www.buydomains.com Open in urlscan Pro
104.18.24.148 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://medicaloutlook.com/
Effective URL:
https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=cli...
Submission: On June 26 via manual (June 26th 2023, 12:09:13 pm UTC) from CA — Scanned from CA

Summary HTTP 101 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 31 IPs in 3 countries across 24 domains to perform 101 HTTP transactions. The main IP is 104.18.24.148, located in and belongs to CLOUDFLARENET, US. The main domain is www.buydomains.com. The Cisco Umbrella rank of the primary domain is 322080.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 17th 2022. Valid for: a year.

This is the only time www.buydomains.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	207.148.248.143 207.148.248.143	29873 (BIZLAND-SD) (BIZLAND-SD)
1 10	104.18.24.148 104.18.24.148	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:81c::200a	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:820::2008	15169 (GOOGLE) (GOOGLE)
10	108.139.47.90 108.139.47.90	16509 (AMAZON-02) (AMAZON-02)
9	2607:f8b0:400... 2607:f8b0:4006:80a::2004	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:81d::200d	15169 (GOOGLE) (GOOGLE)
18	2607:f8b0:400... 2607:f8b0:4006:820::2003	15169 (GOOGLE) (GOOGLE)
1	207.148.248.128 207.148.248.128	29873 (BIZLAND-SD) (BIZLAND-SD)
7	2606:4700::68... 2606:4700::6812:aa72	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:817::2011	15169 (GOOGLE) (GOOGLE)
1 3	192.29.70.2 192.29.70.2	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	2606:4700::68... 2606:4700::6812:1c26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:97de	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.138.106.101 108.138.106.101	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.80.70 142.250.80.70	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:817::2002	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:816::200e	15169 (GOOGLE) (GOOGLE)
1	54.69.131.234 54.69.131.234	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	35.186.249.72 35.186.249.72	15169 (GOOGLE) (GOOGLE)
2	104.127.70.187 104.127.70.187	16625 (AKAMAI-AS) (AKAMAI-AS)
12	2606:4700:440... 2606:4700:4400::6812:2422	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.164.96.87 18.164.96.87	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4004:c08::9c	15169 (GOOGLE) (GOOGLE)
5 5	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2 2	68.67.179.87 68.67.179.87	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	8.43.72.98 8.43.72.98	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	3.225.218.10 3.225.218.10	14618 (AMAZON-AES) (AMAZON-AES)
1 1	142.250.176.194 142.250.176.194	15169 (GOOGLE) (GOOGLE)
1 2	192.40.39.223 192.40.39.223	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1	2607:f8b0:400... 2607:f8b0:4006:80d::2002	15169 (GOOGLE) (GOOGLE)
2	35.82.9.197 35.82.9.197	16509 (AMAZON-02) (AMAZON-02)
1	44.233.34.14 44.233.34.14	16509 (AMAZON-02) (AMAZON-02)
1	54.161.222.185 54.161.222.185	14618 (AMAZON-AES) (AMAZON-AES)
1	52.41.226.252 52.41.226.252	16509 (AMAZON-02) (AMAZON-02)
101	31

1 207.148.248.143 (United States) 1 redirects

ASN29873 (BIZLAND-SD, US)

medicaloutlook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.18.24.148 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.buydomains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81c::200a (Flushing, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:820::2008 (Flushing, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 108.139.47.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-47-90.jfk50.r.cloudfront.net

static.buydomains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:80a::2004 (Flushing, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81d::200d (Flushing, United States)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2607:f8b0:4006:820::2003 (Flushing, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 207.148.248.128 (United States)

ASN29873 (BIZLAND-SD, US)
PTR: api.buydomains.com

api.buydomains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6812:aa72 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::2011 (Flushing, United States)

ASN15169 (GOOGLE, US)

csp.withgoogle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.29.70.2 (Toronto, Canada) 1 redirects

ASN31898 (ORACLE-BMC-31898, US)

s1731649222.t.eloqua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1c26 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:97de (United States)

ASN13335 (CLOUDFLARENET, US)

wsmcdn.audioeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.106.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-101.jfk50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.70 (Staten Island, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f6.1e100.net

6928088.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::2002 (Flushing, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:816::200e (Flushing, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.69.131.234 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: b-app19-39.boldchat.com

vmss.boldchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.249.72 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 72.249.186.35.bc.googleusercontent.com

d.impactradius-event.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.127.70.187 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-127-70-187.deploy.static.akamaitechnologies.com

se.monetate.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:4400::6812:2422 (United States)

ASN13335 (CLOUDFLARENET, US)

wsv3cdn.audioeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.96.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-87.jfk50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c08::9c (Ashburn, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.223.40.198 (United States) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.67.179.87 (North Bergen, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.43.72.98 (United States) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.225.218.10 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-218-10.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.176.194 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.40.39.223 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80d::2002 (Flushing, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.82.9.197 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: b-app19-34.boldchat.com

vms.boldchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.233.34.14 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-233-34-14.us-west-2.compute.amazonaws.com

visitor-services.boldchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.161.222.185 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-222-185.compute-1.amazonaws.com

d.monetate.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.41.226.252 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-41-226-252.us-west-2.compute.amazonaws.com

analytics.audioeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	buydomains.com 1 redirects www.buydomains.com — Cisco Umbrella Rank: 322080 static.buydomains.com — Cisco Umbrella Rank: 808743 api.buydomains.com — Cisco Umbrella Rank: 950917	432 KB
15	gstatic.com www.gstatic.com fonts.gstatic.com	716 KB
14	audioeye.com wsmcdn.audioeye.com — Cisco Umbrella Rank: 6997 wsv3cdn.audioeye.com — Cisco Umbrella Rank: 4799 analytics.audioeye.com — Cisco Umbrella Rank: 5801	290 KB
13	google.com www.google.com — Cisco Umbrella Rank: 3 accounts.google.com — Cisco Umbrella Rank: 59 adservice.google.com — Cisco Umbrella Rank: 107	202 KB
7	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 413	129 KB
6	doubleclick.net 2 redirects 6928088.fls.doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 stats.g.doubleclick.net — Cisco Umbrella Rank: 124 cm.g.doubleclick.net — Cisco Umbrella Rank: 244	4 KB
5	adsrvr.org 5 redirects insight.adsrvr.org — Cisco Umbrella Rank: 592 match.adsrvr.org — Cisco Umbrella Rank: 375	3 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 60	21 KB
4	boldchat.com vmss.boldchat.com — Cisco Umbrella Rank: 15787 vms.boldchat.com — Cisco Umbrella Rank: 13795 visitor-services.boldchat.com — Cisco Umbrella Rank: 14446	21 KB
3	google.ca www.google.ca — Cisco Umbrella Rank: 7757	625 B
3	monetate.net se.monetate.net — Cisco Umbrella Rank: 5369 d.monetate.net — Cisco Umbrella Rank: 20076	46 KB
3	eloqua.com 1 redirects s1731649222.t.eloqua.com	2 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 621	2 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 340	614 B
2	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 249	2 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 176	88 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 749 script.hotjar.com — Cisco Umbrella Rank: 1067	73 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 82	168 KB
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 381	915 B
1	impactradius-event.com d.impactradius-event.com — Cisco Umbrella Rank: 3679	13 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 684	307 B
1	withgoogle.com csp.withgoogle.com — Cisco Umbrella Rank: 1180
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 80	1 KB
1	medicaloutlook.com 1 redirects medicaloutlook.com	418 B
101	24

	Domain	Requested by
12	wsv3cdn.audioeye.com	wsmcdn.audioeye.com wsv3cdn.audioeye.com
10	static.buydomains.com	www.buydomains.com static.buydomains.com
10	www.buydomains.com	1 redirects www.buydomains.com
9	www.google.com	www.buydomains.com www.gstatic.com www.google.com
8	www.gstatic.com	www.google.com www.gstatic.com
7	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org
7	fonts.gstatic.com	fonts.googleapis.com www.buydomains.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	match.adsrvr.org	4 redirects
3	www.google.ca
3	s1731649222.t.eloqua.com	1 redirects static.buydomains.com www.buydomains.com
3	accounts.google.com	www.buydomains.com accounts.google.com
2	vms.boldchat.com	vmss.boldchat.com
2	dsum-sec.casalemedia.com	1 redirects 6928088.fls.doubleclick.net
2	ups.analytics.yahoo.com	2 redirects
2	ib.adnxs.com	2 redirects
2	stats.g.doubleclick.net	www.google-analytics.com
2	se.monetate.net	www.googletagmanager.com se.monetate.net
2	connect.facebook.net	www.buydomains.com connect.facebook.net
2	6928088.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	www.googletagmanager.com	www.buydomains.com www.google-analytics.com
1	analytics.audioeye.com	wsv3cdn.audioeye.com
1	d.monetate.net	se.monetate.net
1	visitor-services.boldchat.com	vmss.boldchat.com
1	adservice.google.com	6928088.fls.doubleclick.net
1	cm.g.doubleclick.net	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	insight.adsrvr.org	1 redirects
1	script.hotjar.com	static.hotjar.com
1	d.impactradius-event.com	www.buydomains.com
1	vmss.boldchat.com	www.buydomains.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	wsmcdn.audioeye.com	www.buydomains.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	csp.withgoogle.com	www.buydomains.com
1	api.buydomains.com	www.buydomains.com
1	fonts.googleapis.com	www.buydomains.com
1	medicaloutlook.com	1 redirects
101	39

This site contains links to these domains. Also see Links.

Domain
newfold.com
policies.google.com
www.newfold.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-10-17` - `2023-10-17`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.buydomains.com Amazon RSA 2048 M01	`2023-02-24` - `2024-01-26`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.appspot.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.t.eloqua.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-22` - `2024-04-10`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.boldchat.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-14` - `2024-03-13`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-04` - `2023-07-03`	3 months	crt.sh
*.impactradius-event.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-07` - `2024-01-06`	a year	crt.sh
www.monetate.net DigiCert TLS RSA SHA256 2020 CA1	`2022-07-02` - `2023-07-06`	a year	crt.sh
*.google.ca GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.monetate.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-01` - `2023-10-02`	a year	crt.sh
report-prod.audioeye.com Amazon RSA 2048 M02	`2022-10-17` - `2023-11-15`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Frame ID: 05036A8000A2BC1061AD1595822FB004
Requests: 78 HTTP requests in this frame

Frame: https://accounts.google.com/gsi/button?theme=filled_blue&size=medium&ux_mode=redirect&auto_select=true&width=186&height=35&redirect_uri=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&client_id=493010564269-4qns5belsuphdbuurpmae7pknmirdktg.apps.googleusercontent.com&iframe_id=gsi_346248_780683&as=b4EZ6S7R1ElDTnhFJjcKNA
Frame ID: 04991F45986C769D27350CD90A2E0538
Requests: 3 HTTP requests in this frame

Frame: https://www.buydomains.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
Frame ID: BDBF294696AD2D81DDCF46DA2C48CBB6
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C&co=aHR0cHM6Ly93d3cuYnV5ZG9tYWlucy5jb206NDQz&hl=en&v=IqA9DpBOUJevxkykws9RiIBs&size=invisible&badge=inline&cb=c6ockqshi3nw
Frame ID: A0C3CBEAF53EFFE0E81E92DEE888290F
Requests: 4 HTTP requests in this frame

Frame: https://6928088.fls.doubleclick.net/activityi;dc_pre=CLzu173z4P8CFdMMaAgdMS8J8Q;src=6928088;type=remar0;cat=bd-al0;ord=949290731112;u=medicaloutlook.com;gtm=45He36l0;auiddc=267201668.1687781347;u2=medicaloutlook.com;u1=unknown%20value;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect
Frame ID: 0B4D840E31CF36FEECB57CEC279292BF
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=IqA9DpBOUJevxkykws9RiIBs&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
Frame ID: F08F37C284F6AE349899EF6AD8832848
Requests: 11 HTTP requests in this frame

Frame: https://wsv3cdn.audioeye.com/v2/frame/cookieStorage.html?build=prod/m&pscb=&cb=97ebc17
Frame ID: BE9A282BFBE0864699B6880CBEFDD1DB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Buy Domains - medicaloutlook.com is for sale!close carousel

Page URL History Show full URLs

http://medicaloutlook.com/ HTTP 301
https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutloo... Page URL

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

accounts\.google\.com/gsi/client

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Impact (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

d\.impactradius-event\.com

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

101
Requests

97 %
HTTPS

42 %
IPv6

24
Domains

39
Subdomains

31
IPs

3
Countries

2208 kB
Transfer

6466 kB
Size

54
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://newfold.com/privacy-center
Title: Privacy Notice

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.newfold.com/privacy-center/addendum-for-california-users
Title: Do Not Sell My Personal Information

Search URL Search Domain Scan URL

URL: https://newfold.com/privacy-center/cookie-policy
Title: Cookie Notice

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://medicaloutlook.com/ HTTP 301
https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

https://www.buydomains.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://www.buydomains.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js

Request Chain 32

https://s1731649222.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1731649222&ref2=elqNone&tzo=0&ms=469&optin=disabled HTTP 302
https://s1731649222.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1731649222&ref2=elqNone&tzo=0&ms=469&optin=disabled&elqCookie=1

Request Chain 43

https://6928088.fls.doubleclick.net/activityi;src=6928088;type=remar0;cat=bd-al0;ord=949290731112;u=medicaloutlook.com;gtm=45He36l0;auiddc=267201668.1687781347;u2=medicaloutlook.com;u1=unknown%20value;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect HTTP 302
https://6928088.fls.doubleclick.net/activityi;dc_pre=CLzu173z4P8CFdMMaAgdMS8J8Q;src=6928088;type=remar0;cat=bd-al0;ord=949290731112;u=medicaloutlook.com;gtm=45He36l0;auiddc=267201668.1687781347;u2=medicaloutlook.com;u1=unknown%20value;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect

Request Chain 66

https://insight.adsrvr.org/track/evnt/?adv=b7xg2v6&ct=0:92joh6v&fmt=3 HTTP 302
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=f0900cf9-2957-48bb-9f51-143a3b8c1075 HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3Df0900cf9-2957-48bb-9f51-143a3b8c1075 HTTP 302
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=5366169314952485015&ttd_tdid=f0900cf9-2957-48bb-9f51-143a3b8c1075 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=f0900cf9-2957-48bb-9f51-143a3b8c1075&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=f0900cf9-2957-48bb-9f51-143a3b8c1075&_origin=1&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=f0900cf9-2957-48bb-9f51-143a3b8c1075&_origin=1&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia&yahoo_id=y-bn6HgMlE2uJswC1moJglfJlf0vciBiU-~A&gdpr=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=ZjA5MDBjZjktMjk1Ny00OGJiLTlmNTEtMTQzYTNiOGMxMDc1&gdpr=0&gdpr_consent=&ttd_tdid=f0900cf9-2957-48bb-9f51-143a3b8c1075 HTTP 302
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=f0900cf9-2957-48bb-9f51-143a3b8c1075&google_gid=CAESEHoWJka8avxZTVyWv7RT5jE&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=f0900cf9-2957-48bb-9f51-143a3b8c1075&expiration=1690373349&gdpr=0&gdpr_consent= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=f0900cf9-2957-48bb-9f51-143a3b8c1075&expiration=1690373349&gdpr=0&gdpr_consent=&C=1

101 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request medicaloutlook.com Show response
www.buydomains.com/lander/
Redirect Chain

http://medicaloutlook.com/
https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect...

1 MB
399 KB

644ms
590ms

Document
text/html

104.18.24.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.24.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.8
Resource Hash: 13c550bda95a3b025ba494b4a95082404506f84cc2d3a81beeb365ee611743f9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 7dd556dd8e6054bb-YYZ
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 26 Jun 2023 12:09:05 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: cloudflare
x-node: www-03.prod
x-php-backend: www-03.prod
x-powered-by: PHP/5.6.8

Redirect headers

Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 26 Jun 2023 12:09:04 GMT
Location: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Server: Apache/2.4.6 (CentOS) PHP/5.6.8
X-Powered-By: PHP/5.6.8

GET
H2 200 css
fonts.googleapis.com/ 14 KB
1 KB 91ms
36ms Stylesheet
text/css 2607:f8b0:4006:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300italic,400,300,600,700&display=swap

Requested by

Host: www.buydomains.com
URL: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::200a Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a1ca1f41ae3825853af12338d1d22e38651f1d05a196f9a09e145449d13bb8ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 26 Jun 2023 12:09:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 12:09:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 26 Jun 2023 12:09:05 GMT

GET
H2 200 workerJS.min.js
www.buydomains.com/browser/js/worker/ 2 KB
1 KB 30ms
29ms Other
application/javascript 104.18.24.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buydomains.com/browser/js/worker/workerJS.min.js
Requested by: Host: www.buydomains.com
URL: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.24.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b77da753e230b7c8b22e848cb4c06fc82817e2492437c01014ef60f6c0049779

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:05 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 15 Nov 2022 12:45:14 GMT
server: cloudflare
age: 1032
etag: W/"7c3-5ed81ba32aa80"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 7dd556e1695c54bb-YYZ
x-node: www-04.prod

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 264 KB
90 KB 97ms
48ms Script
application/javascript 2607:f8b0:4006:820::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NL5LTF

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2008 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a3611762d759fbc88014a948d6886de35d40437f162531a8a854493eca288839

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 91916
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 26 Jun 2023 12:09:05 GMT

GET
H/1.1 200
OK eloqua.js Show response
static.buydomains.com// 1 KB
1 KB 145ms
44ms Script
text/javascript 108.139.47.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.buydomains.com//eloqua.js?version=2023-05-23-1
Requested by: Host: www.buydomains.com
URL: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-90.jfk50.r.cloudfront.net
Software: cloudflare / PHP/5.6.8
Resource Hash: b001ecc7a932d67efb37761aa6c469c54a53eeb9dd3b283a8c1590de40b699d4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sun, 18 Jun 2023 14:52:29 GMT
Content-Encoding: gzip
Via: 1.1 fa2a1404411f25eb7c3c4def0c2864e6.cloudfront.net (CloudFront)
CF-Cache-Status: MISS
X-Amz-Cf-Pop: JFK50-P1
Age: 681396
X-Powered-By: PHP/5.6.8
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Node: www-04.prod
X-PHP-Backend: www-04.prod
Pragma: cache
Last-Modified: Sun, 18 Jun 2023 14:52:29 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
CF-RAY: 7d945b39bb8a58c0-IAD
X-Amz-Cf-Id: Kimfivw5YV1y6VChn1s_4P8abLTzwXsAnDIRq_CDO_PHpzIkg0z9fA==
Expires: Tue, 18 Jul 2023 14:52:29 GMT

GET
H/1.1 200
OK lander-v7.css
static.buydomains.com//browser/css/lander/g/ 45 KB
9 KB 39ms
20ms Stylesheet
text/css 108.139.47.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
Requested by: Host: www.buydomains.com
URL: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-90.jfk50.r.cloudfront.net
Software: cloudflare /
Resource Hash: c371aaf5bdf44763b34e7ee9512ed63f584aa385c98adbad194820944a7e2acd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Mon, 26 Jun 2023 07:32:50 GMT
Content-Encoding: gzip
Via: 1.1 11addd18912b8ffba16fde7055a9ca56.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
X-Amz-Cf-Pop: JFK50-P1
Age: 16671
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Node: www-03.prod
Last-Modified: Tue, 23 May 2023 17:04:28 GMT
Server: cloudflare
ETag: W/"b5e4-5fc5f614bbf00"
Vary: Accept-Encoding
Content-Type: text/css
CF-RAY: 7db2ca01cf1c9c2b-IAD
X-Amz-Cf-Id: rSSxhMBUOuL-8yDkpcOhmU3QIDlpyyMLtE88cHapfllmj2XPH21b6g==

GET
H/1.1 200
OK logo-custom.svg
static.buydomains.com//browser/img/tdfs/ 10 KB
4 KB 20ms
18ms Image
image/svg+xml 108.139.47.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.buydomains.com//browser/img/tdfs/logo-custom.svg?version=2023-05-23-1
Requested by: Host: www.buydomains.com
URL: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-90.jfk50.r.cloudfront.net
Software: cloudflare /
Resource Hash: 8980cf6253215578b8aa8d4a22ef348643fff2d869ae4005014599cd7ae8fe6a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Mon, 26 Jun 2023 06:09:57 GMT
Content-Encoding: gzip
Via: 1.1 fa2a1404411f25eb7c3c4def0c2864e6.cloudfront.net (CloudFront)
CF-Cache-Status: REVALIDATED
X-Amz-Cf-Pop: JFK50-P1
Age: 21664
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Node: www-05.prod
Last-Modified: Mon, 02 Nov 2020 15:52:13 GMT
Server: cloudflare
ETag: W/"2701-5b321bacf6540"
Vary: Accept-Encoding
Content-Type: image/svg+xml
CF-RAY: 7da1d2c74e210842-IAD
X-Amz-Cf-Id: vCSnpug_kjq-oMeDcxn8duCW2I3x7HxyCeLymwdNPg6S-NHKFGXO2w==

GET
H2 200 email-decode.min.js Show response
www.buydomains.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
831 B 50ms
18ms Script
application/javascript 104.18.24.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.buydomains.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.24.148 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Jun 2023 09:29:09 GMT
server: cloudflare
etag: W/"64941465-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 7dd556e33af954bb-YYZ
expires: Wed, 28 Jun 2023 12:09:05 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
876 B 90ms
39ms Script
text/javascript 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

092a690c556396c5c85bb83728e427187415bcc74a7be26c340d0d3affd70129

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 556
x-xss-protection: 1; mode=block
expires: Mon, 26 Jun 2023 12:09:05 GMT

GET
H2 200 client Show response
accounts.google.com/gsi/ 195 KB
77 KB 133ms
82ms Script
application/javascript 2607:f8b0:4006:81d::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/client

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200d Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

259e70f3b52cbdbab50914ae1ecfc516e43de602bc04a3e8f06511e9a4a6b33c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-x0TACB1rjiDP0MEAwEq1cA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:06 GMT
content-security-policy: script-src 'report-sample' 'nonce-x0TACB1rjiDP0MEAwEq1cA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Mon, 26 Jun 2023 12:09:06 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/ 427 KB
172 KB 75ms
19ms Script
text/javascript 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02ca49fda602d411bc21fbfa941871cd8944352e3ffb6b289b4f86eb1849a6c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buydomains.com/
Origin: https://www.buydomains.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 05:54:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 175191
x-xss-protection: 0
last-modified: Tue, 20 Jun 2023 18:10:42 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 05:54:35 GMT

GET
H2 200 style
accounts.google.com/gsi/ 533 B
585 B 59ms
57ms Stylesheet
text/css 2607:f8b0:4006:81d::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/style

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/gsi/client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200d Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-xq1Kqg-2sy3Uq8qdw-3SyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:06 GMT
content-security-policy: script-src 'report-sample' 'nonce-xq1Kqg-2sy3Uq8qdw-3SyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: text/css; charset=utf-8
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Mon, 26 Jun 2023 12:09:06 GMT

GET
H/1.1 200
OK person-24px.svg
static.buydomains.com/browser/img/icons/ 603 B
1001 B 20ms
19ms Image
image/svg+xml 108.139.47.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.buydomains.com/browser/img/icons/person-24px.svg
Requested by: Host: static.buydomains.com
URL: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-90.jfk50.r.cloudfront.net
Software: cloudflare /
Resource Hash: ec1cb728e8d93018bd8980489f1c6bcfad2dafcb33410b6526c180801f6a3320

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Mon, 26 Jun 2023 08:24:39 GMT
Content-Encoding: gzip
Via: 1.1 fa2a1404411f25eb7c3c4def0c2864e6.cloudfront.net (CloudFront)
CF-Cache-Status: MISS
X-Amz-Cf-Pop: JFK50-P1
Age: 13467
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Node: www-04.prod
Last-Modified: Tue, 07 Apr 2020 16:14:48 GMT
Server: cloudflare
ETag: W/"25b-5a2b5aebdae00"
Vary: Accept-Encoding
Content-Type: image/svg+xml
CF-RAY: 7dc392f94a8757e2-IAD
X-Amz-Cf-Id: DDiEYytJwDFtwJhnskMnvZD_72cSEtNs5xgBskjn7v2GQfw9WNQpcQ==

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/ 47 KB
48 KB 20ms
19ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300italic,400,300,600,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.buydomains.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 22:34:53 GMT
x-content-type-options: nosniff
age: 480853
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48412
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:08:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 22:34:53 GMT

GET
H/1.1 200
OK email-24px.svg
static.buydomains.com/browser/img/icons/ 270 B
779 B 20ms
20ms Image
image/svg+xml 108.139.47.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.buydomains.com/browser/img/icons/email-24px.svg
Requested by: Host: static.buydomains.com
URL: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-90.jfk50.r.cloudfront.net
Software: cloudflare /
Resource Hash: a42b244bb1076165f4e5b66b58ea444542751753fa8753d3bd9bf13d681f3f3d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Mon, 26 Jun 2023 06:39:35 GMT
Content-Encoding: gzip
Via: 1.1 11addd18912b8ffba16fde7055a9ca56.cloudfront.net (CloudFront)
CF-Cache-Status: MISS
X-Amz-Cf-Pop: JFK50-P1
Age: 19935
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Node: www-01.prod
Last-Modified: Tue, 07 Apr 2020 16:14:48 GMT
Server: cloudflare
ETag: W/"10e-5a2b5aebdae00"
Vary: Accept-Encoding
Content-Type: image/svg+xml
CF-RAY: 7dcb329deabd826e-IAD
X-Amz-Cf-Id: JGKNwXMsFJBLuiY6kAEnxB8y61YLLEq28AA8qsNJbbocRbZzXuzfvA==

GET
H/1.1 200
OK local-phone-24px.svg
static.buydomains.com/browser/img/icons/ 355 B
824 B 53ms
19ms Image
image/svg+xml 108.139.47.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.buydomains.com/browser/img/icons/local-phone-24px.svg
Requested by: Host: static.buydomains.com
URL: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-90.jfk50.r.cloudfront.net
Software: cloudflare /
Resource Hash: 5684d84cdb0e09ff6a54f7f7b0b69dead4be64bf91f1445f2da8540a464e0ce5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Mon, 26 Jun 2023 05:16:31 GMT
Content-Encoding: gzip
Via: 1.1 fa2a1404411f25eb7c3c4def0c2864e6.cloudfront.net (CloudFront)
CF-Cache-Status: MISS
X-Amz-Cf-Pop: JFK50-P1
Age: 24907
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Node: www-01.prod
Last-Modified: Tue, 07 Apr 2020 16:14:48 GMT
Server: cloudflare
ETag: W/"163-5a2b5aebdae00"
Vary: Accept-Encoding
Content-Type: image/svg+xml
CF-RAY: 7dcab8e1ea9905bf-IAD
X-Amz-Cf-Id: eryfXk8RGQtRFSAubIxs-moHKzBXu7D8hZtF07RoeLYZBbW_TqzoiA==

GET
H/1.1 200
OK public-24px.svg
static.buydomains.com/browser/img/icons/ 436 B
859 B 57ms
18ms Image
image/svg+xml 108.139.47.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.buydomains.com/browser/img/icons/public-24px.svg
Requested by: Host: static.buydomains.com
URL: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-90.jfk50.r.cloudfront.net
Software: cloudflare /
Resource Hash: 1f878e1bcbcaa0ca6cab5953e6f7a06431b4ed5f826a6992df5debb5a409f417

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Mon, 26 Jun 2023 10:42:53 GMT
Content-Encoding: gzip
Via: 1.1 11addd18912b8ffba16fde7055a9ca56.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
X-Amz-Cf-Pop: JFK50-P1
Age: 5177
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Node: www-05.prod
Last-Modified: Tue, 07 Apr 2020 16:14:48 GMT
Server: cloudflare
ETag: W/"1b4-5a2b5aebdae00"
Vary: Accept-Encoding
Content-Type: image/svg+xml
CF-RAY: 7dc45d012dc920d2-IAD
X-Amz-Cf-Id: Ulvz7GmeC5aMA5ME_-N5hjUzGENAYIAmRSVbPfudAZ1laOX6dbw_pg==

GET
H/1.1 200
OK selectArrowGrey.svg
static.buydomains.com/browser/img/icons/ 537 B
957 B 58ms
18ms Image
image/svg+xml 108.139.47.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.buydomains.com/browser/img/icons/selectArrowGrey.svg
Requested by: Host: static.buydomains.com
URL: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-90.jfk50.r.cloudfront.net
Software: cloudflare /
Resource Hash: 3e77ef500018117cc3df997527af30f05768a4fb6a7195098a3bd1d3b43771ac

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Mon, 26 Jun 2023 06:18:32 GMT
Content-Encoding: gzip
Via: 1.1 a5bf84280caeb8a606c41eaba71ee8be.cloudfront.net (CloudFront)
CF-Cache-Status: MISS
X-Amz-Cf-Pop: JFK50-P1
Age: 21278
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Node: www-04.prod
Last-Modified: Tue, 07 Apr 2020 16:14:48 GMT
Server: cloudflare
ETag: W/"219-5a2b5aebdae00"
Vary: Accept-Encoding
Content-Type: image/svg+xml
CF-RAY: 7dcb11e4b801201b-IAD
X-Amz-Cf-Id: r9mk5mNUzHLHH95LKs6WaZ8DJM4xtfezeMCbkCAf4Tco6HFr84zFlQ==

GET
H/1.1 200
OK checkmark-blue.svg
static.buydomains.com/browser/img/icons/ 424 B
843 B 56ms
18ms Image
image/svg+xml 108.139.47.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.buydomains.com/browser/img/icons/checkmark-blue.svg
Requested by: Host: static.buydomains.com
URL: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-90.jfk50.r.cloudfront.net
Software: cloudflare /
Resource Hash: cec07df5c80f83d619faa160743b34e3579512aa79befa37c7a4d74433616051

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Mon, 26 Jun 2023 06:12:36 GMT
Content-Encoding: gzip
Via: 1.1 b4d4149b3eab97748926fd7af4eba404.cloudfront.net (CloudFront)
CF-Cache-Status: REVALIDATED
X-Amz-Cf-Pop: JFK50-P1
Age: 21508
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Node: www-02.prod
Last-Modified: Thu, 02 Apr 2020 20:00:11 GMT
Server: cloudflare
ETag: W/"1a8-5a2543f9168c0"
Vary: Accept-Encoding
Content-Type: image/svg+xml
CF-RAY: 7dcb0c4f4d683998-IAD
X-Amz-Cf-Id: RunW7QAauFiIvoFAtzjMQKQ8pjnnipdinb60e6dm-CHQ6aD5IYSSNQ==

GET
H2 200 memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk5hkWVAewA.woff2
fonts.gstatic.com/s/opensans/v35/ 19 KB
19 KB 20ms
20ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk5hkWVAewA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300italic,400,300,600,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f52a120841562a7b5920d038ab9aee9f1cb48f52028a2c5b918b6b9ba760cf8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.buydomains.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 12:34:42 GMT
x-content-type-options: nosniff
age: 430464
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19280
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:09:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Jun 2024 12:34:42 GMT

GET
H3 200 button Show response
accounts.google.com/gsi/ Frame 0499 110 KB
39 KB 143ms
140ms Document
text/html 2607:f8b0:4006:81d::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/button?theme=filled_blue&size=medium&ux_mode=redirect&auto_select=true&width=186&height=35&redirect_uri=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&client_id=493010564269-4qns5belsuphdbuurpmae7pknmirdktg.apps.googleusercontent.com&iframe_id=gsi_346248_780683&as=b4EZ6S7R1ElDTnhFJjcKNA

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/gsi/client

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::200d Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

be3cad75ecdedfa007a05d92d974846c8aedfad2822dc3c6cb4b6d39d837e1df

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-nRhNGyQW0p0HzHrclT2BSg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buydomains.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-nRhNGyQW0p0HzHrclT2BSg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
cross-origin-resource-policy: cross-origin
date: Mon, 26 Jun 2023 12:09:06 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK detect Show response
api.buydomains.com/locale/ 2 KB
2 KB 142ms
23ms XHR
application/json 207.148.248.128
BIZLAND-SD

General

Check archive.org

Show headers Download Go to

Full URL: https://api.buydomains.com/locale/detect?timestamp=1687781346095
Requested by: Host: www.buydomains.com
URL: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.148.248.128 , United States, ASN29873 (BIZLAND-SD, US),
Reverse DNS: api.buydomains.com
Software: Apache-Coyote/1.1 /
Resource Hash: c4935286922692afbebf83bd9b592e68cb568cba4bb27c5959ad11f1c854d307

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.buydomains.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 26 Jun 2023 12:09:06 GMT
Cache-Control: public, max-age=604800
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Content-Type: application/json;charset=UTF-8

GET
H2 200 offendingChars.html Show response
www.buydomains.com/browser/html/ 131 B
248 B 169ms
168ms XHR
text/html 104.18.24.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buydomains.com/browser/html/offendingChars.html
Requested by: Host: www.buydomains.com
URL: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.24.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09153a1fab49a5ac7de94b25e587b011bf9a797139e12b1fe71e471d958c3b4c

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:06 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Thu, 24 Feb 2022 19:25:10 GMT
server: cloudflare
content-type: text/html; charset=UTF-8
cf-ray: 7dd556e65d8854bb-YYZ
x-node: www-02.prod

GET
H2 200 / Show response
www.buydomains.com/get-user-country-info/ 45 B
980 B 388ms
387ms XHR
text/html 104.18.24.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buydomains.com/get-user-country-info/
Requested by: Host: www.buydomains.com
URL: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.24.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.8
Resource Hash: 7becfb9e0a5ccbdcd505ea0205f20d569291586611dbdafb1d8ec4a302009a73

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-php-backend: www-01.prod
pragma: no-cache
date: Mon, 26 Jun 2023 12:09:06 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: PHP/5.6.8
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 7dd556e65d8b54bb-YYZ
x-node: www-01.prod
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 get-user-fields Show response
www.buydomains.com/ 59 B
157 B 820ms
820ms XHR
text/html 104.18.24.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buydomains.com/get-user-fields
Requested by: Host: www.buydomains.com
URL: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.24.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.8
Resource Hash: 36d33e8c1ac6427bc45c239baeab341b99ac6d21859e885a5b8d7375f133b7fe

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-php-backend: www-05.prod
pragma: no-cache
date: Mon, 26 Jun 2023 12:09:07 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: PHP/5.6.8
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 7dd556e65d8d54bb-YYZ
x-node: www-05.prod
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2

200

invisible.js Show response
www.buydomains.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/ Frame BDBF
Redirect Chain

https://www.buydomains.com/cdn-cgi/challenge-platform/scripts/invisible.js
https://www.buydomains.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js

7 KB
4 KB

28ms
28ms

Script
application/javascript

104.18.24.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.buydomains.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js

Requested by

Protocol

Server

104.18.24.148 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1edf122d037ef6a773495dc175eea391e0659f115cb210e15faf6f96f02b4219

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7dd556e73e2c54bb-YYZ

Redirect headers

date: Mon, 26 Jun 2023 12:09:06 GMT
content-encoding: gzip
server: cloudflare
vary: accept-encoding
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 7dd556e68da054bb-YYZ

GET
H/1.1 200
OK elqCfg.min.js Show response
static.buydomains.com//browser/js/vendor/ 5 KB
2 KB 18ms
18ms Script
application/javascript 108.139.47.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.buydomains.com//browser/js/vendor/elqCfg.min.js?version=2023-05-23-1
Requested by: Host: static.buydomains.com
URL: https://static.buydomains.com//eloqua.js?version=2023-05-23-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-90.jfk50.r.cloudfront.net
Software: cloudflare /
Resource Hash: 4ce841d1ae5272d22006550201e33d8aca6f088ede7a2a10f56fc5abc416ce5d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Mon, 26 Jun 2023 11:50:40 GMT
Content-Encoding: gzip
Via: 1.1 b4d4149b3eab97748926fd7af4eba404.cloudfront.net (CloudFront)
CF-Cache-Status: MISS
X-Amz-Cf-Pop: JFK50-P1
Age: 1106
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Node: www-03.prod
Last-Modified: Fri, 25 Jan 2019 17:23:12 GMT
Server: cloudflare
ETag: W/"1208-5804b94dd8000"
Vary: Accept-Encoding
Content-Type: application/javascript
CF-RAY: 7dbc8132e8845a6a-IAD
X-Amz-Cf-Id: caU4YjLLCxtRIzM5xfc2eEUDRZuHrv6aNo65KtgsBIE5ayHfvY6sVg==

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 59ms
25ms Script
application/javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NL5LTF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffc79feebdfe105c3de8840c2a5814b3fae59d3529463fdf9329080967ed92ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 26 Jun 2023 12:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Ss3gfiwT9vXTSvNlfc+4JQ==
age: 73846
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6820
x-ms-lease-status: unlocked
last-modified: Fri, 23 Jun 2023 04:42:54 GMT
server: cloudflare
etag: 0x8DB73A44F888DA7
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 2b1b98a5-301e-005e-1d0b-a62be5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7dd556e6cb9033ef-YUL

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame A0C3 51 KB
29 KB 64ms
63ms Document
text/html 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C&co=aHR0cHM6Ly93d3cuYnV5ZG9tYWlucy5jb206NDQz&hl=en&v=IqA9DpBOUJevxkykws9RiIBs&size=invisible&badge=inline&cb=c6ockqshi3nw

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ec9c61e3e9f4511867ae242a576324edc5e28413731517c9880fdca7fd061cea

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ADBK3zGBakbjtVEjeUrExw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.buydomains.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 28844
content-security-policy: script-src 'report-sample' 'nonce-ADBK3zGBakbjtVEjeUrExw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 26 Jun 2023 12:09:06 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 200 locate Show response
www.buydomains.com/ 2 KB
1 KB 502ms
502ms XHR
text/html 104.18.24.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buydomains.com/locate?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Requested by: Host: www.buydomains.com
URL: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.24.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.8
Resource Hash: 6117833947969ea9373cf58f35f88eaa7b5b6cef8874d7006f328a03e6bc5005

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-php-backend: www-04.prod
pragma: no-cache
date: Mon, 26 Jun 2023 12:09:06 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: PHP/5.6.8
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.buydomains.com
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 7dd556e74e3a54bb-YYZ
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
x-node: www-04.prod
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 91181fd5-0816-4a3d-8427-63a8d53f717e.json Show response
cdn.cookielaw.org/consent/91181fd5-0816-4a3d-8427-63a8d53f717e/ 4 KB
2 KB 51ms
28ms XHR
application/x-javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/91181fd5-0816-4a3d-8427-63a8d53f717e/91181fd5-0816-4a3d-8427-63a8d53f717e.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d856eab9531599c4fbf09adc43f4621f69ccfcb01e305fb09cb361d54bf7855f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 26 Jun 2023 12:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 64e2muUh1Ebt8seB7DrF5w==
age: 68712
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1629
x-ms-lease-status: unlocked
last-modified: Thu, 22 Jun 2023 16:46:55 GMT
server: cloudflare
etag: 0x8DB7340496F2E7D
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f33232f5-701e-0156-1229-a576c3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7dd556e77f777139-YUL
expires: Tue, 27 Jun 2023 12:09:06 GMT

POST
H2 204 identity-sign-in-google-http
csp.withgoogle.com/csp/ Frame 0499 0
0 127ms
42ms Other
text/html 2607:f8b0:4006:817::2011
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.withgoogle.com/csp/identity-sign-in-google-http
Requested by: Host: www.buydomains.com
URL: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:817::2011 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H/1.1 200
OK svrGP Show response
s1731649222.t.eloqua.com/visitor/v200/ 0
411 B 150ms
40ms Script
application/javascript 192.29.70.2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://s1731649222.t.eloqua.com/visitor/v200/svrGP?pps=70&siteid=1731649222&ref=&ms=469

Requested by

Host: static.buydomains.com
URL: https://static.buydomains.com//browser/js/vendor/elqCfg.min.js?version=2023-05-23-1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.29.70.2 Toronto, Canada, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Mon, 26 Jun 2023 12:09:05 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
X-Robots-Tag: noindex, nofollow
Content-Length: 0
X-Xss-Protection: 1; mode=block
Expires: -1

GET
H/1.1

200
OK

svrGP.aspx
s1731649222.t.eloqua.com/visitor/v200/
Redirect Chain

https://s1731649222.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1731649222&ref2=elqNone&tzo=0&ms=469&optin=disabled
https://s1731649222.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1731649222&ref2=elqNone&tzo=0&ms=469&optin=disabled&elqCookie=1

49 B
448 B

119ms
119ms

Image
image/gif

192.29.70.2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1731649222.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1731649222&ref2=elqNone&tzo=0&ms=469&optin=disabled&elqCookie=1

Requested by

Protocol

HTTP/1.1

Server

192.29.70.2 Toronto, Canada, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Mon, 26 Jun 2023 12:09:06 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
X-Robots-Tag: noindex, nofollow
Content-Length: 49
X-Xss-Protection: 1; mode=block
Expires: -1

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Mon, 26 Jun 2023 12:09:06 GMT
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Location: https://s1731649222.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1731649222&ref2=elqNone&tzo=0&ms=469&optin=disabled&elqCookie=1
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
X-Robots-Tag: noindex, nofollow
Content-Length: 274
X-Xss-Protection: 1; mode=block
Expires: -1

POST
H2 200 7dd556dd8e6054bb Show response
www.buydomains.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame BDBF 0
321 B 52ms
51ms XHR
text/plain 104.18.24.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buydomains.com/cdn-cgi/challenge-platform/h/g/cv/result/7dd556dd8e6054bb
Requested by: Host: www.buydomains.com
URL: https://www.buydomains.com/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.24.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Jun 2023 12:09:06 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 7dd556e87f3154bb-YYZ
content-type: text/plain; charset=UTF-8

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/ Frame A0C3 55 KB
24 KB 67ms
24ms Stylesheet
text/css 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C&co=aHR0cHM6Ly93d3cuYnV5ZG9tYWlucy5jb206NDQz&hl=en&v=IqA9DpBOUJevxkykws9RiIBs&size=invisible&badge=inline&cb=c6ockqshi3nw

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:22:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 233216
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24605
x-xss-protection: 0
last-modified: Tue, 20 Jun 2023 18:10:42 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 22 Jun 2024 19:22:10 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/ Frame A0C3 427 KB
171 KB 65ms
22ms Script
text/javascript 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02ca49fda602d411bc21fbfa941871cd8944352e3ffb6b289b4f86eb1849a6c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 05:54:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 175191
x-xss-protection: 0
last-modified: Tue, 20 Jun 2023 18:10:42 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 05:54:35 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 68 B
307 B 79ms
34ms XHR
application/json 2606:4700::6812:1c26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c26 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.buydomains.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 7dd556e8db4d4bcb-YUL
access-control-allow-headers: Content-Type

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf
fonts.gstatic.com/s/googlesans/v14/ Frame 0499 51 KB
27 KB 20ms
20ms Font
font/ttf 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebeace42646aa327b1fa6225f70120658993d4796cc9103484a6f068d3a58a6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
Origin: https://accounts.google.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:12:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 233800
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27431
x-xss-protection: 0
last-modified: Mon, 22 Apr 2019 23:43:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Jun 2024 19:12:26 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/ 404 KB
98 KB 39ms
37ms Script
application/javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 26 Jun 2023 12:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: XJk1ZZTljtwHFT3qcIJg+w==
age: 40241
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 99599
x-ms-lease-status: unlocked
last-modified: Tue, 20 Jun 2023 16:31:22 GMT
server: cloudflare
etag: 0x8DB71ABC8D4306D
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: b174a570-101e-0164-3014-a42e13000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7dd556e91f2433ef-YUL

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/91181fd5-0816-4a3d-8427-63a8d53f717e/6cb1a7b0-5ed5-4585-b708-bbbfbee82576/ 56 KB
14 KB 56ms
46ms Fetch
application/x-javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/91181fd5-0816-4a3d-8427-63a8d53f717e/6cb1a7b0-5ed5-4585-b708-bbbfbee82576/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d8172ae627b7b089a09a2c9f999727ea3230b2494db2a600fc9bddd703d9d01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 26 Jun 2023 12:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: o8zv8EG435j1Ley/wKPHMQ==
age: 68711
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 14225
x-ms-lease-status: unlocked
last-modified: Thu, 22 Jun 2023 16:47:07 GMT
server: cloudflare
etag: 0x8DB734050BC88B1
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f0f9797d-301e-0055-5729-a53391000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7dd556e9ea8a7139-YUL
expires: Tue, 27 Jun 2023 12:09:06 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame A0C3 102 B
133 B 94ms
93ms Other
text/javascript 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=IqA9DpBOUJevxkykws9RiIBs

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7cdd1ac485682bdbec3acd13ad2f7121dc33a37c8b1b9e295dccf11cab871a0a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C&co=aHR0cHM6Ly93d3cuYnV5ZG9tYWlucy5jb206NDQz&hl=en&v=IqA9DpBOUJevxkykws9RiIBs&size=invisible&badge=inline&cb=c6ockqshi3nw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111
x-xss-protection: 1; mode=block
expires: Mon, 26 Jun 2023 12:09:06 GMT

GET
H2 200 aem.js Show response
wsmcdn.audioeye.com/ 1020 B
685 B 1112ms
31ms Script
application/javascript 2606:4700:4400::ac40:97de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsmcdn.audioeye.com/aem.js
Requested by: Host: www.buydomains.com
URL: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:97de , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e56bd6105d6e24d804d3db97049f580c26390f475a87f7535e066bdc815b2f2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

cache-tags
date: Mon, 26 Jun 2023 12:09:08 GMT
content-encoding: br
surrogate-keys
cf-cache-status: HIT
server: cloudflare
age: 2983
etag: W/"c5f5d23dbd841fb0868078e4bfbbd713"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=3600
cf-ray: 7dd556f10908ca47-YUL

GET
H2 200 hotjar-541823.js Show response
static.hotjar.com/c/ 9 KB
4 KB 997ms
16ms Script
application/javascript 108.138.106.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-541823.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NL5LTF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.106.101 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-106-101.jfk50.r.cloudfront.net

Software

Resource Hash

21bf7f2e24c222ba232199dc85f176753e5e7c4fd9c13c37f20fe2912e4a7ce9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 26 Jun 2023 12:08:36 GMT
via: 1.1 5a8a3f9dea8033ff97627e0a0c6df032.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P3
age: 52
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/09ad39ebe1b31df5494bb9cbf476e762
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: 4YXoXJQBmh_MKIAs9fUeM7drtw-S1FvAtk5VUbfXOs33ydktDr8eww==

GET
H2

200

activityi;dc_pre=CLzu173z4P8CFdMMaAgdMS8J8Q;src=6928088;type=remar0;cat=bd-al0;ord=949290731112;u=medicaloutlook.com;gtm=45He36l0;auiddc=267201668.1687781347;u2=medicaloutlook.com;u1=unknown%20valu... Show response
6928088.fls.doubleclick.net/ Frame 0B4D
Redirect Chain

https://6928088.fls.doubleclick.net/activityi;src=6928088;type=remar0;cat=bd-al0;ord=949290731112;u=medicaloutlook.com;gtm=45He36l0;auiddc=267201668.1687781347;u2=medicaloutlook.com;u1=unknown%20va...
https://6928088.fls.doubleclick.net/activityi;dc_pre=CLzu173z4P8CFdMMaAgdMS8J8Q;src=6928088;type=remar0;cat=bd-al0;ord=949290731112;u=medicaloutlook.com;gtm=45He36l0;auiddc=267201668.1687781347;u2=...

847 B
781 B

105ms
102ms

Document
text/html

142.250.80.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6928088.fls.doubleclick.net/activityi;dc_pre=CLzu173z4P8CFdMMaAgdMS8J8Q;src=6928088;type=remar0;cat=bd-al0;ord=949290731112;u=medicaloutlook.com;gtm=45He36l0;auiddc=267201668.1687781347;u2=medicaloutlook.com;u1=unknown%20value;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NL5LTF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.70 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f6.1e100.net

Software

cafe /

Resource Hash

232a9d8c1a6d7bb00b62eae76936b269d7ef61e167c71197e9d47a15940de39d

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buydomains.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 443
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Jun 2023 12:09:08 GMT
expires: Mon, 26 Jun 2023 12:09:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Jun 2023 12:09:08 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://6928088.fls.doubleclick.net/activityi;dc_pre=CLzu173z4P8CFdMMaAgdMS8J8Q;src=6928088;type=remar0;cat=bd-al0;ord=949290731112;u=medicaloutlook.com;gtm=45He36l0;auiddc=267201668.1687781347;u2=medicaloutlook.com;u1=unknown%20value;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1067119116/ 3 KB
2 KB 930ms
47ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1067119116/?random=1687781347126&cv=11&fst=1687781347126&bg=ffffff&guid=ON&async=1&gtm=45He36l0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&label=9jrJCIX4tW0QjOTr_AM&hn=www.googleadservices.com&frm=0&tiba=Buy%20Domains%20-%20medicaloutlook.com%20is%20for%20sale!&auid=267201668.1687781347&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NL5LTF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b60d5fbcf96ef594c67302506bbf52bdc9bf1acf49859cc0f546d6b409153513

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jun 2023 12:09:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1457
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 941ms
17ms Script
text/javascript 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NL5LTF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200e Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 26 Jun 2023 10:11:08 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 7080
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 26 Jun 2023 12:11:08 GMT

GET
H/1.1 200
OK vms.js Show response
vmss.boldchat.com/aid/2882483596352441248/bc.vms4/ 53 KB
18 KB 1035ms
159ms Script
text/javascript 54.69.131.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vmss.boldchat.com/aid/2882483596352441248/bc.vms4/vms.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

54.69.131.234 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

b-app19-39.boldchat.com

Software

BoldChat/8001 /

Resource Hash

135fcc5bcf0b6968cf65f32cf73618eedee0af71b5ba8fe2c9fcdf8ea02d2c7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Mon, 26 Jun 2023 12:09:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: BoldChat/8001
ETag: "4113927A177D567C16AD555F70DA7004"
Content-Type: text/javascript;charset=UTF-8
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM", policyref="http://my.boldchat.com/w3c/p3p.xml"
Origin-Agent-Cluster: ?0
Cache-Control: max-age=7200, public
Content-Length: 18147

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 884ms
20ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5959603d981ea8e11ea178de0326acf73f14351daf63233a1f2fa3e08e77b012

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 26 Jun 2023 12:09:08 GMT
content-md5: 6wtxu4a5rO2gVDD0TwYvVQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
x-fb-debug: /1jdrqLtIOQ7JVUmnhGLceM8jWfchbbhXmQBdM4zDP9HeBeUvZ0+UJqjj7B4Na3hICxPB3YY3GSdt4bUvmhy7g==
x-fb-content-md5: fdf647ee7e071dae0ac888de8d6959c5
cross-origin-opener-policy: same-origin-allow-popups
etag: "0debc1e52397dfb99fb4a1968a29ab2d"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Mon, 26 Jun 2023 12:26:41 GMT

GET
H2 200 A136666-2811-40ba-bff2-3df3af8bc2ae1.js Show response
d.impactradius-event.com/ 41 KB
13 KB 879ms
15ms Script
text/javascript 35.186.249.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.impactradius-event.com/A136666-2811-40ba-bff2-3df3af8bc2ae1.js
Requested by: Host: www.buydomains.com
URL: https://www.buydomains.com/lander/medicaloutlook.com?domain=medicaloutlook.com&utm_source=medicaloutlook.com&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.249.72 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 72.249.186.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: c035de76f84521dbfb78a61451904557fe2a6568fcef629bedae385b6ce8721f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:06:17 GMT
content-encoding: gzip
age: 171
x-guploader-uploadid: ADPycdunKpP7nx0I2Kzkk7JXcMhmVftoVWwpp_cvYMI_9ncNom6aMr8pRnj73HVaS1R5BWyexMBDHMbmkJHuIQULl3loJ8QtgfJ4
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12937
last-modified: Fri, 13 Nov 2020 01:29:36 GMT
server: UploadServer
etag: "70d805c0bca1f18e3fb563eb3d8c9698"
vary: Accept-Encoding
x-goog-generation: 1605230976910409
x-goog-hash: crc32c=/9ihYg==, md5=cNgFwLyh8Y4/tWPrPYyWmA==
access-control-allow-origin: *
content-type: text/javascript; charset=utf-8
cache-control: public,max-age=900,s-maxage=300
x-goog-stored-content-length: 12937
accept-ranges: bytes
expires: Mon, 26 Jun 2023 12:11:17 GMT

GET
H2 200 entry.js Show response
se.monetate.net/js/2/a-685a7abb/d/www.qa.buydomains.com/ 6 KB
3 KB 932ms
20ms Script
application/x-javascript 104.127.70.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://se.monetate.net/js/2/a-685a7abb/d/www.qa.buydomains.com/entry.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NL5LTF
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.127.70.187 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-127-70-187.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c533a4db9ad574ddba9c00f06c85a66860dabc8338ce7aa4f88c39e40a50f07f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:08 GMT
content-encoding: gzip
last-modified: Mon, 26 Jun 2023 06:17:46 GMT
server: AkamaiNetStorage
etag: "b2d857ccb83c4f2b87cb52611c0a87e2:1687760266.232839"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 2894

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 13 KB
3 KB 26ms
25ms Fetch
application/json 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 26 Jun 2023 12:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 5mNZducabMgxSDzBo+ZI8w==
age: 68712
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3017
x-ms-lease-status: unlocked
last-modified: Tue, 20 Jun 2023 16:31:16 GMT
server: cloudflare
etag: 0x8DB71ABC4FD722C
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 051c3cd6-701e-0174-7629-a518f5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7dd556ebbd227139-YUL

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 21 KB
4 KB 23ms
23ms Fetch
text/css 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 26 Jun 2023 12:09:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: oWkBTLgDDXvrUsd93y/Zxg==
age: 68712
x-ms-lease-status: unlocked
last-modified: Tue, 20 Jun 2023 16:31:28 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: e75c31d0-f01e-0061-4f29-a59c39000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7dd556ebbd247139-YUL

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame F08F 7 KB
1 KB 61ms
47ms Document
text/html 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=IqA9DpBOUJevxkykws9RiIBs&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c79eb065dc1375f63c50f5f6500f612555af06ae3025565001ec4edbb56cc070

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Y7LLQqA_DR4cgZIl8tBUQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.buydomains.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1158
content-security-policy: script-src 'report-sample' 'nonce-Y7LLQqA_DR4cgZIl8tBUQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 26 Jun 2023 12:09:08 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
623 B 62ms
28ms Image
image/svg+xml 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 26 Jun 2023 12:09:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 61172
x-ms-lease-status: unlocked
last-modified: Fri, 23 Jun 2023 04:43:01 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 1a840afd-301e-0038-24a0-a599bf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7dd556f15ccb33ef-YUL

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 301 KB
85 KB 62ms
21ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=17f15caa6d7de125284a0bbfa5e6e91b

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e70f775695906d288c22f488b745a621b8c59e1c48235b193cfe5a6af4caa78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.buydomains.com/
Origin: https://www.buydomains.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 26 Jun 2023 12:09:08 GMT
content-md5: RN6bz+vI9qZN2lallAtEXg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87250
x-fb-debug: rPeChBFSru+fixsfRABuNsE8tPRgVrvAfoPK0jeWwNIZvr4EGtGqh8Jk3FBC1CiKuk5ySwHlhl+/6UjyDv1kFA==
x-fb-content-md5: 1750c47bcbab5dd295d1c943dfb80dfc
cross-origin-opener-policy: same-origin-allow-popups
etag: "f7328e8c85f9adad9d230213d84e12c3"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Tue, 25 Jun 2024 09:59:43 GMT

GET
H2 200 bootstrap.js Show response
wsv3cdn.audioeye.com/ 56 KB
20 KB 96ms
25ms Script
application/javascript 2606:4700:4400::6812:2422
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=14c6de8f682ef4a27da4f9a05784a723
Requested by: Host: wsmcdn.audioeye.com
URL: https://wsmcdn.audioeye.com/aem.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2422 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69bd95702c39d5dd144d4cd0318203112b847646a1829846d16098f6e0ef90b5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

cache-tags: 14c6de8f682ef4a27da4f9a05784a723
date: Mon, 26 Jun 2023 12:09:08 GMT
content-encoding: br
surrogate-keys: 14c6de8f682ef4a27da4f9a05784a723
cf-cache-status: HIT
server: cloudflare
age: 28
etag: W/"916fc49a9fc80b8cefdccf6d7f7ba803"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=120
cf-ray: 7dd556f1c88c713f-YUL

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/ Frame F08F 55 KB
24 KB 37ms
34ms Stylesheet
text/css 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=IqA9DpBOUJevxkykws9RiIBs&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:22:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 233218
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24605
x-xss-protection: 0
last-modified: Tue, 20 Jun 2023 18:10:42 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 22 Jun 2024 19:22:10 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/ Frame F08F 427 KB
171 KB 38ms
36ms Script
text/javascript 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=IqA9DpBOUJevxkykws9RiIBs&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02ca49fda602d411bc21fbfa941871cd8944352e3ffb6b289b4f86eb1849a6c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 05:54:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22473
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 175191
x-xss-protection: 0
last-modified: Tue, 20 Jun 2023 18:10:42 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 05:54:35 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/1067119116/ 42 B
64 B 39ms
38ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1067119116/?random=1687781347126&cv=11&fst=1687780800000&bg=ffffff&guid=ON&async=1&gtm=45He36l0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&label=9jrJCIX4tW0QjOTr_AM&frm=0&tiba=Buy%20Domains%20-%20medicaloutlook.com%20is%20for%20sale!&fmt=3&is_vtc=1&random=2097767365&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jun 2023 12:09:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/1067119116/ 42 B
455 B 95ms
38ms Image
image/gif 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/1067119116/?random=1687781347126&cv=11&fst=1687780800000&bg=ffffff&guid=ON&async=1&gtm=45He36l0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&label=9jrJCIX4tW0QjOTr_AM&frm=0&tiba=Buy%20Domains%20-%20medicaloutlook.com%20is%20for%20sale!&fmt=3&is_vtc=1&random=2097767365&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jun 2023 12:09:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.710fa773759992ae5199.js Show response
script.hotjar.com/ 270 KB
69 KB 91ms
21ms Script
application/javascript 18.164.96.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.710fa773759992ae5199.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-541823.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.96.87 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-96-87.jfk50.r.cloudfront.net

Software

Resource Hash

8e4eb2fbe2428b73be6461073a48b2059abde0936219b8c1b2cc4b7dfbd85d83

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 13:19:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 e80aeefdda01afc3c41fc332ff42e7ac.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P5
age: 255001
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 70212
last-modified: Fri, 23 Jun 2023 13:18:24 GMT
etag: "c0d8da1fc28983e2914d2514d6175f9a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 1mppsMmGvKAbT3cTVlonFrZ0JTfEDJtmIC4TozEdlHLQUfLSsBLkdg==

GET
H2 200 custom.js Show response
se.monetate.net/js/3/a-685a7abb/d/www.qa.buydomains.com/t1545228048/de7807eecd6e9dc1/ 120 KB
42 KB 59ms
50ms Script
application/x-javascript 104.127.70.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://se.monetate.net/js/3/a-685a7abb/d/www.qa.buydomains.com/t1545228048/de7807eecd6e9dc1/custom.js
Requested by: Host: se.monetate.net
URL: https://se.monetate.net/js/2/a-685a7abb/d/www.qa.buydomains.com/entry.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.127.70.187 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-127-70-187.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: d96349bcf2de9afb630c6e8c9ab7e28658336d3c339206c13d164de98c965f87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:08 GMT
content-encoding: gzip
last-modified: Mon, 26 Jun 2023 06:17:45 GMT
server: AkamaiNetStorage
etag: "623e6116fd719aa957f69951883579da:1687760265.554493"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=315360000
accept-ranges: bytes
timing-allow-origin: *

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
210 B 35ms
34ms XHR
text/plain 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=202535953&t=pageview&_s=1&dl=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dnull%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&ul=en-us&de=UTF-8&dt=Buy%20Domains%20-%20medicaloutlook.com%20is%20for%20sale!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEABAAAAACgAI~&jid=284110113&gjid=119572219&cid=342729429.1687781348&tid=UA-47761645-6&_gid=269856604.1687781348&_slc=1&gtm=45He36l0n71NL5LTF&cd1=&cd2=&cd4=n%2Fa&z=765531791

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200e Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.buydomains.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 26 Jun 2023 12:09:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.buydomains.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
351 B 94ms
33ms XHR
text/plain 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-47761645-6&cid=342729429.1687781348&jid=284110113&gjid=119572219&_gid=269856604.1687781348&_u=YGBAgEABAAAAAGgAI~&z=1523719578

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.buydomains.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 26 Jun 2023 12:09:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.buydomains.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 15 B
35 B 33ms
33ms XHR
text/plain 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=202535953&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dnull%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&ul=en-us&de=UTF-8&dt=Buy%20Domains%20-%20medicaloutlook.com%20is%20for%20sale!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=onetrust&ea=preferences&el=%2CC0001%2CC0002%2CC0003%2CC0004%2C&_u=YGDAAEABAAAAAGgAI~&jid=1244739362&gjid=439844260&cid=342729429.1687781348&tid=UA-69116836-15&_gid=269856604.1687781348&_r=1&_slc=1&gtm=45He36l0n71NL5LTF&cd19=GTM-NL5LTF&z=214842894

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

92ac0e7229bf5f08ff074e505a0b80d13fb66999490abeddf84f4b5818fcaeae

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.buydomains.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 26 Jun 2023 12:09:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.buydomains.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 33ms
32ms XHR
text/plain 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=202535953&t=pageview&_s=1&dl=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dnull%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&dp=%2Ftdfs-begin%2F&ul=en-us&de=UTF-8&dt=medicaloutlook.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAAEABAAAAAGgCI~&jid=1238186432&gjid=1209082503&cid=342729429.1687781348&tid=UA-47761645-6&_gid=269856604.1687781348&_r=1&gtm=45He36l0n71NL5LTF&z=515961645

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.buydomains.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 26 Jun 2023 12:09:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.buydomains.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0B4D
Redirect Chain

https://insight.adsrvr.org/track/evnt/?adv=b7xg2v6&ct=0:92joh6v&fmt=3
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=f0900cf9-2957-48bb-9f51-143a3b8c1075
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3Df0900cf9-2957-48bb-9f51-143a3b8c1075
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=5366169314952485015&ttd_tdid=f0900cf9-2957-48bb-9f51-143a3b8c1075
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=f0900cf9-2957-48bb-9f51-143a3b8c1075&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
https://ups.analytics.yahoo.com/ups/55953/sync?uid=f0900cf9-2957-48bb-9f51-143a3b8c1075&_origin=1&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/55953/sync?uid=f0900cf9-2957-48bb-9f51-143a3b8c1075&_origin=1&redir=true&gdpr=0&gdpr_consent=&verify=true
https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia&yahoo_id=y-bn6HgMlE2uJswC1moJglfJlf0vciBiU-~A&gdpr=0
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=ZjA5MDBjZjktMjk1Ny00OGJiLTlmNTEtMTQzYTNiOGMxMDc1&gdpr=0&gdpr_consent=&ttd_tdid=f0900cf9-2957-48bb-9f51-143a3...
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=f0900cf9-2957-48bb-9f51-143a3b8c1075&google_gid=CAESEHoWJka8avxZTVyWv7RT5jE&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=f0900cf9-2957-48bb-9f51-143a3b8c1075&expiration=1690373349&gdpr=0&gdpr_consent=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=f0900cf9-2957-48bb-9f51-143a3b8c1075&expiration=1690373349&gdpr=0&gdpr_consent=&C=1

43 B
766 B

19ms
18ms

Image
image/gif

192.40.39.223
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=f0900cf9-2957-48bb-9f51-143a3b8c1075&expiration=1690373349&gdpr=0&gdpr_consent=&C=1
Requested by: Host: 6928088.fls.doubleclick.net
URL: https://6928088.fls.doubleclick.net/activityi;dc_pre=CLzu173z4P8CFdMMaAgdMS8J8Q;src=6928088;type=remar0;cat=bd-al0;ord=949290731112;u=medicaloutlook.com;gtm=45He36l0;auiddc=267201668.1687781347;u2=medicaloutlook.com;u1=unknown%20value;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect?
Protocol: HTTP/1.1
Server: 192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6928088.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jun 2023 12:09:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 26 Jun 2023 12:09:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=39&external_user_id=f0900cf9-2957-48bb-9f51-143a3b8c1075&expiration=1690373349&gdpr=0&gdpr_consent=&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H2 200 dc_pre=CLzu173z4P8CFdMMaAgdMS8J8Q;src=6928088;type=remar0;cat=bd-al0;ord=949290731112;u=medicaloutlook.com;gtm=45He36l0;auiddc=*;u2=medicaloutlook.com;u1=unknown%20value;uaa=;uab=;uafvl=;uam=;uamb=...
adservice.google.com/ddm/fls/z/ Frame 0B4D 42 B
401 B 96ms
45ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLzu173z4P8CFdMMaAgdMS8J8Q;src=6928088;type=remar0;cat=bd-al0;ord=949290731112;u=medicaloutlook.com;gtm=45He36l0;auiddc=*;u2=medicaloutlook.com;u1=unknown%20value;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect

Requested by

Host: 6928088.fls.doubleclick.net
URL: https://6928088.fls.doubleclick.net/activityi;dc_pre=CLzu173z4P8CFdMMaAgdMS8J8Q;src=6928088;type=remar0;cat=bd-al0;ord=949290731112;u=medicaloutlook.com;gtm=45He36l0;auiddc=267201668.1687781347;u2=medicaloutlook.com;u1=unknown%20value;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6928088.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jun 2023 12:09:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 219 KB
78 KB 43ms
42ms Script
application/javascript 2607:f8b0:4006:820::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6V2QTXC8DJ&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2008 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b3cbe39943fa8bca9dbe8209640b3430c121f2d45878b729907fafe3d1e2a3f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79943
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 26 Jun 2023 12:09:08 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 33ms
32ms XHR
text/plain 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-47761645-6&cid=342729429.1687781348&jid=1238186432&gjid=1209082503&_gid=269856604.1687781348&_u=YGDAAEABAAAAAGgCI~&z=2065630965

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.buydomains.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 26 Jun 2023 12:09:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.buydomains.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 43ms
42ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-47761645-6&cid=342729429.1687781348&jid=284110113&_u=YGBAgEABAAAAAGgAI~&z=32244408

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jun 2023 12:09:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
107 B 40ms
39ms Image
image/gif 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-47761645-6&cid=342729429.1687781348&jid=284110113&_u=YGBAgEABAAAAAGgAI~&z=32244408

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jun 2023 12:09:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 loader.js Show response
wsv3cdn.audioeye.com/v2/scripts/ 67 KB
16 KB 56ms
31ms Script
text/javascript 2606:4700:4400::6812:2422
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=14c6de8f682ef4a27da4f9a05784a723&lang=en&cb=97ebc17
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=14c6de8f682ef4a27da4f9a05784a723
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2422 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 718d6486bc5d9477edeac234364e92e880b2cea182e79379aa7dc010390e5402

Request headers

Referer: https://www.buydomains.com/
Origin: https://www.buydomains.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:08 GMT
content-encoding: br
surrogate-key: prod 14c6de8f682ef4a27da4f9a05784a723 97ebc17
last-modified: Mon, 26 Jun 2023 11:29:25 GMT
server: cloudflare
cf-cache-status: HIT
age: 1890
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60, s-maxage=7200, max-stale=86400, stale-while-revalidate=86400, public
cf-ray: 7dd556f2eacc4bbf-YUL

GET
H2 200 jquery.bundle.97ebc17.js Show response
wsv3cdn.audioeye.com/v2/build/ 95 KB
34 KB 23ms
23ms Script
application/javascript 2606:4700:4400::6812:2422
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/build/jquery.bundle.97ebc17.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=14c6de8f682ef4a27da4f9a05784a723
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2422 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2a5d8b29d51cad373a66ebfc10b8735fc046cdb7c6d65b8f3e20f13b6b23694

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:08 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Jun 2023 20:37:49 GMT
server: cloudflare
age: 6730
etag: W/"64935f9d-17d89"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7dd556f2c9f8713f-YUL
expires: Tue, 25 Jun 2024 12:09:08 GMT

GET
H2 200 startup.bundle.97ebc17.js Show response
wsv3cdn.audioeye.com/v2/build/ 428 KB
115 KB 29ms
29ms Script
application/javascript 2606:4700:4400::6812:2422
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.97ebc17.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=14c6de8f682ef4a27da4f9a05784a723
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2422 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a76931128044a1db3c976545bc3ea501f2f2b22e68dc50424daf971c05aafda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:08 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 22 Jun 2023 15:33:22 GMT
server: cloudflare
age: 6754
etag: W/"649469c2-6aefc"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7dd556f2c9fa713f-YUL
expires: Tue, 25 Jun 2024 12:09:08 GMT

GET
H/1.1 200
OK setup Show response
vms.boldchat.com/aid/2882483596352441248/api/v1/extendedvisitorinfo/ 24 B
260 B 272ms
87ms XHR
application/json 35.82.9.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vms.boldchat.com/aid/2882483596352441248/api/v1/extendedvisitorinfo/setup

Requested by

Host: vmss.boldchat.com
URL: https://vmss.boldchat.com/aid/2882483596352441248/bc.vms4/vms.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

35.82.9.197 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

b-app19-34.boldchat.com

Software

BoldChat/8001 /

Resource Hash

ab23e5ef2389cf1539e1ad4dc3ff1cbd09a452482157ee899fd27f83239d9360

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Origin-Agent-Cluster: ?0
Date: Mon, 26 Jun 2023 12:09:08 GMT
X-Content-Type-Options: nosniff
Server: BoldChat/8001
Content-Length: 24
Content-Type: application/json;charset=UTF-8

GET
H2 200 visitor-token Show response
visitor-services.boldchat.com/visitor-token-service/ 38 B
374 B 273ms
81ms XHR
application/json 44.233.34.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor-services.boldchat.com/visitor-token-service/visitor-token
Requested by: Host: vmss.boldchat.com
URL: https://vmss.boldchat.com/aid/2882483596352441248/bc.vms4/vms.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.233.34.14 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-233-34-14.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 0d59bfc19f1e67f631e23a70f6019dab2a4f5dd8379097827fd2e76dfd1e4ac3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-response-time: 0.139167ms
date: Mon, 26 Jun 2023 12:09:08 GMT
x-correlation-id: ef24ef4a-02b0-4819-bdd5-396cd6666f6f
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.buydomains.com
access-control-allow-credentials: true
content-length: 38

GET
H/1.1 200
OK 1466023337-0 Show response
d.monetate.net/trk/4/s/a-685a7abb/d/www.qa.buydomains.com/ 31 B
366 B 137ms
31ms Script
application/x-javascript 54.161.222.185
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://d.monetate.net/trk/4/s/a-685a7abb/d/www.qa.buydomains.com/1466023337-0?mr=t1545228048&mi=%272.1441232579.1687781348288%27&mt=!n&cs=!f&e=!(viewPage,gt)&pt=unknown&r=%27%27&sw=1600&sh=1200&sc=24&j=!f&u=%27https://www.buydomains.com/lander/medicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect%27&fl=!f&hvc=!t&eoq=!t
Requested by: Host: se.monetate.net
URL: https://se.monetate.net/js/3/a-685a7abb/d/www.qa.buydomains.com/t1545228048/de7807eecd6e9dc1/custom.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.161.222.185 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-161-222-185.compute-1.amazonaws.com
Software: Monetate /
Resource Hash: 06bb29007ac9c51f6f1bd20c5e13a1c26497955c54ad309887cc710bb7b76a44

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Mon, 26 Jun 2023 12:09:08 GMT
Content-Encoding: gzip
Server: Monetate
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-cache
Server-Timing: total;dur=1.9
Timing-Allow-Origin: *
Content-Length: 51
Expires: Sun, 26 Jun 2022 12:09:08 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame F08F 41 KB
25 KB 178ms
178ms XHR
application/json 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

25fbe47fd20161dc9b02200ea76a063f6f67380ee23590f2f21cc8d02171b420

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=IqA9DpBOUJevxkykws9RiIBs&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Mon, 26 Jun 2023 12:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25213
x-xss-protection: 1; mode=block
expires: Mon, 26 Jun 2023 12:09:08 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 40ms
40ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-47761645-6&cid=342729429.1687781348&jid=1238186432&_u=YGDAAEABAAAAAGgCI~&z=407430742

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jun 2023 12:09:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 41ms
41ms Image
image/gif 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-47761645-6&cid=342729429.1687781348&jid=1238186432&_u=YGDAAEABAAAAAGgCI~&z=407430742

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jun 2023 12:09:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 33ms
33ms Ping
text/plain 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-6V2QTXC8DJ&gtm=45je36l0&_p=202535953&ul=en-us&sr=1600x1200&cid=342729429.1687781348&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABA&ngs=1&_s=1&dl=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dnull%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&dt=Buy%20Domains%20-%20medicaloutlook.com%20is%20for%20sale!&sid=1687781348&sct=1&seg=0&en=preferences&_fv=1&_ss=1&_ee=1&ep.ua_dimension_19=GTM-NL5LTF&ep.event_category=onetrust&ep.event_label=%2CC0001%2CC0002%2CC0003%2CC0004%2C
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6V2QTXC8DJ&cx=c&_slc=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:816::200e Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jun 2023 12:09:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.buydomains.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 smartrems.bundle.97ebc17.js Show response
wsv3cdn.audioeye.com/v2/build/ 135 KB
39 KB 25ms
23ms Script
application/javascript 2606:4700:4400::6812:2422
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/build/smartrems.bundle.97ebc17.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.97ebc17.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2422 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93fa2f916588b37414e9ff25749b143f9920279ab5f70911d667367193e9076f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:08 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Jun 2023 20:37:49 GMT
server: cloudflare
age: 6754
etag: W/"64935f9d-21d59"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7dd556f3fb70713f-YUL
expires: Tue, 25 Jun 2024 12:09:08 GMT

GET
H3 200 refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame F08F 600 B
624 B 35ms
34ms Image
image/png 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/refresh_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 14:20:22 GMT
x-content-type-options: nosniff
age: 164926
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 600
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Sat, 01 Jul 2023 14:20:22 GMT

GET
H3 200 audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame F08F 530 B
554 B 37ms
36ms Image
image/png 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/audio_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:03:04 GMT
x-content-type-options: nosniff
age: 155164
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 530
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Sat, 01 Jul 2023 17:03:04 GMT

GET
H3 200 info_2x.png
www.gstatic.com/recaptcha/api2/ Frame F08F 665 B
689 B 35ms
34ms Image
image/png 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/info_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 14:11:26 GMT
x-content-type-options: nosniff
age: 165462
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 665
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Sat, 01 Jul 2023 14:11:26 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F08F 15 KB
15 KB 21ms
20ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 10:06:54 GMT
x-content-type-options: nosniff
age: 180134
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jun 2024 10:06:54 GMT

GET
H3 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F08F 15 KB
15 KB 38ms
36ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 21:41:21 GMT
x-content-type-options: nosniff
age: 138467
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15340
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jun 2024 21:41:21 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F08F 15 KB
15 KB 22ms
20ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 10:07:50 GMT
x-content-type-options: nosniff
age: 180078
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jun 2024 10:07:50 GMT

GET
H3 200 payload
www.google.com/recaptcha/api2/ Frame F08F 29 KB
29 KB 45ms
44ms Image
image/jpeg 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/recaptcha/api2/payload?p=06AL8dmw8VowmidTbElrpWuCOnciEc0xIqRmu6vhoHkPBl6mTHnkS3INrvwnwR4ja4IEWrv23Mb1mxPqw0tUa3yNz0q7c_60Xx0xQ0qPSeLBgr0NkXKjaU-X3euFA4bN3uf2cKlrF1jwgXJYq2AnkkfcQwsFIGG70xElimG_SktBerbCXNXqjD44ewFjRsz6UCwi3DwTvZ4e4KJkGbeiQ5IlPb9DNXczdFsw&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0899a75215869e4015ead31695e689ed78d61a52a49a75f1a319f7d4912c18b9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=IqA9DpBOUJevxkykws9RiIBs&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:08 GMT
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private, max-age=30
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29615
x-xss-protection: 1; mode=block
expires: Mon, 26 Jun 2023 12:09:08 GMT

GET
H/1.1 200
OK bc.pv Show response
vms.boldchat.com/aid/2882483596352441248/ 898 B
2 KB 271ms
91ms Script
text/javascript 35.82.9.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vms.boldchat.com/aid/2882483596352441248/bc.pv?script=true&securevm=true&&blur=false&vm=true&poll=65000&swidth=1600&sheight=1200&sdpi=96&url=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&wdid=2943214817915460751&idid=815288250086333991&1687781348576&tabIdentifier=943988847119252506&clientScheme=https&visitorTrackingAllowed=true&visitorToken=7079068061198794752&_bcvm_vrid_=true&_bcvm_vid_combined=1687781348577Sundefined&_bcvm_vrid_combined=1687781348577Sundefined&&hasbutton=false

Requested by

Host: vmss.boldchat.com
URL: https://vmss.boldchat.com/aid/2882483596352441248/bc.vms4/vms.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

35.82.9.197 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

b-app19-34.boldchat.com

Software

BoldChat/8001 /

Resource Hash

b65667df550861905e2787273fcacf0433aff89b9a3988b491cec89c6949af69

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Mon, 26 Jun 2023 12:09:08 GMT
X-Content-Type-Options: nosniff
Server: BoldChat/8001
X-Boldcenter-PageViewID: 2857208615437609060
Content-Type: text/javascript;charset=UTF-8
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM", policyref="http://my.boldchat.com/w3c/p3p.xml"
Origin-Agent-Cluster: ?0
X-Boldcenter-VisitID: 2857208615577166924
Content-Length: 898

GET
H2 200 cookieStorage.html Show response
wsv3cdn.audioeye.com/v2/frame/ Frame BE9A 813 B
590 B 22ms
17ms Document
text/html 2606:4700:4400::6812:2422
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/frame/cookieStorage.html?build=prod/m&pscb=&cb=97ebc17
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.97ebc17.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2422 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d79401585d50c8e625f6abd3c443cdd31f1ec73cc7f7f570d3330dc706f433f7

Request headers

Referer: https://www.buydomains.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 503651
cache-control: public, max-age=365000000, immutable
cf-cache-status: HIT
cf-ray: 7dd556f4bc5c713f-YUL
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 26 Jun 2023 12:09:08 GMT
last-modified: Tue, 20 Jun 2023 16:14:55 GMT
server: cloudflare
vary: Accept-Encoding

POST
H2 200 send
analytics.audioeye.com/air/v0/ 0
61 B 289ms
94ms Ping
text/plain 52.41.226.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.audioeye.com/air/v0/send
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.97ebc17.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.226.252 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-226-252.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.buydomains.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 26 Jun 2023 12:09:08 GMT
content-length: 0

GET
H2 200 3772.bundle.97ebc17.js Show response
wsv3cdn.audioeye.com/v2/build/ 480 B
355 B 20ms
19ms Script
application/javascript 2606:4700:4400::6812:2422
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/build/3772.bundle.97ebc17.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.97ebc17.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2422 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6db9473433810ec1cb3117726b26aab3d002201382e526a11c5ef6b16aa514f1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:08 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Jun 2023 20:37:48 GMT
server: cloudflare
age: 6754
etag: W/"64935f9c-1e0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7dd556f4bc64713f-YUL
expires: Tue, 25 Jun 2024 12:09:08 GMT

GET
H2 200 5121.bundle.97ebc17.js Show response
wsv3cdn.audioeye.com/v2/build/ 382 B
307 B 20ms
19ms Script
application/javascript 2606:4700:4400::6812:2422
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/build/5121.bundle.97ebc17.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.97ebc17.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2422 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 903cf6b79d15c1159628f9edf09b933327c9a54efb41023641c09db4696ded7e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:08 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Jun 2023 20:37:48 GMT
server: cloudflare
age: 6754
etag: W/"64935f9c-17e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7dd556f4bc65713f-YUL
expires: Tue, 25 Jun 2024 12:09:08 GMT

GET
H2 200 874.bundle.97ebc17.js Show response
wsv3cdn.audioeye.com/v2/build/ 193 B
225 B 18ms
18ms Script
application/javascript 2606:4700:4400::6812:2422
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/build/874.bundle.97ebc17.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.97ebc17.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2422 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20f86b062157fbf2af91b2a5013cb09570b608b2993b430e2b41ae0c34ed4d75

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:08 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 22 Jun 2023 15:33:22 GMT
server: cloudflare
age: 6749
etag: W/"649469c2-c1"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7dd556f4bc66713f-YUL
expires: Tue, 25 Jun 2024 12:09:08 GMT

GET
H2 200 launcher.bundle.97ebc17.js Show response
wsv3cdn.audioeye.com/v2/build/ 80 KB
20 KB 21ms
21ms Script
application/javascript 2606:4700:4400::6812:2422
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/build/launcher.bundle.97ebc17.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.97ebc17.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2422 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c8801b75dd6534ac6cca2c73e8a7b286703de56b9f71abc6514f6ea8665351d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Jun 2023 20:37:49 GMT
server: cloudflare
age: 6721
etag: W/"64935f9d-13e92"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7dd557076b38713f-YUL
expires: Tue, 25 Jun 2024 12:09:11 GMT

GET
H2 200 compliance.bundle.97ebc17.js Show response
wsv3cdn.audioeye.com/v2/build/ 151 KB
44 KB 22ms
22ms Script
application/javascript 2606:4700:4400::6812:2422
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/build/compliance.bundle.97ebc17.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.97ebc17.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2422 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a3a04b61dd5194eaddabeb3fc3ee2cb93d53def2ad2ebb11ede81b5a50e04a3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 22 Jun 2023 15:33:22 GMT
server: cloudflare
age: 6722
etag: W/"649469c2-25c42"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7dd557077b3a713f-YUL
expires: Tue, 25 Jun 2024 12:09:11 GMT

GET
H2 200 6365.bundle.97ebc17.js Show response
wsv3cdn.audioeye.com/v2/build/ 1 KB
485 B 40ms
39ms Script
application/javascript 2606:4700:4400::6812:2422
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/build/6365.bundle.97ebc17.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.97ebc17.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2422 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e68086b07bd9a58d95d52ea6e81b61913d54ed3c0985d4864d686d2ca4b25b2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.buydomains.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 12:09:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 22 Jun 2023 15:33:22 GMT
server: cloudflare
age: 6630
etag: W/"649469c2-42e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7dd55707ebcd713f-YUL
expires: Tue, 25 Jun 2024 12:09:11 GMT

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
font/truetype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35

Request headers

Referer
Origin: https://www.buydomains.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: font/truetype

GET
H3 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v22/ 14 KB
14 KB 21ms
20ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07c94892c3e0ac93d2bcb3a9cb88aa67ea47b3d1aa89bc39dfcc2b025dcd8988

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buydomains.com/
Origin: https://www.buydomains.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 01:23:35 GMT
x-content-type-options: nosniff
age: 470736
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13976
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:14:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Jun 2024 01:23:35 GMT

Verdicts & Comments Add Verdict or Comment

122 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

54 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 17:08:53	Name: _GRECAPTCHA Value: 09AKimY9kCIU9CKv4RRO5IrLs2A2K0S6v6kVq30EQn31hAkgloYlqv2BOeOaW0TRf8Xs6dbtqDNsU9AhL-lDCYBes
www.buydomains.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: u910mljjl1abaihegmf7405476
.buydomains.com/	1969-12-31 23:59:59	Name: USER_COUNTRY Value: %22Canada%22
.buydomains.com/	1969-12-31 23:59:59	Name: USER_COUNTRY_CODE_DEFAULT Value: %22CA%22
.buydomains.com/	1969-12-31 23:59:59	Name: TOLLFREE_PHONE Value: %22%28855%29+687-0658%22
.buydomains.com/	1969-12-31 23:59:59	Name: WW_PHONE Value: %22%28781%29+373-6820%22
.buydomains.com/	1969-12-31 23:59:59	Name: utm_source Value: %22medicaloutlook.com%22
.buydomains.com/	1969-12-31 23:59:59	Name: utm_campaign Value: %22tdfs-AprTest%22
.buydomains.com/	1969-12-31 23:59:59	Name: traffic_id Value: %22AprTest%22
.buydomains.com/	1969-12-31 23:59:59	Name: traffic_type Value: %22tdfs%22
.buydomains.com/	1969-12-31 23:59:59	Name: trackingParams Value: %7B%22utm_source%22%3A%22medicaloutlook.com%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D
.buydomains.com/	1969-12-31 23:59:59	Name: visitor Value: 64997fe12384b
.buydomains.com/	1969-12-31 23:59:59	Name: visitorType Value: new
.buydomains.com/	1970-01-20 15:13:41	Name: tracking_params_allowed Value: true
.eloqua.com/	1970-01-20 22:19:55	Name: ELOQUA Value: GUID=3E4C3BE8E0BF47878C6CF5136ED79C55
.eloqua.com/	1970-01-20 22:19:55	Name: ELQSTATUS Value: OK
.buydomains.com/	1970-01-20 12:49:43	Name: __cf_bm Value: 7m6GnsAGIOVFABAqMuIfIOMQ8fpVmPQve0CPEyN9VRg-1687781346-0-Aap1zlHBSpjcvhZ5TlwKWHA6DUuhpH47TMF8vemaqSqphXEWDQhbAHsPKTYHAjUGNTXLxdRqTN8J/h7gLqcOfTP+YtM5cRnY0bYtsiWlTpH4
.buydomains.com/	1969-12-31 23:59:59	Name: utm_medium Value: %22direct-visit%22
.buydomains.com/	1970-01-20 14:59:17	Name: _gcl_au Value: 1.1.267201668.1687781347
.buydomains.com/	1970-01-20 21:35:17	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Jun+26+2023+12%3A09%3A08+GMT%2B0000+(GMT)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=5e3d9c69-dd10-44e2-bb5b-7929759eb23a&interactionCount=0&landingPath=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fmedicaloutlook.com%3Fdomain%3Dmedicaloutlook.com%26utm_source%3Dmedicaloutlook.com%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.buydomains.com/	1970-01-20 22:25:41	Name: _ga Value: GA1.2.342729429.1687781348
.buydomains.com/	1970-01-20 12:51:07	Name: _gid Value: GA1.2.269856604.1687781348
.buydomains.com/	1970-01-20 12:49:41	Name: _dc_gtm_UA-47761645-6 Value: 1
.doubleclick.net/	1970-01-20 22:25:41	Name: IDE Value: AHWqTUnW6xki91mkF2rPboicN_-MZlWOxhc6SfV7yx9YpJKSNKda2xD2ao6GwFZGbOE
.buydomains.com/	1970-01-20 12:49:41	Name: _gat_UA-69116836-15 Value: 1
.buydomains.com/	1970-01-20 12:49:41	Name: _gat_UA-47761645-6 Value: 1
.adsrvr.org/	1970-01-20 21:36:43	Name: TDID Value: f0900cf9-2957-48bb-9f51-143a3b8c1075
.buydomains.com/	1970-01-20 21:35:17	Name: _hjSessionUser_541823 Value: eyJpZCI6ImE2NmI3MjFiLWRiYTctNTQ5Mi04NTJmLWUzN2E5OTAxZGVkMiIsImNyZWF0ZWQiOjE2ODc3ODEzNDgzMjAsImV4aXN0aW5nIjpmYWxzZX0=
.buydomains.com/	1970-01-20 12:49:43	Name: _hjFirstSeen Value: 1
.buydomains.com/	1970-01-20 12:49:41	Name: _hjIncludedInSessionSample_541823 Value: 1
.buydomains.com/	1970-01-20 12:49:43	Name: _hjSession_541823 Value: eyJpZCI6ImZjZjJjZjkzLTgwZjQtNGRlOS04ZjVhLWExMmM4N2U4MTEwMSIsImNyZWF0ZWQiOjE2ODc3ODEzNDgzMzcsImluU2FtcGxlIjp0cnVlfQ==
.buydomains.com/	1970-01-20 12:49:43	Name: _hjAbsoluteSessionInProgress Value: 0
.buydomains.com/	1970-01-20 22:25:41	Name: _ga_6V2QTXC8DJ Value: GS1.2.1687781348.1.0.1687781348.0.0.0
.adnxs.com/	1970-01-20 14:59:17	Name: uuid2 Value: 5366169314952485015
.boldchat.com/	1970-01-20 22:25:41	Name: bc.visitor_token Value: 7079068061198794752
www.buydomains.com/	1970-01-20 21:35:17	Name: _aeaid Value: f5cb41fb-728c-4cb5-b197-6cca0667b100
.rubiconproject.com/	1970-01-20 21:35:17	Name: khaos Value: LJCTFRBM-G-75DH
.rubiconproject.com/	1970-01-20 21:35:17	Name: audit Value: 1\|Xl6R8heh1I8BC1ApQNpijo2iz+3tI7KHWiBab7+jBLfWaDs14xzbSBuhs9Y2pUHKDWj9Csp5WtuM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLsSng9GLxue0A4K37FTihjpdCU88ghg91O5LHnydWK0G3AKkS6zpjCsXHRiEbp3BzpbOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.yahoo.com/	1970-01-20 21:35:38	Name: A3 Value: d=AQABBOR_mWQCEKLQRn-stUwi52SbVO6J9wYFEgEBAQHRmmSjZCXcxyMA_eMAAA&S=AQAAApHDunhtXth4wirmk7ctBYM
.boldchat.com/	1970-01-20 21:35:17	Name: bc-visitor-id Value: 2943214817915460751=2857208615841923947T58E28BF09BD12E425F016BFF695D837A19C359665AABBD7564F603FA960CEE00AAD99B02A261531F37B43B16E0F9F09C2CBF530F08C27C78CFF0F98B3FF614E3
.boldchat.com/	1969-12-31 23:59:59	Name: bc-visit-id Value: 2943214817915460751=2857208615577166924T786CA51FD7BDCEE9E8DB0594F834435B6401C7E221CC85D816FB0380B599C4476F9F0FDE723292A48494D45B2E0DCC10C936E25047D905E3B87048F5D300268C
.buydomains.com/	1969-12-31 23:59:59	Name: _bcvm_vid_2943214817915460751 Value: 2857208615577166924T786CA51FD7BDCEE9E8DB0594F834435B6401C7E221CC85D816FB0380B599C4476F9F0FDE723292A48494D45B2E0DCC10C936E25047D905E3B87048F5D300268C
.buydomains.com/	1970-01-20 21:35:17	Name: _bcvm_vrid_2943214817915460751 Value: 2857208615841923947T58E28BF09BD12E425F016BFF695D837A19C359665AABBD7564F603FA960CEE00AAD99B02A261531F37B43B16E0F9F09C2CBF530F08C27C78CFF0F98B3FF614E3
.analytics.yahoo.com/	1970-01-20 21:35:17	Name: IDSYNC Value: 1769~2cfo
.adsrvr.org/	1970-01-20 21:36:43	Name: TDCPM Value: CAESFwoIYXBwbmV4dXMSCwik2e3VhZL7OxAFEhYKB3J1Ymljb24SCwik2e3VhZL7OxAFEhkKCnJpZ2h0bWVkaWESCwi-94_XhZL7OxAFEhUKBmdvb2dsZRILCJKO9tqFkvs7EAUSFQoGY2FzYWxlEgsIko722oWS-zsQBRgFIAQoATILCPqz6YCckvs7EAVCDyINCAESCQoFdGllcjIQAVoHYjd4ZzJ2NmABcgZjYXNhbGU.
.casalemedia.com/	1970-01-20 21:35:17	Name: CMID Value: ZJl-5bL2.PuuwH7V1kRQZQAA
.casalemedia.com/	1970-01-20 14:59:17	Name: CMPS Value: 1358
.casalemedia.com/	1970-01-20 14:59:17	Name: CMPRO Value: 1358
www.buydomains.com/	1970-01-20 22:25:41	Name: aelastsite Value: T9AuRHB6UAobkOoCpj8FxR0dzIiYCwOmTYogwHRsnIWAXhDTtJhbUYi864r%2FUXP8
www.buydomains.com/	1969-12-31 23:59:59	Name: aelreadersettings Value: %7B%22c_big%22%3A0%2C%22rg%22%3A0%2C%22memph%22%3A0%2C%22contrast_setting%22%3A0%2C%22colorshift_setting%22%3A0%2C%22text_size_setting%22%3A0%2C%22space_setting%22%3A0%2C%22font_setting%22%3A0%2C%22k%22%3A0%2C%22k_disable_default%22%3A0%2C%22hlt%22%3A0%2C%22disable_animations%22%3A0%2C%22display_alt_desc%22%3A0%7D
wsv3cdn.audioeye.com/	1970-01-20 22:25:41	Name: aelastsite Value: T9AuRHB6UAobkOoCpj8FxR0dzIiYCwOmTYogwHRsnIWAXhDTtJhbUYi864r%2FUXP8
wsv3cdn.audioeye.com/	1969-12-31 23:59:59	Name: aelreadersettings Value: %7B%22c_big%22%3A0%2C%22rg%22%3A0%2C%22memph%22%3A0%2C%22contrast_setting%22%3A0%2C%22colorshift_setting%22%3A0%2C%22text_size_setting%22%3A0%2C%22space_setting%22%3A0%2C%22font_setting%22%3A0%2C%22k%22%3A0%2C%22k_disable_default%22%3A0%2C%22hlt%22%3A0%2C%22disable_animations%22%3A0%2C%22display_alt_desc%22%3A0%7D
www.buydomains.com/	1969-12-31 23:59:59	Name: aeatstartmessage Value: true
wsv3cdn.audioeye.com/	1969-12-31 23:59:59	Name: aeatstartmessage Value: true

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
worker	info	URL: https://www.buydomains.com/browser/js/worker/workerJS.min.js Message: Deployed Version: [2138] -> /var/lib/jenkins/product-tarballs/BuyDomainsWWW/2138.tgz .

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6928088.fls.doubleclick.net
accounts.google.com
adservice.google.com
analytics.audioeye.com
api.buydomains.com
cdn.cookielaw.org
cm.g.doubleclick.net
connect.facebook.net
csp.withgoogle.com
d.impactradius-event.com
d.monetate.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
ib.adnxs.com
insight.adsrvr.org
match.adsrvr.org
medicaloutlook.com
pixel.rubiconproject.com
s1731649222.t.eloqua.com
script.hotjar.com
se.monetate.net
static.buydomains.com
static.hotjar.com
stats.g.doubleclick.net
ups.analytics.yahoo.com
visitor-services.boldchat.com
vms.boldchat.com
vmss.boldchat.com
wsmcdn.audioeye.com
wsv3cdn.audioeye.com
www.buydomains.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.gstatic.com
104.127.70.187
104.18.24.148
108.138.106.101
108.139.47.90
142.250.176.194
142.250.80.70
18.164.96.87
192.29.70.2
192.40.39.223
207.148.248.128
207.148.248.143
2606:4700:4400::6812:2422
2606:4700:4400::ac40:97de
2606:4700::6812:1c26
2606:4700::6812:aa72
2607:f8b0:4004:c08::9c
2607:f8b0:4006:80a::2004
2607:f8b0:4006:80d::2002
2607:f8b0:4006:816::200e
2607:f8b0:4006:817::2002
2607:f8b0:4006:817::2011
2607:f8b0:4006:81c::200a
2607:f8b0:4006:81d::200d
2607:f8b0:4006:820::2003
2607:f8b0:4006:820::2008
2a03:2880:f012:10c:face:b00c:0:3
3.225.218.10
35.186.249.72
35.82.9.197
44.233.34.14
52.223.40.198
52.41.226.252
54.161.222.185
54.69.131.234
68.67.179.87
8.43.72.98
02ca49fda602d411bc21fbfa941871cd8944352e3ffb6b289b4f86eb1849a6c5
06bb29007ac9c51f6f1bd20c5e13a1c26497955c54ad309887cc710bb7b76a44
07c94892c3e0ac93d2bcb3a9cb88aa67ea47b3d1aa89bc39dfcc2b025dcd8988
0899a75215869e4015ead31695e689ed78d61a52a49a75f1a319f7d4912c18b9
09153a1fab49a5ac7de94b25e587b011bf9a797139e12b1fe71e471d958c3b4c
092a690c556396c5c85bb83728e427187415bcc74a7be26c340d0d3affd70129
0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae
0d59bfc19f1e67f631e23a70f6019dab2a4f5dd8379097827fd2e76dfd1e4ac3
135fcc5bcf0b6968cf65f32cf73618eedee0af71b5ba8fe2c9fcdf8ea02d2c7c
13c550bda95a3b025ba494b4a95082404506f84cc2d3a81beeb365ee611743f9
1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1e68086b07bd9a58d95d52ea6e81b61913d54ed3c0985d4864d686d2ca4b25b2
1edf122d037ef6a773495dc175eea391e0659f115cb210e15faf6f96f02b4219
1f878e1bcbcaa0ca6cab5953e6f7a06431b4ed5f826a6992df5debb5a409f417
20f86b062157fbf2af91b2a5013cb09570b608b2993b430e2b41ae0c34ed4d75
21bf7f2e24c222ba232199dc85f176753e5e7c4fd9c13c37f20fe2912e4a7ce9
232a9d8c1a6d7bb00b62eae76936b269d7ef61e167c71197e9d47a15940de39d
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
259e70f3b52cbdbab50914ae1ecfc516e43de602bc04a3e8f06511e9a4a6b33c
25fbe47fd20161dc9b02200ea76a063f6f67380ee23590f2f21cc8d02171b420
2d8172ae627b7b089a09a2c9f999727ea3230b2494db2a600fc9bddd703d9d01
36d33e8c1ac6427bc45c239baeab341b99ac6d21859e885a5b8d7375f133b7fe
3c8801b75dd6534ac6cca2c73e8a7b286703de56b9f71abc6514f6ea8665351d
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e70f775695906d288c22f488b745a621b8c59e1c48235b193cfe5a6af4caa78
3e77ef500018117cc3df997527af30f05768a4fb6a7195098a3bd1d3b43771ac
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
4a76931128044a1db3c976545bc3ea501f2f2b22e68dc50424daf971c05aafda
4ce841d1ae5272d22006550201e33d8aca6f088ede7a2a10f56fc5abc416ce5d
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
5684d84cdb0e09ff6a54f7f7b0b69dead4be64bf91f1445f2da8540a464e0ce5
5959603d981ea8e11ea178de0326acf73f14351daf63233a1f2fa3e08e77b012
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
6117833947969ea9373cf58f35f88eaa7b5b6cef8874d7006f328a03e6bc5005
69bd95702c39d5dd144d4cd0318203112b847646a1829846d16098f6e0ef90b5
6db9473433810ec1cb3117726b26aab3d002201382e526a11c5ef6b16aa514f1
718d6486bc5d9477edeac234364e92e880b2cea182e79379aa7dc010390e5402
7becfb9e0a5ccbdcd505ea0205f20d569291586611dbdafb1d8ec4a302009a73
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
7cdd1ac485682bdbec3acd13ad2f7121dc33a37c8b1b9e295dccf11cab871a0a
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
8980cf6253215578b8aa8d4a22ef348643fff2d869ae4005014599cd7ae8fe6a
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8a3a04b61dd5194eaddabeb3fc3ee2cb93d53def2ad2ebb11ede81b5a50e04a3
8e4eb2fbe2428b73be6461073a48b2059abde0936219b8c1b2cc4b7dfbd85d83
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
903cf6b79d15c1159628f9edf09b933327c9a54efb41023641c09db4696ded7e
92ac0e7229bf5f08ff074e505a0b80d13fb66999490abeddf84f4b5818fcaeae
93fa2f916588b37414e9ff25749b143f9920279ab5f70911d667367193e9076f
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
9e56bd6105d6e24d804d3db97049f580c26390f475a87f7535e066bdc815b2f2
a1ca1f41ae3825853af12338d1d22e38651f1d05a196f9a09e145449d13bb8ff
a3611762d759fbc88014a948d6886de35d40437f162531a8a854493eca288839
a42b244bb1076165f4e5b66b58ea444542751753fa8753d3bd9bf13d681f3f3d
ab23e5ef2389cf1539e1ad4dc3ff1cbd09a452482157ee899fd27f83239d9360
b001ecc7a932d67efb37761aa6c469c54a53eeb9dd3b283a8c1590de40b699d4
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3cbe39943fa8bca9dbe8209640b3430c121f2d45878b729907fafe3d1e2a3f0
b60d5fbcf96ef594c67302506bbf52bdc9bf1acf49859cc0f546d6b409153513
b65667df550861905e2787273fcacf0433aff89b9a3988b491cec89c6949af69
b77da753e230b7c8b22e848cb4c06fc82817e2492437c01014ef60f6c0049779
be3cad75ecdedfa007a05d92d974846c8aedfad2822dc3c6cb4b6d39d837e1df
c035de76f84521dbfb78a61451904557fe2a6568fcef629bedae385b6ce8721f
c371aaf5bdf44763b34e7ee9512ed63f584aa385c98adbad194820944a7e2acd
c4935286922692afbebf83bd9b592e68cb568cba4bb27c5959ad11f1c854d307
c533a4db9ad574ddba9c00f06c85a66860dabc8338ce7aa4f88c39e40a50f07f
c79eb065dc1375f63c50f5f6500f612555af06ae3025565001ec4edbb56cc070
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
cec07df5c80f83d619faa160743b34e3579512aa79befa37c7a4d74433616051
d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d79401585d50c8e625f6abd3c443cdd31f1ec73cc7f7f570d3330dc706f433f7
d856eab9531599c4fbf09adc43f4621f69ccfcb01e305fb09cb361d54bf7855f
d96349bcf2de9afb630c6e8c9ab7e28658336d3c339206c13d164de98c965f87
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
e2a5d8b29d51cad373a66ebfc10b8735fc046cdb7c6d65b8f3e20f13b6b23694
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ebeace42646aa327b1fa6225f70120658993d4796cc9103484a6f068d3a58a6d
ec1cb728e8d93018bd8980489f1c6bcfad2dafcb33410b6526c180801f6a3320
ec9c61e3e9f4511867ae242a576324edc5e28413731517c9880fdca7fd061cea
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
f52a120841562a7b5920d038ab9aee9f1cb48f52028a2c5b918b6b9ba760cf8d
ffc79feebdfe105c3de8840c2a5814b3fae59d3529463fdf9329080967ed92ba

www.buydomains.com Open in urlscan Pro 104.18.24.148 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

101 Requests

97 %HTTPS

42 %IPv6

24 Domains

39 Subdomains

31 IPs

3 Countries

2208 kBTransfer

6466 kBSize

54 Cookies

5 Outgoing links

Page URL History

Redirected requests

101 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

www.buydomains.com Open in urlscan Pro
104.18.24.148 Public Scan

Screenshot
Live screenshot

Full Image

101
Requests

97 %
HTTPS

42 %
IPv6

24
Domains

39
Subdomains

31
IPs

3
Countries

2208 kB
Transfer

6466 kB
Size

54
Cookies

101 HTTP transactions
1 data transactions