e1ec2a65-layout-bundle.css?ver=2.6.2.3-1.4.5

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/uploads/pum/pum-site-styles.css?generated=1735568118&ver=1.20.3

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/themes/bb-theme/css/bootstrap.min.css?ver=1.7.12.1

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/uploads/bb-theme/skin-6776edaf67c0f.css?ver=1.7.12.1

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/plugins/cleantalk-spam-protect/js/apbct-public-bundle.min.js?ver=6.47

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-includes/js/imagesloaded.min.js?ver=6.7.1

Domain: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/themes/zestsms-child-theme/style.css?v=1.8

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/uploads/2018/05/BSQ_Home_Featured_RecentNews.jpg.webp

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/uploads/2018/03/BSQ_Lady.svg

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/uploads/2018/03/BSQ_Senator.svg

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/uploads/2018/04/BSQ_Web_2018_Icons_100px_EatDrink.png

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/uploads/2018/04/BSQ_Web_2018_Icons_100px_ShopLifestyle.png

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/uploads/2018/04/BSQ_Web_2018_Icons_100px_HealthFitness.png

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/uploads/bb-plugin/cache/2324-layout.js?ver=28a47abd5aff99d1d6b1d0f464fcf68a

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/plugins/image-map-pro-wordpress/js/image-map-pro.min.js?ver=5.1.6

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/plugins/bb-plugin/js/jquery.ba-throttle-debounce.min.js?ver=2.6.2.3

Domain: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyB6CFLlcL8gfvNl2oH066_AGS04S0rFYzA&sensor=false&libraries=places

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/plugins/bb-plugin/js/jquery.magnificpopup.min.js?ver=2.6.2.3

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/uploads/bb-plugin/cache/0b8569b189853210df5ae771407ffde2-layout-bundle.js?ver=2.6.2.3-1.4.5

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/themes/zestsms-child-theme/js/theme.js?ver=1.1

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/uploads/pum/pum-site-scripts.js?defer&generated=1735568118&ver=1.20.3

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/themes/bb-theme/js/bootstrap.min.js?ver=1.7.12.1

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/themes/bb-theme/js/theme.min.js?ver=1.7.12.1

Domain: belvederesquare.com
URL: https://belvederesquare.com/wp-content/plugins/formidable-pro/js/frm.min.js?ver=6.16.4

Domain: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&ver=3

Domain: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Domain: mc.yandex.ru
URL: https://mc.yandex.ru/watch/97642155

Domain: s16.cloudcdnstatic.com
URL: https://s16.cloudcdnstatic.com/?s16

Domain: s16.cloudcdnstatic.com
URL: https://s16.cloudcdnstatic.com/?s16

Domain: s16.cloudcdnstatic.com
URL: https://s16.cloudcdnstatic.com/?s16

Domain: s16.cloudcdnstatic.com
URL: https://s16.cloudcdnstatic.com/?s16

Domain: s16.cloudcdnstatic.com
URL: https://s16.cloudcdnstatic.com/?s16

Domain: tech4u.app
URL: https://tech4u.app/

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
belvederesquare.com/	1969-12-31 23:59:59	Name: apbct_timestamp Value: 1735914183
belvederesquare.com/	1969-12-31 23:59:59	Name: apbct_site_landing_ts Value: 1735914183
belvederesquare.com/	1969-12-31 23:59:59	Name: apbct_page_hits Value: 1
belvederesquare.com/	1969-12-31 23:59:59	Name: apbct_cookies_test Value: %257B%2522cookies_names%2522%253A%255B%2522apbct_timestamp%2522%252C%2522apbct_page_hits%2522%255D%252C%2522check_value%2522%253A%252214bdbf983a2e159de5122ae1935ba511%2522%257D
belvederesquare.com/	1969-12-31 23:59:59	Name: apbct_site_referer Value: UNKNOWN
s16.cloudcdnstatic.com/	1970-01-21 06:34:42	Name: _pk_ref.22.5027 Value: %5B%22%22%2C%22%22%2C1735914185%2C%22https%3A%2F%2Fbelvederesquare.com%2F%22%5D
s16.cloudcdnstatic.com/	1970-01-21 11:37:49	Name: _pk_id.22.5027 Value: e6d86ae42bdfead3.1735914185.
s16.cloudcdnstatic.com/	1970-01-21 02:11:55	Name: _pk_ses.22.5027 Value: 1
.cloudcdnstatic.com/	1970-01-21 10:57:30	Name: _ym_uid Value: 1735914185106687548
.cloudcdnstatic.com/	1970-01-21 10:57:30	Name: _ym_d Value: 1735914185
.cloudcdnstatic.com/	1970-01-21 02:11:55	Name: _ym_visorc Value: w
.cloudcdnstatic.com/	1970-01-21 02:13:06	Name: _ym_isad Value: 2
.citadores.com/	1970-01-21 10:57:30	Name: _ym_uid Value: 1735914186905236168
.citadores.com/	1970-01-21 10:57:30	Name: _ym_d Value: 1735914186
.citadores.com/	1970-01-21 02:13:06	Name: _ym_isad Value: 2
.citadores.com/	1970-01-21 02:11:55	Name: _ym_visorc Value: b
distributemodel.com/	1970-01-21 02:13:20	Name: u_pl22330951 Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://s16.cloudcdnstatic.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

belvederesquare.com
distributemodel.com
fonts.googleapis.com
maps.googleapis.com
mc.yandex.com
mc.yandex.ru
s16.cloudcdnstatic.com
sync.gsyndication.com
tech4u.app
www.google.com
www.googletagmanager.com
www.yametric.com
www2.citadores.com
belvederesquare.com
maps.googleapis.com
mc.yandex.ru
s16.cloudcdnstatic.com
tech4u.app
www.google.com
www.googletagmanager.com
104.21.112.1
104.21.96.1
188.114.97.3
192.243.59.20
209.87.159.73
2a00:1450:4001:82b::200a
2a02:6b8::1:119
2a06:98c1:3120::3
1e38c28f485e2a3baa09f404575bb95c4386ce90c82486a18393486fc1a09b02
263c9d39adae960dc7cb4a16b7c5c0a58a0e94eb405234a9d5fb01e1ac2adad1
40eded4199df55e8a5d634701767422ac6d0a210ccab1d7a687a8f75689bdcaf
53c49a3cfb39f581720c3eadcf40b011299dd1bae8a6c8a7fc85fbf49d6986ba
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
7258aa7e793ecb889c549158dcb22ae5d41cc1c1bc1ff4e81a9324eb99990ec9
7bd402f4a0fcf14603af0cb43ddecfa1e2d43d449d8e64743609daa4be1cd0e9
89e35b18e2ddd93f040839eb32f71a22a7781f27fca6e294f9405d5fb0ea2cc3
98a1cfa990b004c5d7118c0b821797149e250ff1241aaed4d1a54d9d633c2fdf
a08cd44609fa386748ea4f14ea8af3f8d41f5377d0b8ba7333ca1f7970992c99
ab6f545892f640da445a4695190e0e9eab30b2119cbbb2a0e40b2d96462eb039
b2eba77fa8ce0a442f8e090e534dfea9229c4b5883f5daca5163fbc69356134b
ba4be648e180af840eba117f20203084f95b9933d9eda25650b1a52d4cc7b054
c68d568cd02d99d72ca004babdf39de39cb32b3d54e08804b25030e21467b2c5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fe40b26bcb3f34ba8f180d33623bb3b109597ba9b3f5596ba1bc6b665b8dcb67

distributemodel.com Open in urlscan Pro 192.243.59.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

69 Requests

38 %HTTPS

38 %IPv6

12 Domains

13 Subdomains

9 IPs

5 Countries

268 kBTransfer

1108 kBSize

17 Cookies

0 Outgoing links

Page URL History

Redirected requests

69 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

distributemodel.com Open in urlscan Pro
192.243.59.20 Public Scan

Screenshot
Live screenshot

Full Image

69
Requests

38 %
HTTPS

38 %
IPv6

12
Domains

13
Subdomains

9
IPs

5
Countries

268 kB
Transfer

1108 kB
Size

17
Cookies

69 HTTP transactions
0 data transactions