urlscan.io logo urlscan.io
SecurityTrails logo

imitatebalde.com Open in urlscan Pro
2606:4700:3035::6815:13d7  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.linkedin.com/slink?code=gzv3kzNA#c1165lYHoU1021vbMC128655cOo522966DShO73
Effective URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Submission: On May 31 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 4 countries across 10 domains to perform 27 HTTP transactions. The main IP is 2606:4700:3035::6815:13d7, located in United States and belongs to CLOUDFLARENET, US. The main domain is imitatebalde.com.
TLS certificate: Issued by GTS CA 1P5 on April 6th 2023. Valid for: 3 months.
This is the only time imitatebalde.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Customer Survey Spam (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 1 167.89.115.56 11377 (SENDGRID)
1 20.150.90.36 8075 (MICROSOFT...)
1 2 195.189.227.158 3236 (SERVER se...)
1 193.163.199.243 398343 (BAXET-GROUP)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
15 2606:4700:303... 13335 (CLOUDFLAR...)
2 2607:f8b0:402... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
2 2607:f8b0:400... 15169 (GOOGLE)
4 2606:4700:303... 13335 (CLOUDFLAR...)
27 8
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    167.89.115.56 (Herndon, United States)

ASN11377 (SENDGRID, US)
PTR: o16789115x56.outbound-mail.sendgrid.net
email.teamsnap.com
1    20.150.90.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ahlimayrpodf5dj4.blob.core.windows.net
2    195.189.227.158 (Ukraine)

ASN3236 (SERVER server.ua, UA)
PTR: bckorea1.shop
analyticsandworkloads.com
1    193.163.199.243 (Hong Kong)

ASN398343 (BAXET-GROUP, US)
entrencepole.com
1    2606:4700:3035::6815:200f (United States)

ASN13335 (CLOUDFLARENET, US)
harbortrimmer.com
15    2606:4700:3035::6815:13d7 (United States)

ASN13335 (CLOUDFLARENET, US)
imitatebalde.com
2    2607:f8b0:4020:807::2008 (Montreal, Canada)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700:3030::6815:4803 (United States)

ASN13335 (CLOUDFLARENET, US)
trk-essursta.com
2    2607:f8b0:4006:81d::200e (Flushing, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    2606:4700:3036::ac43:ad21 (United States)

ASN13335 (CLOUDFLARENET, US)
event.trk-essursta.com
Apex Domain
Subdomains		 Transfer
15 imitatebalde.com
imitatebalde.com
700 KB
5 trk-essursta.com
trk-essursta.com — Cisco Umbrella Rank: 226197
event.trk-essursta.com — Cisco Umbrella Rank: 270140
3 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 49
299 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 70
123 KB
2 analyticsandworkloads.com
analyticsandworkloads.com
584 B
1 harbortrimmer.com
harbortrimmer.com
681 B
1 entrencepole.com
entrencepole.com
424 B
1 windows.net
ahlimayrpodf5dj4.blob.core.windows.net
564 B
1 teamsnap.com
email.teamsnap.com — Cisco Umbrella Rank: 165489
285 B
1 linkedin.com
www.linkedin.com — Cisco Umbrella Rank: 559
3 KB
27 10
Domain Requested by
15 imitatebalde.com entrencepole.com
imitatebalde.com
4 event.trk-essursta.com trk-essursta.com
2 www.google-analytics.com www.googletagmanager.com
2 www.googletagmanager.com imitatebalde.com
www.googletagmanager.com
2 analyticsandworkloads.com 1 redirects ahlimayrpodf5dj4.blob.core.windows.net
1 trk-essursta.com imitatebalde.com
1 harbortrimmer.com 1 redirects
1 entrencepole.com analyticsandworkloads.com
1 ahlimayrpodf5dj4.blob.core.windows.net
1 email.teamsnap.com 1 redirects
1 www.linkedin.com 1 redirects
27 11

This site contains no links.

Subject Issuer Validity Valid
*.blob.core.windows.net
Microsoft RSA TLS CA 01		 2023-03-22 -
2024-03-22		 a year crt.sh
entrencepole.com
R3		 2023-04-03 -
2023-07-02		 3 months crt.sh
*.imitatebalde.com
GTS CA 1P5		 2023-04-06 -
2023-07-05		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
trk-essursta.com
GTS CA 1P5		 2023-04-25 -
2023-07-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Frame ID: A4F3A429AC61C406C8FFAA5677790AAD
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

[1] Reward Pending - Shipping Survey - We Want Your Opinion!

Page URL History Show full URLs

  1. https://www.linkedin.com/slink?code=gzv3kzNA HTTP 301
    http://email.teamsnap.com/ls/click?upn=pg-2BJR5qOQ9hRvWsJrn5w9OS50gqLyvPN1yieJYsDOVnqsjhAo-2BOtSDI7ibm... HTTP 302
    https://ahlimayrpodf5dj4.blob.core.windows.net/pejoahahoidtiratirarar/contra.html Page URL
  2. http://analyticsandworkloads.com/rd/c1165lYHoU1021vbMC128655cOo522966DShO73 Page URL
  3. http://analyticsandworkloads.com/track/c1165lYHoU1021vbMC128655cOo522966DShO73 HTTP 302
    https://entrencepole.com/0/0/0/6c7cacd9c906ad0c030b3a326f2137c4/14/1-1165/1021-128655-522966 Page URL
  4. https://harbortrimmer.com/?s1=351084&s2=995208493&s3=177&s4=1&s10=1753 HTTP 302
    https://imitatebalde.com/dee0721741729481fee9575d3c8eba22 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

27
Requests

96 %
HTTPS

64 %
IPv6

10
Domains

11
Subdomains

8
IPs

4
Countries

828 kB
Transfer

1736 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.linkedin.com/slink?code=gzv3kzNA HTTP 301
    http://email.teamsnap.com/ls/click?upn=pg-2BJR5qOQ9hRvWsJrn5w9OS50gqLyvPN1yieJYsDOVnqsjhAo-2BOtSDI7ibm0j6-2FKIEeS3WvJhC-2BwV6o1CasXQNjdKpRjNtb5eS-2FCbOwY5zXCwhfSqn8nkdRuR9rMVVKeZx7B_-2BB7MzidepgDxIV3ZdEktLLNVBjJc8OV8Fkp2bmoJaZ9ecbZmk2crKfOfgVrylNW6nXKBo-2FHJ3QxD5-2F-2FzK9dx-2B2Q5Xljhhq01RHX-2BHVOlznBXsICqaRJLu6X4n06IsY1nraRvZYywUJYNVQsxPFfUASb1jxbvjy01QUj4gJQBLkeNIqP-2F3uz-2FMVpcCE6lfaLpnsxXM6HrtZAA24c5kX1t4g-3D-3D HTTP 302
    https://ahlimayrpodf5dj4.blob.core.windows.net/pejoahahoidtiratirarar/contra.html Page URL
  2. http://analyticsandworkloads.com/rd/c1165lYHoU1021vbMC128655cOo522966DShO73 Page URL
  3. http://analyticsandworkloads.com/track/c1165lYHoU1021vbMC128655cOo522966DShO73 HTTP 302
    https://entrencepole.com/0/0/0/6c7cacd9c906ad0c030b3a326f2137c4/14/1-1165/1021-128655-522966 Page URL
  4. https://harbortrimmer.com/?s1=351084&s2=995208493&s3=177&s4=1&s10=1753 HTTP 302
    https://imitatebalde.com/dee0721741729481fee9575d3c8eba22 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://www.linkedin.com/slink?code=gzv3kzNA HTTP 301
  • http://email.teamsnap.com/ls/click?upn=pg-2BJR5qOQ9hRvWsJrn5w9OS50gqLyvPN1yieJYsDOVnqsjhAo-2BOtSDI7ibm0j6-2FKIEeS3WvJhC-2BwV6o1CasXQNjdKpRjNtb5eS-2FCbOwY5zXCwhfSqn8nkdRuR9rMVVKeZx7B_-2BB7MzidepgDxIV3ZdEktLLNVBjJc8OV8Fkp2bmoJaZ9ecbZmk2crKfOfgVrylNW6nXKBo-2FHJ3QxD5-2F-2FzK9dx-2B2Q5Xljhhq01RHX-2BHVOlznBXsICqaRJLu6X4n06IsY1nraRvZYywUJYNVQsxPFfUASb1jxbvjy01QUj4gJQBLkeNIqP-2F3uz-2FMVpcCE6lfaLpnsxXM6HrtZAA24c5kX1t4g-3D-3D HTTP 302
  • https://ahlimayrpodf5dj4.blob.core.windows.net/pejoahahoidtiratirarar/contra.html
Request Chain 2
  • http://analyticsandworkloads.com/track/c1165lYHoU1021vbMC128655cOo522966DShO73 HTTP 302
  • https://entrencepole.com/0/0/0/6c7cacd9c906ad0c030b3a326f2137c4/14/1-1165/1021-128655-522966

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
contra.html
ahlimayrpodf5dj4.blob.core.windows.net/pejoahahoidtiratirarar/
Redirect Chain
  • https://www.linkedin.com/slink?code=gzv3kzNA
  • http://email.teamsnap.com/ls/click?upn=pg-2BJR5qOQ9hRvWsJrn5w9OS50gqLyvPN1yieJYsDOVnqsjhAo-2BOtSDI7ibm0j6-2FKIEeS3WvJhC-2BwV6o1CasXQNjdKpRjNtb5eS-2FCbOwY5zXCwhfSqn8nkdRuR9rMVVKeZx7B_-2BB7MzidepgDxI...
  • https://ahlimayrpodf5dj4.blob.core.windows.net/pejoahahoidtiratirarar/contra.html
161 B
564 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ahlimayrpodf5dj4.blob.core.windows.net/pejoahahoidtiratirarar/contra.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.150.90.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Content-Length
161
Content-MD5
4jlRiDXTV0qFwibuyrbvOg==
Content-Type
text/html
Date
Wed, 31 May 2023 17:14:07 GMT
ETag
0x8DB6129CA98A587
Last-Modified
Tue, 30 May 2023 16:20:32 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type
BlockBlob
x-ms-lease-status
unlocked
x-ms-request-id
009d41fe-701e-002f-4ae3-9346cc000000
x-ms-version
2009-09-19

Redirect headers

Connection
keep-alive
Content-Length
104
Content-Type
text/html; charset=utf-8
Date
Wed, 31 May 2023 17:14:07 GMT
Location
https://ahlimayrpodf5dj4.blob.core.windows.net/pejoahahoidtiratirarar/contra.html
Server
nginx
X-Robots-Tag
noindex, nofollow
c1165lYHoU1021vbMC128655cOo522966DShO73
analyticsandworkloads.com/rd/ 		243 B
360 B 		Document
General
Check archive.org
Download Go to
Full URL
http://analyticsandworkloads.com/rd/c1165lYHoU1021vbMC128655cOo522966DShO73
Requested by
Host: ahlimayrpodf5dj4.blob.core.windows.net
URL: https://ahlimayrpodf5dj4.blob.core.windows.net/pejoahahoidtiratirarar/contra.html
Protocol
HTTP/1.1
Server
195.189.227.158 , Ukraine, ASN3236 (SERVER server.ua, UA),
Reverse DNS
bckorea1.shop
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Content-Length
243
Content-Type
text/html; charset=utf-8
Date
Wed, 31 May 2023 17:14:07 GMT
1021-128655-522966
entrencepole.com/0/0/0/6c7cacd9c906ad0c030b3a326f2137c4/14/1-1165/
Redirect Chain
  • http://analyticsandworkloads.com/track/c1165lYHoU1021vbMC128655cOo522966DShO73
  • https://entrencepole.com/0/0/0/6c7cacd9c906ad0c030b3a326f2137c4/14/1-1165/1021-128655-522966
133 B
424 B 		Document
General
Check archive.org
Download Go to
Full URL
https://entrencepole.com/0/0/0/6c7cacd9c906ad0c030b3a326f2137c4/14/1-1165/1021-128655-522966
Requested by
Host: analyticsandworkloads.com
URL: http://analyticsandworkloads.com/rd/c1165lYHoU1021vbMC128655cOo522966DShO73
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.163.199.243 , Hong Kong, ASN398343 (BAXET-GROUP, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
http://analyticsandworkloads.com/rd/c1165lYHoU1021vbMC128655cOo522966DShO73
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-length
133
content-type
text/html; charset=UTF-8
date
Wed, 31 May 2023 17:14:08 GMT
server
Apache

Redirect headers

Content-Length
115
Content-Type
text/html; charset=utf-8
Date
Wed, 31 May 2023 17:14:08 GMT
Location
https://entrencepole.com/0/0/0/6c7cacd9c906ad0c030b3a326f2137c4/14/1-1165/1021-128655-522966
Primary Request dee0721741729481fee9575d3c8eba22
imitatebalde.com/
Redirect Chain
  • https://harbortrimmer.com/?s1=351084&s2=995208493&s3=177&s4=1&s10=1753
  • https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
321 KB
44 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Requested by
Host: entrencepole.com
URL: https://entrencepole.com/0/0/0/6c7cacd9c906ad0c030b3a326f2137c4/14/1-1165/1021-128655-522966
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d9a75bbbd2d0206dd9038687711d37b15951a5140c0f6d68329628fe05327e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://entrencepole.com/0/0/0/6c7cacd9c906ad0c030b3a326f2137c4/14/1-1165/1021-128655-522966
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7d00da012dc159b5-IAD
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 31 May 2023 17:14:10 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MMu0n6DmfPqihDBVPCjZWVhtfv4Qzod4PFdpITj%2FBcl2LpIJga3JWk2oE1B8fp5RXzD73n8QNPV3r03GkQ91dB8WDKL%2FFa%2B8VMZR%2Fzr2PpNuNndu9VGEC%2F6DBCmHT2xFhyyZcg%2B2je3E1jvRfEFW"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
7d00d9fe59d45a40-IAD
content-type
text/html; charset=UTF-8
date
Wed, 31 May 2023 17:14:09 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G%2FrWsTuU2Mqt4r4wk5HyWAxEwuDZoDmq3vqxZE1zn0R8plfOAxOkJvkb%2FfJTdUZuGZ3muB%2BXLWW8%2B8pPMHo6q9I%2FMdfydMr75uz99lF5ucfK3KXeFjSVHhltEECPbLXOm5nU8tvoXiTULwRdlp1uLg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
User-Agent,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
bootstrap.min.css
imitatebalde.com/assets/vendors/bootstrap-4.5.3/css/ 		157 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imitatebalde.com/assets/vendors/bootstrap-4.5.3/css/bootstrap.min.css
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
317526
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 20 Aug 2021 13:04:53 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3qmVYrF60xhSlw%2BE18%2BwbwRnRi%2FsS%2F%2B6xtpiZ48gPuVpCn884lf2vDoQcmjwYCcrScCSC%2Bt3XXvyBh76wPulu%2F%2FC5D7T%2B02Q95Epwur4HvCDg9saw%2BW8x%2Bhf4pipsYlmfvqyuP0FVIEX%2BJHoikpk"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d00da04e8a159b5-IAD
expires
Sun, 04 Jun 2023 01:02:04 GMT
all.css
imitatebalde.com/assets/vendors/fontawesome/css/ 		72 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imitatebalde.com/assets/vendors/fontawesome/css/all.css
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
462beb0c8ecb2abb15685c31875f268d166313581df110401c2483fab24a46df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
317526
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Mon, 19 Jul 2021 19:01:59 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EN3Ih1PHo1xkGwn1JtrASWzX6QBuoZOeuLX7mh80KczCSonEPOAeN89wYsifDR6AmbjWm88TDrL8XTSsKgZAGebaFp50lEBAVsiEokHgOIBRAI4uEsCcJQ4zZn2ud%2FsH2iMahZF6yKX%2FLQE3yKLy"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d00da04e8a359b5-IAD
expires
Sun, 04 Jun 2023 01:02:04 GMT
animate.min.css
imitatebalde.com/assets/css/edmond/ 		57 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imitatebalde.com/assets/css/edmond/animate.min.css
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01abe855c140a104cb74b4cc391bcbde6be7ab4a6475ca365cd3a7ca09f0d042
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
317526
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Wed, 15 Jun 2022 18:32:15 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yMu9l9pPRHqb4hpKcLFU%2FxNJjgvxxGmFYrO7j%2FDgrHz%2BVYS3H%2BSgPzhS8kAuNKy%2BwrBJ6Zu6DvKg%2B51wQtGoWMTbTCMYV%2BR3TQovqYm8QxgAAs2AnpxDx82cfN4vCE%2Fan9HnNwJ7mXq45Im0WUHE"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d00da04e8a459b5-IAD
expires
Sun, 04 Jun 2023 01:02:04 GMT
common.css
imitatebalde.com/assets/css/edmond/ 		21 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imitatebalde.com/assets/css/edmond/common.css?v=c1ec69746636a39dd0c7b96d197559d8
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3501ef80c10debb2d6f7a647841c07b3899d1162e70a2f40038328d48534e4ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 30 Mar 2023 15:29:51 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Et2k7Z39VMZy8yts6MZ662U%2BKGCo6K4HxdxiyIZwoPfvzkvTSm5WKg4jADehkyZlWblRWUuCbt3rOTJ2Zzb7ay0ZMJvrP5TPU5RY6pqzOhyx5UlQEHvSrPfkTvWaoNhOjLwxcebju18sNHyWLxi"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d00da04e8a559b5-IAD
expires
Wed, 07 Jun 2023 17:14:10 GMT
push-header-msg.js
imitatebalde.com/ 		944 B
943 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imitatebalde.com/push-header-msg.js?19949ba75c74f72d6e68bf47e352c45f
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18c008cd5be196192bd4b54d0ff8b8ba1b4cc65266a78b6099cf8fde96ad6b90
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Wed, 31 May 2023 17:14:10 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WeVf0vntysrG02E990t0a4HbQFvNMjPzoNZRQpDmNLS3HG%2B36hL7Vy9siYpydDUk0xWPRcZqPazEbZqPwWFlft3O07VQBEJJKdSUUIxwIvEW5fAZVRMUwz90CXFf10q3T%2Fnkoj2r4x%2F8ZZAQITlc"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d00da04e8a659b5-IAD
expires
Wed, 07 Jun 2023 17:14:10 GMT
jquery-3.4.1.min.js
imitatebalde.com/assets/vendors/ 		86 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imitatebalde.com/assets/vendors/jquery-3.4.1.min.js
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
99312
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 20 Aug 2021 13:04:53 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=diddCcgqOBODhu8K8bPNqPUutoi0jG7VlhVaIWx3kT9UxfI8jviuMSOKspkaVrRrTHDmT2xNXDOFUxq4r4zFU2%2FFL4dN9iz9VuczI%2BZ9%2F8YeZnlOSi0KU%2F3b0CRsXU4qEJ2NiFjimWdY1gjsl2RU"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d00da04f8c959b5-IAD
expires
Tue, 06 Jun 2023 13:38:58 GMT
bootstrap.min.js
imitatebalde.com/assets/vendors/bootstrap-4.5.3/js/ 		62 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imitatebalde.com/assets/vendors/bootstrap-4.5.3/js/bootstrap.min.js
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
250301
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 20 Aug 2021 13:04:53 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m3%2Bjl3FCbXzKuPTEEXn7LznjavdxO6v7Qo68Bdc7f1ku56wFlUZScmPpsJW6BjryvAKX44YAMJmvg7rg%2BMdMSUPqT0792VfRGvabRxfmheLNFua%2BAIQU3VifBGos0nY%2FtFVdKzBkhC1sFsN2uVjw"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d00da04f8cc59b5-IAD
expires
Sun, 04 Jun 2023 19:42:29 GMT
intl_functions.js
imitatebalde.com/assets/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imitatebalde.com/assets/js/intl_functions.js?v=c1ec69746636a39dd0c7b96d197559d8
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfaed2c1c9dcd86691c52bc273367417461d427822fd45c0ac67b8bd2e1fbbda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Wed, 19 Apr 2023 14:41:37 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hnzvjDlUm55XwlmoWgXdszbUat1r2yvQ0Y0ogrWWKtAV6q9C4pwCs5jLCAKXIgHmpBOm824Ftdt3EDxqzi8AA1vl7OcEOGLFOMyPZLS%2F40sGGs5l52%2BgEoZiS0KcRvooduY%2BxK11CCjNRGpBx3qE"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d00da04f8ce59b5-IAD
expires
Wed, 07 Jun 2023 17:14:10 GMT
common.js
imitatebalde.com/assets/js/edmond/ 		66 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imitatebalde.com/assets/js/edmond/common.js?v=c1ec69746636a39dd0c7b96d197559d8
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2740733de193dee5b457e2b6573c33a7a2b72ab77ec0a02cbf7955af231d2e83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Wed, 19 Apr 2023 14:41:37 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qyJrw%2FvOeqsnxlZY28lvoPiKXeQ3k6wRZ7GmvKTWPw7CIT%2Fb50Ru3Q51%2FuqL3j6crWQ36q571nSHHoPRoBfGfgW103yQ9YlBqCkUf%2FJVWCp23CjirKjZ3c7J3KrjU8%2F%2BoImjtkgaSt%2FEcB%2FBjgYi"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d00da04f8d059b5-IAD
expires
Wed, 07 Jun 2023 17:14:10 GMT
gtm.js
www.googletagmanager.com/ 		114 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NK3N874
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::2008 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
52171ed64604a959d34338e8e535be2c44681608c5640940ca18dd24b8f2ceee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
45004
x-xss-protection
0
last-modified
Wed, 31 May 2023 16:04:08 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 31 May 2023 17:14:10 GMT
v9e118mez8
trk-essursta.com/scripts/push/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trk-essursta.com/scripts/push/v9e118mez8
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/push-header-msg.js?19949ba75c74f72d6e68bf47e352c45f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:4803 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c65c15e3af0d349af61501f7749076aacef349171d95638bb475f800d8367084
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/javascript;charset=UTF-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=scsKD2MzJfO%2FEdYNm1QyJL%2BRKSPr1Y6cME68UUQZrSwtde9gjsRRJFebLmgZ5Ufiv6a4M4IkowINGcseIkGcN3AkvEr4GhLlKCWUPEVx4RME93Fe2rwMJ1XXf0den4AtU4mwrIJQqOX0K5TfnU%2Fv"}],"group":"cf-nel","max_age":604800}
cache-control
no-cache, no-store, max-age=0, must-revalidate
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
cf-ray
7d00da068c6a5a6a-IAD
expires
0
34f2cdbd39d24812d887a7159aaca131.png
imitatebalde.com/fim/1753-CA/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imitatebalde.com/fim/1753-CA/34f2cdbd39d24812d887a7159aaca131.png
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3133bcd051fea05ca0d023b9264fa5af698b5f4328ee7c5a3a028fddff018eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
5485
x-xss-protection
1; mode=block
last-modified
Wed, 31 May 2023 17:14:05 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hH%2Blzeg3Iqgj6Kk%2FcgEvt0Rd%2FzqZLQvq7J0zL6nuZKua9rM80097rGsmwYqe7Yzx%2BY0EI2j767CZr5yt0y%2F3KqbBT%2FsnmtCqlADBW%2BUWvEY1Iic1YKHDsYoWlA86UX4ugcRk3wQshoey47HW89ae"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7d00da072fd65ae7-IAD
expires
Wed, 07 Jun 2023 17:14:10 GMT
40d38c64980046e7839fa61e5b553efa.png
imitatebalde.com/fim/1753-CA/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imitatebalde.com/fim/1753-CA/40d38c64980046e7839fa61e5b553efa.png
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b19eeb21d7fbd9b8b260e57c2d9198f83732339a9e3cbd5d2264f77e722df26
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
17622
x-xss-protection
1; mode=block
last-modified
Wed, 31 May 2023 17:14:05 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BxzQWWM%2FBTwdm%2BrYzAAo9B6wmtYGbNx0nLfdYWOUgh%2F7So1JmQO30JlwAw4%2BO9CK7T9jzFVzC4YC%2BQtI%2BeMUfWaCJ6SPudKBxBo6oIvu%2FzwzmADiO%2BWcKSeTGKsp%2FoRYuzHG5clBQx1xpKNFYVcR"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7d00da072fd85ae7-IAD
expires
Wed, 07 Jun 2023 17:14:10 GMT
69e6f0ba1e86ad19a886464af4db5ed8.gif
imitatebalde.com/fim/1753-CA/ 		496 KB
497 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imitatebalde.com/fim/1753-CA/69e6f0ba1e86ad19a886464af4db5ed8.gif
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc85702baca03c9e5cea9b68ee081a4fcb99d8ab9c028772dc69e908208128f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
508135
x-xss-protection
1; mode=block
last-modified
Wed, 31 May 2023 17:14:05 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/gif
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WKqbn%2B3pcIdps0qnpFEXZuGeXRlENa%2BeAZ4DgTmTk0Q67r87eO4EQLfIlN%2B6z0m9qL9jsfvmX%2FmCCKcj76grf%2B8CbkkkvGbbvGFvZZ7zvT%2By27o5FeeGN9aLLFxTXpMyVLndy%2FGBXvmmim7oJ52H"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7d00da072fd95ae7-IAD
expires
Wed, 07 Jun 2023 17:14:10 GMT
39cd18258a0f3562c032e9f1cfd0e597.png
imitatebalde.com/fim/1753-CA/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imitatebalde.com/fim/1753-CA/39cd18258a0f3562c032e9f1cfd0e597.png
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddc9f495fa5ffd2acaa85dcfc467f54155a759fc7b86b920e6cce7551ceee14d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
18285
x-xss-protection
1; mode=block
last-modified
Wed, 31 May 2023 17:14:05 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SWHyyX1YrXDfChFbYGmbTQ5M%2Fr6tnqFNDhv%2BX9NjRW%2BYxdwPa1C%2Bz%2FwjkdFaWtV%2BOEBeVJEb5xzaxsrbkmJ3I9BJpWDutNWL4keHK8dgisVNomaQikb3l99MM7Gr5pTzjWabb7hiUI96E1pW7MZX"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7d00da072fdb5ae7-IAD
expires
Wed, 07 Jun 2023 17:14:10 GMT
b30c7d51c5d4a276260ba45d004c268a.png
imitatebalde.com/fim/1753-CA/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imitatebalde.com/fim/1753-CA/b30c7d51c5d4a276260ba45d004c268a.png
Requested by
Host: imitatebalde.com
URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:13d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
5389
x-xss-protection
1; mode=block
last-modified
Wed, 31 May 2023 17:14:05 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERM9%2F9glfzV4%2Bnfs2nt4NIZvGkpcOa8PO%2FN9MXb9xFN7zmzSNhLvw44fyOD8fIl96%2FBmz90up1l5XRuAmjBMbuqQINlThnVMJkKuP1Z4RhPrh6ggqKpcelNPkf0KPgOYqFc8cqVFolgXRg%2Bw0Whw"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7d00da072fdc5ae7-IAD
expires
Wed, 07 Jun 2023 17:14:10 GMT
js
www.googletagmanager.com/gtag/ 		222 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-JMJ044GLKX&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NK3N874
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::2008 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ea16d6b22ca851de37fb0a025f5a31c68fcaddbcf8d7358b36ad1c2d339677ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 17:14:10 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
80172
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 31 May 2023 17:14:10 GMT
collect
www.google-analytics.com/g/ 		0
254 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-JMJ044GLKX&gtm=45je35o0&_p=149925954&cid=1814465715.1685553251&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1685553250&sct=1&seg=0&dl=https%3A%2F%2Fimitatebalde.com%2Fdee0721741729481fee9575d3c8eba22&dr=https%3A%2F%2Fentrencepole.com%2F&dt=%5B1%5D%20Reward%20Pending%20-%20Shipping%20Survey%20-%20We%20Want%20Your%20Opinion!&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JMJ044GLKX&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::200e Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 31 May 2023 17:14:10 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://imitatebalde.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
v9e118mez8
event.trk-essursta.com/register/event_log/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://event.trk-essursta.com/register/event_log/v9e118mez8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:ad21 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://imitatebalde.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://imitatebalde.com
access-control-expose-headers
Authorization, Link, X-Total-Count
access-control-max-age
1800
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7d00da098ffd5aff-IAD
content-length
0
date
Wed, 31 May 2023 17:14:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KTnFmXnP1FbFB41TURldpNwyTYleDxeKPG5jG0JTQIfQFA9VdDUnkbbruHi%2BDnH%2BbrZbg8g%2BtOwzfPpE07IyH3MANJW2ICE%2B5HGci1szu4agiSIbkWRPA%2FLZkOEO%2FzfkM4lbzbluz29p%2FZmRFLNq4sBosie3"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
v9e118mez8
event.trk-essursta.com/register/event_log/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://event.trk-essursta.com/register/event_log/v9e118mez8
Requested by
Host: trk-essursta.com
URL: https://trk-essursta.com/scripts/push/v9e118mez8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:ad21 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://imitatebalde.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-type
application/json

Response headers

expires
0
date
Wed, 31 May 2023 17:14:10 GMT
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert
pushPlatformApp.pushSubscription.deleted
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bncCYdTfWbzU79DGerI6aECS%2FlLtLI55FFwOGGkTE2o%2F0XIs9I3rk4OzXEQXLDWODqPhCrvAj45jo5RZqjrpuiP7EGF6As4WDUe4EgBTFkLGqFSNlllmVAZHV9DLLEatI8j6k1eZ3hZFg3Y%2Fr6htprALZFaO"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://imitatebalde.com
access-control-expose-headers
Authorization, Link, X-Total-Count
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
cf-ray
7d00da09d8465aff-IAD
x-pushplatformapp-params
v9e118mez8
event.trk-essursta.com/register/event_log/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://event.trk-essursta.com/register/event_log/v9e118mez8
Requested by
Host: trk-essursta.com
URL: https://trk-essursta.com/scripts/push/v9e118mez8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:ad21 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://imitatebalde.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-type
application/json

Response headers

expires
0
date
Wed, 31 May 2023 17:14:10 GMT
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert
pushPlatformApp.pushSubscription.deleted
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ydaRTzt4NF%2FyxolUGsC%2BHztAMWnXFUCaf4ZcdLzYEALEkeyLKpac5HjiUzEkmBgvTHRi9aEH0kHO5uiCU9nxGaEvvMHj6pYX7XtkULcPAP0NRIInnjrPDliIX4fn5E5B8kczotBJK3frb8fWnriJtiXE7uF0"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://imitatebalde.com
access-control-expose-headers
Authorization, Link, X-Total-Count
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
cf-ray
7d00da09d8445aff-IAD
x-pushplatformapp-params
v9e118mez8
event.trk-essursta.com/register/event_log/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://event.trk-essursta.com/register/event_log/v9e118mez8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:ad21 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://imitatebalde.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://imitatebalde.com
access-control-expose-headers
Authorization, Link, X-Total-Count
access-control-max-age
1800
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7d00da0988005aff-IAD
content-length
0
date
Wed, 31 May 2023 17:14:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ag9j0jVfT%2BiiSAjzI4%2FTe61jDxLpv8FrWEV8kGMH5thvR2SeET3GW%2FFvihx2g%2FTKVqNnRzU1HrZWrK79hd61d6PmUaQoqaErKpfEP3FL1GSwQQTHurRjm%2FJtEXHoVHu3ms3ZgVUpWkSvWBIBWxiJ8N5UYsFx"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
collect
www.google-analytics.com/g/ 		0
45 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-JMJ044GLKX&gtm=45je35o0&_p=149925954&cid=1814465715.1685553251&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1685553250&sct=1&seg=0&dl=https%3A%2F%2Fimitatebalde.com%2Fdee0721741729481fee9575d3c8eba22&dr=https%3A%2F%2Fentrencepole.com%2F&dt=%5B1%5D%20Reward%20Pending%20-%20Shipping%20Survey%20-%20We%20Want%20Your%20Opinion!&en=scroll&epn.percent_scrolled=90&_et=10
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JMJ044GLKX&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::200e Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imitatebalde.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 31 May 2023 17:14:15 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://imitatebalde.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Customer Survey Spam (Consumer)

129 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend object| dataLayer object| MYCALL string| s1 string| s2 string| esource string| pshpub string| pshdomain object| _0xc98e function| _0xe36c function| $ function| jQuery object| bootstrap object| _0xc89e function| _0xe30c string| rightnow string| imageSquare object| currentdate object| months function| startINTSurvey function| startQuestion function| startSurveyDub function| showSurveyDub object| _0xc69e function| _0xe83c string| LNG string| CMP string| CNT string| BID string| API_URL string| attrChoices string| domain number| count string| pipeline string| zipcode string| state_selected boolean| processing object| states function| birthdayFill function| beforeShowQuestion function| showOfferWall function| createQuestion function| processQuestion function| nextQuestion function| replaceUrlParam function| popunder function| confirm_scheddel function| confirm_scheddelnow function| startsurvey number| box_trying boolean| oneclick function| formatPhoneNumber function| switchTypeQuestions function| validatePhone function| validateEmail function| validateZip function| sendZipIp function| validateHeightF function| validateHeightI function| validateWeight function| validateAll function| validateName function| validateLName function| validateBirthday function| days function| daysInMonth function| dashedNumber function| alpha function| validateKeyStrokes function| showStreetState function| leadgenForm function| showDisclaimer function| preventS function| startSurveyU function| createQuestionU function| switchTypeQuestionsU function| nextQuestionU function| validateData function| showStreetStateU function| c_eff function| cheers function| mfq_tags object| _0xc66e function| _0xe25c string| aff_id string| click_id string| Brand string| lpid string| lpow object| prepop string| emailURL string| phoneURL string| zipcodeURL string| cityURL string| stateURL string| questiontx string| of string| languageCode string| countryCode string| popUrl string| template_name object| google_tag_manager object| google_tag_data object| _0xc29e function| _0xe18c number| answered number| prevProgress number| stepsTotal number| progress string| cheerstx string| txt function| urlBase64ToUint8Array function| pullUrlParams function| push_subscribe function| push_subscribe_promise function| setIfNull function| logPushEvent function| push_unsubscribe function| push_init function| setSessionId function| setUtm function| getSessionId function| getUrlVars function| getDomainName function| getStore function| onYouTubeIframeAPIReady object| gaGlobal

8 Cookies

Domain/Path Name / Value
.linkedin.com/ Name: bcookie
Value: "v=2&ca6771eb-5cd7-4e63-8953-e0a2252bb7c6"
.www.linkedin.com/ Name: bscookie
Value: "v=1&20230531171407e7f5f262-3405-48fc-8d11-c891f7edff9bAQGfktE6pnuvKqJW3O12de4DuL7H0TPd"
.linkedin.com/ Name: lidc
Value: "b=TGST06:s=T:r=T:a=T:p=T:g=2654:u=1:x=1:i=1685553247:t=1685639647:v=2:sig=AQGB6YoiBVLlKZc9vxX6NsqVd3odB-3K"
entrencepole.com/ Name: uid177
Value: 995208493-20230531131408-bc583d359f5fbf5fcff35c0b846880ba-
harbortrimmer.com/ Name: PHPSESSID
Value: d8ee2b2b49f0f32c3b89b1a3aad0bcfb
imitatebalde.com/ Name: PHPSESSID
Value: 7c714d6001933580e1d3b1510a51a2ee
.imitatebalde.com/ Name: _ga
Value: GA1.1.1814465715.1685553251
.imitatebalde.com/ Name: _ga_JMJ044GLKX
Value: GS1.1.1685553250.1.0.1685553250.0.0.0

1 Console Messages

Source Level URL
Text
other error URL: https://imitatebalde.com/dee0721741729481fee9575d3c8eba22
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ahlimayrpodf5dj4.blob.core.windows.net
analyticsandworkloads.com
email.teamsnap.com
entrencepole.com
event.trk-essursta.com
harbortrimmer.com
imitatebalde.com
trk-essursta.com
www.google-analytics.com
www.googletagmanager.com
www.linkedin.com
167.89.115.56
193.163.199.243
195.189.227.158
20.150.90.36
2606:4700:3030::6815:4803
2606:4700:3035::6815:13d7
2606:4700:3035::6815:200f
2606:4700:3036::ac43:ad21
2607:f8b0:4006:81d::200e
2607:f8b0:4020:807::2008
2620:1ec:21::14
01abe855c140a104cb74b4cc391bcbde6be7ab4a6475ca365cd3a7ca09f0d042
18c008cd5be196192bd4b54d0ff8b8ba1b4cc65266a78b6099cf8fde96ad6b90
1d9a75bbbd2d0206dd9038687711d37b15951a5140c0f6d68329628fe05327e7
2740733de193dee5b457e2b6573c33a7a2b72ab77ec0a02cbf7955af231d2e83
3501ef80c10debb2d6f7a647841c07b3899d1162e70a2f40038328d48534e4ee
3b19eeb21d7fbd9b8b260e57c2d9198f83732339a9e3cbd5d2264f77e722df26
462beb0c8ecb2abb15685c31875f268d166313581df110401c2483fab24a46df
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
52171ed64604a959d34338e8e535be2c44681608c5640940ca18dd24b8f2ceee
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
bfaed2c1c9dcd86691c52bc273367417461d427822fd45c0ac67b8bd2e1fbbda
c65c15e3af0d349af61501f7749076aacef349171d95638bb475f800d8367084
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
ddc9f495fa5ffd2acaa85dcfc467f54155a759fc7b86b920e6cce7551ceee14d
e3133bcd051fea05ca0d023b9264fa5af698b5f4328ee7c5a3a028fddff018eb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea16d6b22ca851de37fb0a025f5a31c68fcaddbcf8d7358b36ad1c2d339677ba
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
fc85702baca03c9e5cea9b68ee081a4fcb99d8ab9c028772dc69e908208128f7