207.148.248.143301 Moved Permanently 0 B URL User Request GET HTTP/1.1 IP 207.148.248.143:80
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: grammarhelp.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Mon, 29 May 2023 15:46:42 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.6.8
X-Powered-By: PHP/5.6.8
Location: https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Content-Length: 0
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.3 472 B IP 142.250.74.3:0
Hash 4195d3f97e59fc4f34d523d0195d8d0b
244cd9dd441c530c8e03405819eb759e95f25cb0
1fc6101023c68883ddf2cb7eb133e96a3e3cf96d7657223e38621f9fc9a7653d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 15:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3 472 B IP 142.250.74.3:0
Hash 4195d3f97e59fc4f34d523d0195d8d0b
244cd9dd441c530c8e03405819eb759e95f25cb0
1fc6101023c68883ddf2cb7eb133e96a3e3cf96d7657223e38621f9fc9a7653d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 15:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3 472 B IP 142.250.74.3:0
Hash bf41763493034cf0721a38e55b1b3ddc
286ada2e9811dec033e7c630fa0c33a036771ae1
8bb566767ad110bd2452aca59b4190694cce97ab9601de46067d8643efaad86d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 15:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3 472 B IP 142.250.74.3:0
Hash d064cee448396618dd3b4e91c8ff9bd1
4e32647996abca8dfea7bcfb43b0655a3e597650
62330fac13ae462bab4a742d9aa76d8bb8aa06d3d68b3b49072ce5a2953ba9cd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 15:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.buydomains.com/browser/js/worker/workerJS.min.js
104.18.24.148200 OK 92 kB URL GET HTTP/2 www.buydomains.com/browser/js/worker/workerJS.min.js
IP 104.18.24.148:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint40:6A:AE:37:C4:FC:0B:1B:93:F4:04:6A:12:FA:50:22:25:34:3D:D1
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Hash 52aecab428c8df75288cac0d07415b20
9cd810c204d1caabe714683c3d1526ac27da9e0b
616035507619358729d2aced2813b5a3c59290646b046925f31acef41a503d2f
GET /browser/js/worker/workerJS.min.js HTTP/1.1
Host: www.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Cookie: PHPSESSID=uoftl3qtbh3fmkibtmpoenqag5; USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:42 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:45:14 GMT
etag: W/"7c3-5ed81ba32aa80"
x-node: www-01.prod
cf-cache-status: HIT
age: 1041
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf2a9da8b4f7-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
www.buydomains.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.18.24.148200 OK 1.1 kB URL GET HTTP/2 www.buydomains.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.18.24.148:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint40:6A:AE:37:C4:FC:0B:1B:93:F4:04:6A:12:FA:50:22:25:34:3D:D1
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Hash 8a0356e80e5b7b561cbb64b0fe5eeab4
dfb72c50eeadee7a83195fc0f46f9cebc1dd2972
a50acb9f2d3b2d02fbd5b48e246736bcb10ad1139a37ff2fbd5cba79686da667
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: www.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Cookie: PHPSESSID=uoftl3qtbh3fmkibtmpoenqag5; USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:43 GMT
content-type: application/javascript
last-modified: Thu, 25 May 2023 08:39:22 GMT
etag: W/"646f1eba-4d7"
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf2bdfe3b4f7-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Wed, 31 May 2023 15:46:43 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227 471 B URL ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 5573ed26c7521d652df4d86591f1a637
6e43e08eaa0ae6aac02c41d6e8a92e94b121ae05
c27d25f92e6a89403fe8b2ade2533823b373bf40de76f130394920bc1640661e
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=7200'
Date: Mon, 29 May 2023 15:46:43 GMT
Last-Modified: Mon, 29 May 2023 13:57:32 GMT
Server: ECAcc (nya/789D)
X-Cache: Miss from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: welJ-9VJXeEkj5vvB6mx-twxEShGm9aUbezIyLo8-Tpu2zgpSO9gFg==
Age: 6551
static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
54.230.111.34200 OK 9.0 kB URL GET HTTP/1.1 static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
IP 54.230.111.34:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerAmazon
Subject*.buydomains.com
FingerprintD9:D0:8A:01:B9:A4:6E:19:CA:8D:82:74:50:7F:16:CB:3F:16:25:1A
ValidityFri, 24 Feb 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (46562), with no line terminators
Hash fe08f3f374a5c2a6b03722930a7fc239
37fb9ec1c03f00b37b60baca0958ea4476d7fa8a
c371aaf5bdf44763b34e7ee9512ed63f584aa385c98adbad194820944a7e2acd
GET //browser/css/lander/g/lander-v7.css?version=2023-05-23-1 HTTP/1.1
Host: static.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Cookie: USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 23 May 2023 17:04:28 GMT
X-Node: www-06.prod
CF-Cache-Status: EXPIRED
Server: cloudflare
CF-RAY: 7cc6c9f019f0bbbc-FRA
Content-Encoding: gzip
Date: Sun, 28 May 2023 16:07:18 GMT
ETag: W/"b5e4-5fc5f614bbf00"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KweWjfcIvZfep86mt8AVwyengL0eAEENdMjnrNIFfdIYg7Hji76RVQ==
Age: 85165
ocsp.r2m01.amazontrust.com/
54.230.80.227 471 B URL ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 5573ed26c7521d652df4d86591f1a637
6e43e08eaa0ae6aac02c41d6e8a92e94b121ae05
c27d25f92e6a89403fe8b2ade2533823b373bf40de76f130394920bc1640661e
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=7200'
Date: Mon, 29 May 2023 15:46:43 GMT
Last-Modified: Mon, 29 May 2023 14:15:02 GMT
Server: ECAcc (bsa/EB26)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KohLNaAFr7fcJDN0L3bZO1QUQ-T-Omo1pt7hcDn-btYBYL7NFKotxA==
Age: 5501
www.google.com/recaptcha/api.js
142.250.74.164200 OK 556 B URL GET HTTP/2 www.google.com/recaptcha/api.js
IP 142.250.74.164:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint48:E3:15:66:FC:EA:15:BF:D2:34:C1:DD:60:D4:23:A3:63:57:89:8D
ValidityMon, 08 May 2023 08:25:18 GMT - Mon, 31 Jul 2023 08:25:17 GMT
File type ASCII text, with very long lines (850), with no line terminators
Hash df783ce1aff114831a54f9f75f41f66c
33148dcdac51d1a72787969900203bc0316ff82f
f75b96abf98a7f4874b54f268b85ba2b2fa261741afa891097537bcfa1e73fd3
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
expires: Mon, 29 May 2023 15:46:43 GMT
date: Mon, 29 May 2023 15:46:43 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 556
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3 472 B IP 142.250.74.3:0
Hash bf41763493034cf0721a38e55b1b3ddc
286ada2e9811dec033e7c630fa0c33a036771ae1
8bb566767ad110bd2452aca59b4190694cce97ab9601de46067d8643efaad86d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 15:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3 471 B IP 142.250.74.3:0
Hash dfd5ad02f4f42dfda06a983cde156afc
22aa6b74534fcf3dea8b9baf4578d94e7d668e18
885fcb0b62d31ffaccbc95a3ff7a2478fe67a28f62917c980555911e11717d36
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 15:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.r2m01.amazontrust.com/
54.230.80.227 471 B URL ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 5573ed26c7521d652df4d86591f1a637
6e43e08eaa0ae6aac02c41d6e8a92e94b121ae05
c27d25f92e6a89403fe8b2ade2533823b373bf40de76f130394920bc1640661e
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=7200'
Date: Mon, 29 May 2023 15:46:43 GMT
Etag: "6473f39c-1d7"
Server: ECAcc (dcb/7F10)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Iv30XpSttzInHjPpWYxR6X-hgVy6-euKoOmNHtlL5JFzWEHkE8ZdTw==
static.buydomains.com//eloqua.js?version=2023-05-23-1
54.230.111.48200 OK 569 B URL GET HTTP/1.1 static.buydomains.com//eloqua.js?version=2023-05-23-1
IP 54.230.111.48:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerAmazon
Subject*.buydomains.com
FingerprintD9:D0:8A:01:B9:A4:6E:19:CA:8D:82:74:50:7F:16:CB:3F:16:25:1A
ValidityFri, 24 Feb 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
Hash 881e366484dc8f5b25a82205269825a5
864576e3656082a2226c77606ad521ecd10c511b
b001ecc7a932d67efb37761aa6c469c54a53eeb9dd3b283a8c1590de40b699d4
GET //eloqua.js?version=2023-05-23-1 HTTP/1.1
Host: static.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Cookie: USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 23 May 2023 16:06:55 GMT
X-Powered-By: PHP/5.6.8
Expires: Thu, 22 Jun 2023 16:06:55 GMT
Cache-Control: public, max-age=2592000
Pragma: cache
X-PHP-Backend: www-03.prod
Access-Control-Allow-Origin: *
X-Node: www-03.prod
CF-Cache-Status: MISS
Last-Modified: Tue, 23 May 2023 16:06:55 GMT
Server: cloudflare
CF-RAY: 7cbe8c846c5bbbd7-FRA
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: S_HjP5OU11LA0zouNq1hyACDR-eks7usp05ZiZcZInNQNRCswcN07Q==
Age: 517188
static.buydomains.com//browser/img/tdfs/logo-custom.svg?version=2023-05-23-1
54.230.111.34200 OK 4.0 kB URL GET HTTP/1.1 static.buydomains.com//browser/img/tdfs/logo-custom.svg?version=2023-05-23-1
IP 54.230.111.34:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerAmazon
Subject*.buydomains.com
FingerprintD9:D0:8A:01:B9:A4:6E:19:CA:8D:82:74:50:7F:16:CB:3F:16:25:1A
ValidityFri, 24 Feb 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (9984)
Hash 4b712d0ff185848a718c4049f67739b3
b78e19e32601efe0f1a60762f6e79ec3ab4bbc93
8980cf6253215578b8aa8d4a22ef348643fff2d869ae4005014599cd7ae8fe6a
GET //browser/img/tdfs/logo-custom.svg?version=2023-05-23-1 HTTP/1.1
Host: static.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Cookie: USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 02 Nov 2020 15:52:13 GMT
X-Node: www-04.prod
CF-Cache-Status: MISS
Server: cloudflare
CF-RAY: 7cbe8c84ddad18d7-FRA
Content-Encoding: gzip
Date: Sun, 28 May 2023 16:07:24 GMT
ETag: W/"2701-5b321bacf6540"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: pd2zBIW6pPz7sB4H6KT4Kta0GAE54cHCr6zX0B7VexzTa1V8IsCchA==
Age: 85159
static.buydomains.com//browser/img/favicon.ico?version=2023-05-23-1
54.230.111.34 1.2 kB URL GET static.buydomains.com//browser/img/favicon.ico?version=2023-05-23-1
IP 54.230.111.34:0
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerAmazon
Subject*.buydomains.com
FingerprintD9:D0:8A:01:B9:A4:6E:19:CA:8D:82:74:50:7F:16:CB:3F:16:25:1A
ValidityFri, 24 Feb 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 20x20, 32 bits/pixel\012- data
Hash 3ee909f746f33af61e8f84deb946e836
3046f6e2b0fd1779c0bd210eeecbb9e07048b4eb
9d800ee343267e9e846428ea9a0318b25470a97147b8807041d140911a4d606a
GET //browser/img/favicon.ico?version=2023-05-23-1 HTTP/1.1
Host: static.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Cookie: USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 25 Jan 2019 17:23:12 GMT
X-Node: www-05.prod
CF-Cache-Status: MISS
Server: cloudflare
CF-RAY: 7cbe8cb3be2e382a-FRA
Content-Encoding: gzip
Date: Sun, 28 May 2023 16:08:03 GMT
ETag: W/"6ce-5804b94dd8000"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 44agE99q3CZMDmknaft08VfxwV2M4qa_79oLRcoKL_3wJ_Sff0t9gw==
Age: 85120
ocsp.pki.goog/gts1c3
142.250.74.3 472 B IP 142.250.74.3:0
Hash e75b43e8a7beaf5ded692008749eb5b0
5f96a142b29fc6ca88b33a9cb5c2c5b4b95b8635
a100d74db29961c793a7254e52dd854c8f85761876369b45073d911be95bab3a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 15:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js
216.58.211.3200 OK 166 kB URL GET HTTP/3 www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js
IP 216.58.211.3:443
Requested by https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type ASCII text, with very long lines (660)
Size 166 kB (166449 bytes)
Hash 95a32a4d8f8be968bc15d6ab9b9491d1
fbfbcb40c8d8997096cd2ea3d8cfc3dee1981015
a41096fbcf982d79bf075bf2378c9c0c2e8ada5bdc94bd7cc794454135ccf981
GET /recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166449
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 May 2023 23:49:29 GMT
expires: Tue, 21 May 2024 23:49:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 May 2023 20:58:33 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 575834
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.buydomains.com/browser/img/icons/person-24px.svg
54.230.111.34200 OK 428 B URL GET HTTP/1.1 static.buydomains.com/browser/img/icons/person-24px.svg
IP 54.230.111.34:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerAmazon
Subject*.buydomains.com
FingerprintD9:D0:8A:01:B9:A4:6E:19:CA:8D:82:74:50:7F:16:CB:3F:16:25:1A
ValidityFri, 24 Feb 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 330a027fc0121c97b2a16d14894562c2
61c6bdaf500cd5fdb2068a6e010ddfc932177e04
ec1cb728e8d93018bd8980489f1c6bcfad2dafcb33410b6526c180801f6a3320
GET /browser/img/icons/person-24px.svg HTTP/1.1
Host: static.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
Cookie: USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 07 Apr 2020 16:14:48 GMT
X-Node: www-05.prod
CF-Cache-Status: REVALIDATED
Server: cloudflare
CF-RAY: 7cc260d66e1e35f7-FRA
Content-Encoding: gzip
Date: Mon, 29 May 2023 03:20:23 GMT
ETag: W/"25b-5a2b5aebdae00"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: G5qFJLqzLSFrqhl7Xhxq1VtuGaAZjMeuavIJttfQaQ4C4UfgviHGMw==
Age: 44780
static.buydomains.com/browser/img/icons/email-24px.svg
54.230.111.48200 OK 207 B URL GET HTTP/1.1 static.buydomains.com/browser/img/icons/email-24px.svg
IP 54.230.111.48:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerAmazon
Subject*.buydomains.com
FingerprintD9:D0:8A:01:B9:A4:6E:19:CA:8D:82:74:50:7F:16:CB:3F:16:25:1A
ValidityFri, 24 Feb 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 3fcf1fd8f5b10149ea43c0fdf5391157
bd55ac1d498f30dc139b39d75f84f8f93fed1786
a42b244bb1076165f4e5b66b58ea444542751753fa8753d3bd9bf13d681f3f3d
GET /browser/img/icons/email-24px.svg HTTP/1.1
Host: static.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
Cookie: USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 07 Apr 2020 16:14:48 GMT
X-Node: www-04.prod
CF-Cache-Status: REVALIDATED
Server: cloudflare
CF-RAY: 7cc213a6e8c93a88-FRA
Content-Encoding: gzip
Date: Mon, 29 May 2023 02:25:01 GMT
ETag: W/"10e-5a2b5aebdae00"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: p0BLCm9CzIDNzT2KU0lmIclD3YfrpRNJ8UMmJdYEOkrFZvEV0Y2-6w==
Age: 48102
static.buydomains.com/browser/img/icons/local-phone-24px.svg
54.230.111.34200 OK 252 B URL GET HTTP/1.1 static.buydomains.com/browser/img/icons/local-phone-24px.svg
IP 54.230.111.34:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerAmazon
Subject*.buydomains.com
FingerprintD9:D0:8A:01:B9:A4:6E:19:CA:8D:82:74:50:7F:16:CB:3F:16:25:1A
ValidityFri, 24 Feb 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (355), with no line terminators
Hash 80a908cdd393e0768109b1836ef467d5
fef8b0bfcb73827b200010f2fecb53113155774f
5684d84cdb0e09ff6a54f7f7b0b69dead4be64bf91f1445f2da8540a464e0ce5
GET /browser/img/icons/local-phone-24px.svg HTTP/1.1
Host: static.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
Cookie: USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 07 Apr 2020 16:14:48 GMT
X-Node: www-06.prod
CF-Cache-Status: MISS
Server: cloudflare
CF-RAY: 7ce45f4209e5196a-FRA
Content-Encoding: gzip
Date: Mon, 29 May 2023 06:17:14 GMT
ETag: W/"163-5a2b5aebdae00"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: nKdhZNjv2niFtdNLJAbzfJTwgrxbPH3kGOcTtNPVt7kWdUsnaHjRIQ==
Age: 34169
static.buydomains.com/browser/img/icons/selectArrowGrey.svg
54.230.111.48200 OK 384 B URL GET HTTP/1.1 static.buydomains.com/browser/img/icons/selectArrowGrey.svg
IP 54.230.111.48:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerAmazon
Subject*.buydomains.com
FingerprintD9:D0:8A:01:B9:A4:6E:19:CA:8D:82:74:50:7F:16:CB:3F:16:25:1A
ValidityFri, 24 Feb 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e2fd15ee4ccd77f13dbefb61a2b430c0
23785c2fb98286cd4c27c608e6595821f2e06835
3e77ef500018117cc3df997527af30f05768a4fb6a7195098a3bd1d3b43771ac
GET /browser/img/icons/selectArrowGrey.svg HTTP/1.1
Host: static.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
Cookie: USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 07 Apr 2020 16:14:48 GMT
X-Node: www-01.prod
CF-Cache-Status: MISS
Server: cloudflare
CF-RAY: 7ccaccc1bb5030e4-FRA
Content-Encoding: gzip
Date: Mon, 29 May 2023 03:49:30 GMT
ETag: W/"219-5a2b5aebdae00"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PSXw6zWV93OQIw0Q1y56S0zP_ieMvjupm0dBA2l8OdD0vD75st8-jQ==
Age: 43033
static.buydomains.com/browser/img/icons/public-24px.svg
54.230.111.34200 OK 288 B URL GET HTTP/1.1 static.buydomains.com/browser/img/icons/public-24px.svg
IP 54.230.111.34:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerAmazon
Subject*.buydomains.com
FingerprintD9:D0:8A:01:B9:A4:6E:19:CA:8D:82:74:50:7F:16:CB:3F:16:25:1A
ValidityFri, 24 Feb 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (436), with no line terminators
Hash 90558d0d2c3c94a9558a193bad1652ce
3dd19b359471266af40ef1d68120d128c412916e
1f878e1bcbcaa0ca6cab5953e6f7a06431b4ed5f826a6992df5debb5a409f417
GET /browser/img/icons/public-24px.svg HTTP/1.1
Host: static.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
Cookie: USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 07 Apr 2020 16:14:48 GMT
X-Node: www-06.prod
CF-Cache-Status: REVALIDATED
Server: cloudflare
CF-RAY: 7ce45f445b7b9243-FRA
Content-Encoding: gzip
Date: Mon, 29 May 2023 06:17:14 GMT
ETag: W/"1b4-5a2b5aebdae00"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1xP-JZjoF7npQWO-j7Q96H67wDvPEByrZQEl7Xeioc4h1GYeKElnGg==
Age: 34169
static.buydomains.com/browser/img/icons/checkmark-blue.svg
54.230.111.34200 OK 263 B URL GET HTTP/1.1 static.buydomains.com/browser/img/icons/checkmark-blue.svg
IP 54.230.111.34:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerAmazon
Subject*.buydomains.com
FingerprintD9:D0:8A:01:B9:A4:6E:19:CA:8D:82:74:50:7F:16:CB:3F:16:25:1A
ValidityFri, 24 Feb 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (424), with no line terminators
Hash dbfd74ea431774b54ba75f280131caf4
ffdee42c557c95e91a14df288f796a3fba1e706b
cec07df5c80f83d619faa160743b34e3579512aa79befa37c7a4d74433616051
GET /browser/img/icons/checkmark-blue.svg HTTP/1.1
Host: static.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.buydomains.com//browser/css/lander/g/lander-v7.css?version=2023-05-23-1
Cookie: USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 02 Apr 2020 20:00:11 GMT
X-Node: www-02.prod
CF-Cache-Status: MISS
Server: cloudflare
CF-RAY: 7cc3af7c58dd9067-FRA
Content-Encoding: gzip
Date: Mon, 29 May 2023 07:05:47 GMT
ETag: W/"1a8-5a2543f9168c0"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: peNUNJEiDKh4TKQE-f9imPuxdP8OySq9rktWZxcfx67uu5lp-gUZ-w==
Age: 31256
ocsp.pki.goog/gts1c3
142.250.74.3 472 B IP 142.250.74.3:0
Hash e75b43e8a7beaf5ded692008749eb5b0
5f96a142b29fc6ca88b33a9cb5c2c5b4b95b8635
a100d74db29961c793a7254e52dd854c8f85761876369b45073d911be95bab3a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 15:46:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.211.3200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.211.3:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data
Hash 31a8297826cdcea344698ff952694a7f
4fa1ee4c471d1c05e9141855eec5ee09b898d594
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 May 2023 11:49:35 GMT
expires: Fri, 24 May 2024 11:49:35 GMT
cache-control: public, max-age=31536000
age: 359828
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v35/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk5hkWVAewA.woff2
216.58.211.3200 OK 19 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v35/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk5hkWVAewA.woff2
IP 216.58.211.3:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 19280, version 1.0\012- data
Hash 9b1d917afdb7bce2652f93c64e4f358a
ef325f143e520af304a2e0285e7db3f620880b41
f52a120841562a7b5920d038ab9aee9f1cb48f52028a2c5b918b6b9ba760cf8d
GET /s/opensans/v35/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk5hkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19280
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 May 2023 03:42:19 GMT
expires: Fri, 24 May 2024 03:42:19 GMT
cache-control: public, max-age=31536000
age: 389064
last-modified: Tue, 02 May 2023 15:09:28 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.211.3200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.211.3:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data
Hash 31a8297826cdcea344698ff952694a7f
4fa1ee4c471d1c05e9141855eec5ee09b898d594
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 May 2023 11:49:35 GMT
expires: Fri, 24 May 2024 11:49:35 GMT
cache-control: public, max-age=31536000
age: 359828
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.211.3200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.211.3:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data
Hash 31a8297826cdcea344698ff952694a7f
4fa1ee4c471d1c05e9141855eec5ee09b898d594
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 May 2023 11:49:35 GMT
expires: Fri, 24 May 2024 11:49:35 GMT
cache-control: public, max-age=31536000
age: 359828
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.buydomains.com//browser/js/vendor/elqCfg.min.js?version=2023-05-23-1
54.230.111.34200 OK 1.6 kB URL GET HTTP/1.1 static.buydomains.com//browser/js/vendor/elqCfg.min.js?version=2023-05-23-1
IP 54.230.111.34:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerAmazon
Subject*.buydomains.com
FingerprintD9:D0:8A:01:B9:A4:6E:19:CA:8D:82:74:50:7F:16:CB:3F:16:25:1A
ValidityFri, 24 Feb 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (4616), with no line terminators
Hash cd6d0c25ea6815521abe4c39ebca79f9
94081e4eabfdaf2f5de824d0b1309e63a3cb39a7
4ce841d1ae5272d22006550201e33d8aca6f088ede7a2a10f56fc5abc416ce5d
GET //browser/js/vendor/elqCfg.min.js?version=2023-05-23-1 HTTP/1.1
Host: static.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Cookie: USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 25 Jan 2019 17:23:12 GMT
X-Node: www-04.prod
CF-Cache-Status: MISS
Server: cloudflare
CF-RAY: 7cbe8c8a99ba1db0-FRA
Content-Encoding: gzip
Date: Sun, 28 May 2023 16:07:31 GMT
ETag: W/"1208-5804b94dd8000"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RObOI88dz39VoSZobmHazYmKBrrTooq9-eSY03xMC_74wWuvGiae4w==
Age: 85152
cdn.cookielaw.org/scripttemplates/otSDKStub.js
104.18.170.114200 OK 6.8 kB URL GET HTTP/2 cdn.cookielaw.org/scripttemplates/otSDKStub.js
IP 104.18.170.114:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectcookielaw.org
Fingerprint72:BB:48:60:EB:F2:A2:EB:51:29:51:1A:B9:2A:85:30:97:3D:9A:2E
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (21413)
Hash c8e518bcfebf6d20f4f3c0f18cc1fc0b
72d8ca0b791c05d6df331178cb568a366e7d12b2
c535c494eb4dbfb732fb09f9716097de5e1c84f1d841a5c98eb14903c1376270
GET /scripttemplates/otSDKStub.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: application/javascript
content-length: 6767
content-encoding: gzip
content-md5: ThapKUuw9e9x4Kb6BZJd6A==
last-modified: Thu, 25 May 2023 19:30:01 GMT
etag: 0x8DB5D566F4AC291
x-ms-request-id: cc59b92d-c01e-0144-08f7-8f42df000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 77248
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cefdf30fa32b527-OSL
X-Firefox-Spdy: h2
www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C&co=aHR0cHM6Ly93d3cuYnV5ZG9tYWlucy5jb206NDQz&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&badge=inline&cb=y1ev1ag2a120
142.250.74.164200 OK 28 kB URL GET HTTP/3 www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C&co=aHR0cHM6Ly93d3cuYnV5ZG9tYWlucy5jb206NDQz&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&badge=inline&cb=y1ev1ag2a120
IP 142.250.74.164:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:BA:19:A5:81:25:05:32:72:13:A7:18:CF:67:8C:D6:6F:13:B3:EF
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (43574)
Hash b154bd20e731f24058e9e2ff7759b1cc
564b681808cecfaed744082dac6cd017d4f2061d
3e2dc2441c2607178849cd3b23e3d47d83529a8091c5275faa26296501b15040
GET /recaptcha/api2/anchor?ar=1&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C&co=aHR0cHM6Ly93d3cuYnV5ZG9tYWlucy5jb206NDQz&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&badge=inline&cb=y1ev1ag2a120 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 29 May 2023 15:46:44 GMT
content-security-policy: script-src 'nonce-l3XeDnpTqtatalSLq9petQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 28466
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.buydomains.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/938e2b5c/invisible.js
104.18.24.148200 OK 15 kB URL GET HTTP/2 www.buydomains.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/938e2b5c/invisible.js
IP 104.18.24.148:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint40:6A:AE:37:C4:FC:0B:1B:93:F4:04:6A:12:FA:50:22:25:34:3D:D1
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (30619), with no line terminators
Hash c02530d9fadfee84dbacf3ff86643c52
21ede6b05c61c486cdc6b064b6d9de37a4f8e812
df287ee8beff176cc0a216850528ce3f24bd90c7b57bf824a96b62f6aa394a36
GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/938e2b5c/invisible.js HTTP/1.1
Host: www.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=uoftl3qtbh3fmkibtmpoenqag5; USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=; tracking_params_allowed=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
cache-control: max-age=14400, public
x-content-type-options: nosniff
content-encoding: gzip
server: cloudflare
cf-ray: 7cefdf3158f1b4f7-OSL
X-Firefox-Spdy: h2
www.buydomains.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
104.18.24.148200 OK 28 kB URL GET HTTP/2 www.buydomains.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
IP 104.18.24.148:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint40:6A:AE:37:C4:FC:0B:1B:93:F4:04:6A:12:FA:50:22:25:34:3D:D1
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (62156), with no line terminators
Hash 0fe0adf952688aa98f4d78a528d4bf0c
5c14ff0e06adb1982ed06357a378eaa614db1d4b
7e1da11a50263741c140e0349e8ce9b01e21a0d31bf96657e23028cadfe80953
GET /cdn-cgi/challenge-platform/h/b/scripts/pica.js HTTP/1.1
Host: www.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Cookie: PHPSESSID=uoftl3qtbh3fmkibtmpoenqag5; USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=; tracking_params_allowed=true
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
cache-control: max-age=14400, public
x-content-type-options: nosniff
content-encoding: gzip
server: cloudflare
cf-ray: 7cefdf31c9c3b4f7-OSL
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js
216.58.211.3200 OK 166 kB URL GET HTTP/3 www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js
IP 216.58.211.3:443
Requested by https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type ASCII text, with very long lines (660)
Size 166 kB (166449 bytes)
Hash 95a32a4d8f8be968bc15d6ab9b9491d1
fbfbcb40c8d8997096cd2ea3d8cfc3dee1981015
a41096fbcf982d79bf075bf2378c9c0c2e8ada5bdc94bd7cc794454135ccf981
GET /recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166449
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 May 2023 23:49:29 GMT
expires: Tue, 21 May 2024 23:49:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 May 2023 20:58:33 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 575835
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.sectigo.com/
104.18.15.101 472 B IP 104.18.15.101:0
Hash 9b815864b0143a2463b372e1ecf56437
86f59f70783a9f0625fc633e38e9d685092101b0
871924b8ad7be6b62deec665650bcf2b59f718213d4d6c96f078cc597d011eb6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 29 May 2023 15:46:44 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 26 May 2023 18:35:07 GMT
Expires: Fri, 02 Jun 2023 18:35:06 GMT
Etag: "86f59f70783a9f0625fc633e38e9d685092101b0"
Cache-Control: max-age=355535,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7cefdf326bc61c16-OSL
fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf
216.58.211.3200 OK 27 kB URL GET HTTP/3 fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf
IP 216.58.211.3:443
Requested by https://accounts.google.com/gsi/button?theme=filled_blue&size=medium&ux_mode=redirect&auto_select=true&width=186&height=35&redirect_uri=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fgrammarhelp.net%3Fdomain%3Dgrammarhelp.net%26utm_source%3Dgrammarhelp.net%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&client_id=493010564269-4qns5belsuphdbuurpmae7pknmirdktg.apps.googleusercontent.com&iframe_id=gsi_203426_118249&as=2%2FPjIxs3Gbrgo6No3MZyhQ
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, Copyright 2015 Google LLC. All Rights Reserved.Google Sans MediumRegularGoogle;GoogleSans-Medium\012- data
Hash 9ecc1a07aa9e5e87f04d31b49ca09897
a030a565d2168e505861d6f1de260dc1adf8b77b
ebeace42646aa327b1fa6225f70120658993d4796cc9103484a6f068d3a58a6d
GET /s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://accounts.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27431
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 11:09:13 GMT
expires: Wed, 22 May 2024 11:09:13 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2019 23:43:31 GMT
content-type: font/ttf
vary: Accept-Encoding
age: 535051
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owps.ttf
216.58.211.3200 OK 27 kB URL GET HTTP/3 fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owps.ttf
IP 216.58.211.3:443
Requested by https://accounts.google.com/gsi/button?theme=filled_blue&size=medium&ux_mode=redirect&auto_select=true&width=186&height=35&redirect_uri=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fgrammarhelp.net%3Fdomain%3Dgrammarhelp.net%26utm_source%3Dgrammarhelp.net%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&client_id=493010564269-4qns5belsuphdbuurpmae7pknmirdktg.apps.googleusercontent.com&iframe_id=gsi_203426_118249&as=2%2FPjIxs3Gbrgo6No3MZyhQ
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, Copyright 2015 Google LLC. All Rights Reserved.Google SansRegularGoogle;GoogleSans-RegularGoogle\012- data
Hash 20f7180ebc95ade510a7fbd4cbdc35b6
6cfc5afa73095577a20461de09d2a8f4b34d80e0
8087cf253743d85d9153ba12ce624c2e460e966c40a61928b3a036a2d452f45a
GET /s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owps.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://accounts.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27191
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 11:09:13 GMT
expires: Wed, 22 May 2024 11:09:13 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2019 23:42:54 GMT
content-type: font/ttf
vary: Accept-Encoding
age: 535051
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.211.3200 OK 15 kB URL GET HTTP/3 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.211.3:443
Requested by https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C&co=aHR0cHM6Ly93d3cuYnV5ZG9tYWlucy5jb206NDQz&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&badge=inline&cb=y1ev1ag2a120
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 17:31:32 GMT
expires: Wed, 22 May 2024 17:31:32 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 512112
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.211.3200 OK 16 kB URL GET HTTP/3 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.211.3:443
Requested by https://www.google.com/recaptcha/api2/bframe?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 21:40:21 GMT
expires: Wed, 22 May 2024 21:40:21 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 497183
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
api.buydomains.com/locale/detect?timestamp=1685375203309
207.148.248.128200 OK 1.9 kB URL GET HTTP/1.1 api.buydomains.com/locale/detect?timestamp=1685375203309
IP 207.148.248.128:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerSectigo Limited
Subject*.buydomains.com
Fingerprint7D:E0:86:ED:9B:29:FD:30:2A:67:34:8E:6F:5F:27:E6:CA:99:37:F1
ValidityFri, 24 Feb 2023 00:00:00 GMT - Sat, 24 Feb 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1792), with no line terminators
Hash f1befbdd9ad32d93272bfe608c251ab7
219db273da87eb7aa20e8b9037beb56ee6f5f716
f971cfa828f1fe32423abbaf2b0395d63e2f7eea9c5700b52e2d308b3275bb70
GET /locale/detect?timestamp=1685375203309 HTTP/1.1
Host: api.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=604800
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Mon, 29 May 2023 15:46:43 GMT
www.google.com/recaptcha/api2/webworker.js?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9
142.250.74.164200 OK 112 B URL GET HTTP/3 www.google.com/recaptcha/api2/webworker.js?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9
IP 142.250.74.164:443
Requested by https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C&co=aHR0cHM6Ly93d3cuYnV5ZG9tYWlucy5jb206NDQz&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&badge=inline&cb=y1ev1ag2a120
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:BA:19:A5:81:25:05:32:72:13:A7:18:CF:67:8C:D6:6F:13:B3:EF
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File type ASCII text, with no line terminators
Hash ffdfcf8fae84f7684f006bf5af012c06
b31182bbb1c60a114919bf05e698805b61f76aba
1bf768716a75b7620d341f775d10d79ee73a3a47f6609a24ca25dd88e4aeda95
GET /recaptcha/api2/webworker.js?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C&co=aHR0cHM6Ly93d3cuYnV5ZG9tYWlucy5jb206NDQz&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&badge=inline&cb=y1ev1ag2a120
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
expires: Mon, 29 May 2023 15:46:44 GMT
date: Mon, 29 May 2023 15:46:44 GMT
cache-control: private, max-age=300
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 112
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.gstatic.com/recaptcha/api2/logo_48.png
216.58.211.3200 OK 2.2 kB URL GET HTTP/3 www.gstatic.com/recaptcha/api2/logo_48.png
IP 216.58.211.3:443
Requested by https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C&co=aHR0cHM6Ly93d3cuYnV5ZG9tYWlucy5jb206NDQz&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&badge=inline&cb=y1ev1ag2a120
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 May 2023 21:48:58 GMT
expires: Mon, 29 May 2023 21:48:58 GMT
cache-control: public, max-age=604800
age: 583066
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.buydomains.com/get-user-fields
104.18.24.148200 OK 166 kB URL GET HTTP/2 www.buydomains.com/get-user-fields
IP 104.18.24.148:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint40:6A:AE:37:C4:FC:0B:1B:93:F4:04:6A:12:FA:50:22:25:34:3D:D1
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (660)
Size 166 kB (166519 bytes)
Hash a7ad41239ee1fa80a585a418287dc6c3
62d6705ee2d91dfad0ff3a7a0f7632bdb98ddfb2
de9acc08d17281798b4c96a320d8098f2a7e7af03425aa752da049b548d83fb2
GET /get-user-fields HTTP/1.1
Host: www.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Cookie: PHPSESSID=uoftl3qtbh3fmkibtmpoenqag5; USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.6.8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-php-backend: www-03.prod
x-node: www-03.prod
set-cookie: USER_COUNTRY=%22Norway%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
USER_COUNTRY_CODE_DEFAULT=%22NO%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_source=%22grammarhelp.net%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_medium=%22direct-visit%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_campaign=%22tdfs-AprTest%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
traffic_id=%22AprTest%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
traffic_type=%22tdfs%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_medium=%22direct-visit%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cefdf30b81bb4f7-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/202301.2.0/otBannerSdk.js
104.18.170.114200 OK 98 kB URL GET HTTP/2 cdn.cookielaw.org/scripttemplates/202301.2.0/otBannerSdk.js
IP 104.18.170.114:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectcookielaw.org
Fingerprint72:BB:48:60:EB:F2:A2:EB:51:29:51:1A:B9:2A:85:30:97:3D:9A:2E
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash b67edb9803c62210be356f797d79d131
b634c88dc4e149eb1b14d2944d76c28af8730adc
0fa90c9e195798597245f53e9dc98259304276626836677ffaf0f9fa18f9a189
GET /scripttemplates/202301.2.0/otBannerSdk.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: application/javascript
content-length: 98329
content-encoding: gzip
content-md5: 0jjE9bRWjdK9YwiQScw/ZQ==
last-modified: Fri, 17 Feb 2023 03:39:10 GMT
etag: 0x8DB1098882046FE
x-ms-request-id: 0a72193a-b01e-010f-04e1-5a7345000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 22901
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cefdf34b8e0b527-OSL
X-Firefox-Spdy: h2
cdn.cookielaw.org/consent/91181fd5-0816-4a3d-8427-63a8d53f717e/de01f382-06e2-4626-8851-3bea6912b79a/en.json
104.18.170.114200 OK 14 kB URL GET HTTP/2 cdn.cookielaw.org/consent/91181fd5-0816-4a3d-8427-63a8d53f717e/de01f382-06e2-4626-8851-3bea6912b79a/en.json
IP 104.18.170.114:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectcookielaw.org
Fingerprint72:BB:48:60:EB:F2:A2:EB:51:29:51:1A:B9:2A:85:30:97:3D:9A:2E
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type JSON data\012- HTML document, Unicode text, UTF-8 text, with very long lines (54899), with no line terminators
Hash 4ff4463885f66422310b792302359613
6b87642ba095c5d679d7b66e9ab531b8c766a913
87ff564d9a6be10dcb80b129ae02a7c5f711d1d5146792c5cf55be3b6edba36a
GET /consent/91181fd5-0816-4a3d-8427-63a8d53f717e/de01f382-06e2-4626-8851-3bea6912b79a/en.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.buydomains.com/
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: application/x-javascript
content-length: 13709
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: QgmDQFYyGX8iRhRPgR86sg==
last-modified: Thu, 23 Feb 2023 16:34:17 GMT
etag: 0x8DB15BBCE848896
x-ms-request-id: 71c106db-d01e-0150-02e1-5a81bb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 10720
expires: Tue, 30 May 2023 15:46:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cefdf357fbc0b31-OSL
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/202301.2.0/assets/v2/otPcCenter.json
104.18.170.114200 OK 12 kB URL GET HTTP/2 cdn.cookielaw.org/scripttemplates/202301.2.0/assets/v2/otPcCenter.json
IP 104.18.170.114:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectcookielaw.org
Fingerprint72:BB:48:60:EB:F2:A2:EB:51:29:51:1A:B9:2A:85:30:97:3D:9A:2E
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (50432)
Hash 41e74cbe9aef15a5ce1a704d0d4be82e
019edb948b551fe3458bce3c78d1bfde388ff02d
70fd7f6ced21739e10103744c72acdfc8e8422502d74d4fad2ddfab3aed0bbc5
GET /scripttemplates/202301.2.0/assets/v2/otPcCenter.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.buydomains.com/
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: application/json
content-length: 12548
content-encoding: gzip
content-md5: Z9ctTlIOTjmEMU/y5+FSYA==
last-modified: Fri, 17 Feb 2023 03:39:06 GMT
etag: 0x8DB10988547EC3F
x-ms-request-id: c029026c-f01e-012a-11e1-5aebf6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 13577
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cefdf35d82e0b31-OSL
X-Firefox-Spdy: h2
www.buydomains.com/get-user-country-info/
104.18.24.148200 OK 2.7 kB URL GET HTTP/2 www.buydomains.com/get-user-country-info/
IP 104.18.24.148:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint40:6A:AE:37:C4:FC:0B:1B:93:F4:04:6A:12:FA:50:22:25:34:3D:D1
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (7753)
Hash 34af782672dbe381dd47f1d1701d70b7
7c1417557608a379faf35f57b7727203074f429e
04fb1f1e24d4d7eefd9f087c3eac4622372c3a2f4737dd7ecd2c0ba8613b31ed
GET /get-user-country-info/ HTTP/1.1
Host: www.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Cookie: PHPSESSID=uoftl3qtbh3fmkibtmpoenqag5; USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.6.8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-php-backend: www-05.prod
x-node: www-05.prod
set-cookie: USER_COUNTRY=%22Norway%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
USER_COUNTRY_CODE_DEFAULT=%22NO%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_source=%22grammarhelp.net%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_medium=%22direct-visit%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_campaign=%22tdfs-AprTest%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
traffic_id=%22AprTest%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
traffic_type=%22tdfs%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_medium=%22direct-visit%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cefdf30b812b4f7-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
www.google.com/recaptcha/api2/bframe?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
142.250.74.164200 OK 1.2 kB URL GET HTTP/3 www.google.com/recaptcha/api2/bframe?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
IP 142.250.74.164:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:BA:19:A5:81:25:05:32:72:13:A7:18:CF:67:8C:D6:6F:13:B3:EF
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 64ab489f109631b596c2abae7d3c03ec
81b365f7abd13b2b5fd7ea108d97da6a6d58def2
6d0f04a2aa64c079f744d69296673d2a50f0f736477f8fdf0ab8b148a1e80712
GET /recaptcha/api2/bframe?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 29 May 2023 15:46:44 GMT
content-security-policy: script-src 'nonce-DzcPhyfH4nlKe64TII6Jew' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1152
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cdn.cookielaw.org/logos/03213524-9e9e-4852-a3ab-334c10e24fe4/1cbd33c8-a3c1-488f-b58c-8a0a38faeda7/a64f68f9-7a52-48cb-9424-923690abcd3e/BlankImg.png
104.18.170.114200 OK 5.9 kB URL GET HTTP/2 cdn.cookielaw.org/logos/03213524-9e9e-4852-a3ab-334c10e24fe4/1cbd33c8-a3c1-488f-b58c-8a0a38faeda7/a64f68f9-7a52-48cb-9424-923690abcd3e/BlankImg.png
IP 104.18.170.114:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectcookielaw.org
Fingerprint72:BB:48:60:EB:F2:A2:EB:51:29:51:1A:B9:2A:85:30:97:3D:9A:2E
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type PNG image data, 1584 x 852, 8-bit/color RGB, non-interlaced\012- data
Hash 7749aaee1067641a080f23746971b883
506970c6b288fce7938f87f1b86f7713573f59cc
a0568c212589eee21854915e822a170263745d127b9775fb29fa109a1e73be15
GET /logos/03213524-9e9e-4852-a3ab-334c10e24fe4/1cbd33c8-a3c1-488f-b58c-8a0a38faeda7/a64f68f9-7a52-48cb-9424-923690abcd3e/BlankImg.png HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: image/png
content-length: 5882
content-md5: d0mq7hBnZBoIDyN0aXG4gw==
last-modified: Thu, 28 Oct 2021 15:55:19 GMT
etag: 0x8D99A2B577FBFDA
x-ms-request-id: 802fa2c8-f01e-016e-63e1-5a379a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 19833
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cefdf364b1eb527-OSL
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css
216.58.211.3200 OK 25 kB URL GET HTTP/3 www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css
IP 216.58.211.3:443
Requested by https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C&co=aHR0cHM6Ly93d3cuYnV5ZG9tYWlucy5jb206NDQz&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&badge=inline&cb=y1ev1ag2a120
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type ASCII text, with very long lines (56403), with no line terminators
Hash 83f90c5a4c20afb44429fa346fbadc10
7c278ec721d3880fbafaadeba9ee80bdf294b014
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
GET /recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24605
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 May 2023 23:55:34 GMT
expires: Tue, 21 May 2024 23:55:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 May 2023 20:58:33 GMT
content-type: text/css
vary: Accept-Encoding
age: 575470
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.buydomains.com/version.html
104.18.24.148200 OK 167 kB URL GET HTTP/2 www.buydomains.com/version.html
IP 104.18.24.148:443
Requested by https://www.buydomains.com/browser/js/worker/workerJS.min.js
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint40:6A:AE:37:C4:FC:0B:1B:93:F4:04:6A:12:FA:50:22:25:34:3D:D1
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (660)
Size 167 kB (166560 bytes)
Hash fc57bac02b2df74de604d81dd2bdbd0a
92e088b194e7110229e742a38d5a32670a2bd48e
48c290d16deb0a07470070f90f7b05e6ef922c1361aa03a31d745bdc939fb7ac
GET /version.html HTTP/1.1
Host: www.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/browser/js/worker/workerJS.min.js
Cookie: PHPSESSID=uoftl3qtbh3fmkibtmpoenqag5; USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=; tracking_params_allowed=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: text/html; charset=UTF-8
last-modified: Tue, 23 May 2023 17:04:43 GMT
x-node: www-06.prod
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cefdf34cf51b4f7-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
www.google.com/recaptcha/api2/reload?k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
142.250.74.164200 OK 25 kB URL POST HTTP/3 www.google.com/recaptcha/api2/reload?k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
IP 142.250.74.164:443
Requested by https://www.google.com/recaptcha/api2/bframe?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:BA:19:A5:81:25:05:32:72:13:A7:18:CF:67:8C:D6:6F:13:B3:EF
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File type ASCII text, with very long lines (41686)
Hash 8d2d31694208ede2fe6ee585f4014a45
9e077e08135c60b62b6a34c246fdc79839e82387
7ea1b858daee8a3973ee5840b686fc2e16e12c2672cd9114df1e4f03b87d0202
POST /recaptcha/api2/reload?k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-protobuffer
Content-Length: 7086
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
date: Mon, 29 May 2023 15:46:45 GMT
expires: Mon, 29 May 2023 15:46:45 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 25241
server: GSE
set-cookie: _GRECAPTCHA=09ALyjir8vZU5ro8mTi7U_XS_qfo9dO8IUtldX33PytVwqVE8HBDWEKq9oM-WwOHffYKsBVOLs5RbVxtTDL5YnM3g;Path=/recaptcha;Expires=Sat, 25-Nov-2023 15:46:45 GMT;Secure;HttpOnly;Priority=HIGH;SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
216.58.211.3200 OK 15 kB URL GET HTTP/3 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 216.58.211.3:443
Requested by https://www.google.com/recaptcha/api2/bframe?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 15340, version 1.0\012- data
Hash 19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 24 May 2023 00:16:43 GMT
expires: Thu, 23 May 2024 00:16:43 GMT
cache-control: public, max-age=31536000
age: 487802
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.211.3200 OK 16 kB URL GET HTTP/3 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.211.3:443
Requested by https://www.google.com/recaptcha/api2/bframe?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 21:40:21 GMT
expires: Wed, 22 May 2024 21:40:21 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 497184
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.google.com/recaptcha/api2/payload?p=06AL8dmw-RtewLBpFywV2Ulyu7frC_jvUCvbTutcva-reVQt4ykKP4R7OdLrR4WQU4Ko24xZxNv8vJC2hSlrskc24HM_UZNJGh82cwjCsvFGOdcLLAhayPU_eyPi2hpisp1AIpaFNd1HDFipL7NJTBghC9HtROYSfa4W43VzFwJT6HBp1SoNHPSNwiprT_-DDo2C9nvf4dF-w7&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
142.250.74.164200 OK 35 kB URL GET HTTP/3 www.google.com/recaptcha/api2/payload?p=06AL8dmw-RtewLBpFywV2Ulyu7frC_jvUCvbTutcva-reVQt4ykKP4R7OdLrR4WQU4Ko24xZxNv8vJC2hSlrskc24HM_UZNJGh82cwjCsvFGOdcLLAhayPU_eyPi2hpisp1AIpaFNd1HDFipL7NJTBghC9HtROYSfa4W43VzFwJT6HBp1SoNHPSNwiprT_-DDo2C9nvf4dF-w7&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
IP 142.250.74.164:443
Requested by https://www.google.com/recaptcha/api2/bframe?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:BA:19:A5:81:25:05:32:72:13:A7:18:CF:67:8C:D6:6F:13:B3:EF
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3\012- data
Hash 15c25b48b3cd20870de65c9dcd9b504d
5caa5f232327684dd60b393953801a9a1a0c19ca
fc9b678507a2268e2f61b6099035606b606bac2063dda5e82d9ce663d1511c27
GET /recaptcha/api2/payload?p=06AL8dmw-RtewLBpFywV2Ulyu7frC_jvUCvbTutcva-reVQt4ykKP4R7OdLrR4WQU4Ko24xZxNv8vJC2hSlrskc24HM_UZNJGh82cwjCsvFGOdcLLAhayPU_eyPi2hpisp1AIpaFNd1HDFipL7NJTBghC9HtROYSfa4W43VzFwJT6HBp1SoNHPSNwiprT_-DDo2C9nvf4dF-w7&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
Cookie: _GRECAPTCHA=09ALyjir8vZU5ro8mTi7U_XS_qfo9dO8IUtldX33PytVwqVE8HBDWEKq9oM-WwOHffYKsBVOLs5RbVxtTDL5YnM3g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
expires: Mon, 29 May 2023 15:46:45 GMT
date: Mon, 29 May 2023 15:46:45 GMT
cache-control: private, max-age=30
content-type: image/jpeg
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 35112
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.gstatic.com/recaptcha/api2/refresh_2x.png
216.58.211.3200 OK 600 B URL GET HTTP/3 www.gstatic.com/recaptcha/api2/refresh_2x.png
IP 216.58.211.3:443
Requested by https://www.google.com/recaptcha/api2/bframe?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 0f2a4639b8a4cb30c76e8333c00d30a6
57e273a270bb864970d747c74b3f0a7c8e515b13
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
GET /recaptcha/api2/refresh_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 24 May 2023 20:49:22 GMT
expires: Wed, 31 May 2023 20:49:22 GMT
cache-control: public, max-age=604800
age: 413843
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.gstatic.com/recaptcha/api2/info_2x.png
216.58.211.3200 OK 665 B URL GET HTTP/3 www.gstatic.com/recaptcha/api2/info_2x.png
IP 216.58.211.3:443
Requested by https://www.google.com/recaptcha/api2/bframe?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 May 2023 00:56:35 GMT
expires: Thu, 01 Jun 2023 00:56:35 GMT
cache-control: public, max-age=604800
age: 399010
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.gstatic.com/recaptcha/api2/audio_2x.png
216.58.211.3200 OK 530 B URL GET HTTP/3 www.gstatic.com/recaptcha/api2/audio_2x.png
IP 216.58.211.3:443
Requested by https://www.google.com/recaptcha/api2/bframe?hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcqAIkUAAAAAHjOK9ZepI7IU55yYRmOEigfrp6C
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 88e0f42c9fa4f94aa8bcd54d1685c180
5ad9d47a49b82718baa3be88550a0b3350270c42
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
GET /recaptcha/api2/audio_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 530
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 16:14:42 GMT
expires: Tue, 30 May 2023 16:14:42 GMT
cache-control: public, max-age=604800
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
age: 516723
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
wsv3cdn.audioeye.com/v2/frame/cookieStorage.html?build=prod/m&pscb=&cb=de1cf08
172.64.151.222200 OK 1.1 kB URL GET HTTP/2 wsv3cdn.audioeye.com/v2/frame/cookieStorage.html?build=prod/m&pscb=&cb=de1cf08
IP 172.64.151.222:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintEE:8B:07:1F:A3:E3:C1:17:AC:CF:C5:DE:FD:E0:83:D9:2E:B0:89:8A
ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1073)
Hash 42ca058976f763d460c29f1c3b1025bf
0beb0f32658aa443b7afdf9c9cf9e9e4e3ea5ea9
fdd357508c4cd326fd421f0893d124d018d55acb5dbb457d7eca24fecfbe4c8c
GET /v2/frame/cookieStorage.html?build=prod/m&pscb=&cb=de1cf08 HTTP/1.1
Host: wsv3cdn.audioeye.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:45 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=365000000, immutable
last-modified: Fri, 05 May 2023 20:04:42 GMT
cf-cache-status: HIT
age: 2058097
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf3a3b71b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.cookielaw.org/logos/static/ot_guard_logo.svg
104.18.170.114200 OK 341 B URL GET HTTP/2 cdn.cookielaw.org/logos/static/ot_guard_logo.svg
IP 104.18.170.114:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectcookielaw.org
Fingerprint72:BB:48:60:EB:F2:A2:EB:51:29:51:1A:B9:2A:85:30:97:3D:9A:2E
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (497), with no line terminators
Hash b57c99c9d1e3c50b2114c6db053d7ff0
ada8abfed92ba8a545bbd9d299d74d5972cc4ae8
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
GET /logos/static/ot_guard_logo.svg HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.buydomains.com/
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: image/svg+xml
content-md5: tXyZydHjxQshFMbbBT1/8A==
last-modified: Thu, 25 May 2023 19:30:07 GMT
x-ms-request-id: 2cce792a-301e-00ff-22a2-8fe57e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 10720
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cefdf3658d40b31-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2
216.58.211.3200 OK 14 kB URL GET HTTP/3 fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2
IP 216.58.211.3:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 13976, version 1.0\012- data
Hash e7e52c955aa33e618baf437a16539524
13ecb55bb760d6980a1b1331085630ef5ed84e9f
07c94892c3e0ac93d2bcb3a9cb88aa67ea47b3d1aa89bc39dfcc2b025dcd8988
GET /s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 27 May 2023 07:46:30 GMT
expires: Sun, 26 May 2024 07:46:30 GMT
cache-control: public, max-age=31536000
age: 201618
last-modified: Wed, 26 Jan 2022 19:14:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
wsv3cdn.audioeye.com/v2/build/compliance.bundle.de1cf08.js
172.64.151.222200 OK 45 kB URL GET HTTP/2 wsv3cdn.audioeye.com/v2/build/compliance.bundle.de1cf08.js
IP 172.64.151.222:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintEE:8B:07:1F:A3:E3:C1:17:AC:CF:C5:DE:FD:E0:83:D9:2E:B0:89:8A
ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65451)
Hash 0b5446b036ad83c66660ea7a18d5af94
36195bb893e90c54caecb8e3a03d7bdd37159b97
40c478cabd03f86e0b414cdf1fdc7f683d7f7982650b73947e86120d2ab9438e
GET /v2/build/compliance.bundle.de1cf08.js HTTP/1.1
Host: wsv3cdn.audioeye.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:48 GMT
content-type: application/javascript
last-modified: Fri, 26 May 2023 22:12:03 GMT
etag: W/"64712eb3-25c35"
access-control-allow-origin: *
cf-cache-status: HIT
age: 5936
expires: Tue, 28 May 2024 15:46:48 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf4cfec6b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.buydomains.com/cdn-cgi/challenge-platform/h/b/cv/result/7cefdf25acf1b4f7
104.18.24.148200 OK 499 B URL POST HTTP/2 www.buydomains.com/cdn-cgi/challenge-platform/h/b/cv/result/7cefdf25acf1b4f7
IP 104.18.24.148:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint40:6A:AE:37:C4:FC:0B:1B:93:F4:04:6A:12:FA:50:22:25:34:3D:D1
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Hash 7f253b36821c0536ce9411ca411936d0
8f637ee6c72d350066883aeb66f48e733c40feb2
ef50c03434b682252aabf6fafe947e02f9f67d57c724f6a6d66435ff7792852e
POST /cdn-cgi/challenge-platform/h/b/cv/result/7cefdf25acf1b4f7 HTTP/1.1
Host: www.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12561
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Cookie: PHPSESSID=uoftl3qtbh3fmkibtmpoenqag5; USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=; tracking_params_allowed=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:49 GMT
content-type: text/plain; charset=UTF-8
set-cookie: __cf_bm=q1yB5NvRhbfLIyqXzbSGwu.amDmfYsAOETifYrr9oCA-1685375209-0-ATeErx9B9l79PK4d/cDywR9lvPYLdxn5STEoKCB6MIlfuw0zN7ThxPTgedSmSDqTNTjnyXp0FoEjI+aBtDPssGaMEdfrnUiLZvolPEM5+wbnsYg/E75SlBEuKG0ZdNVA0PlWpH8NntKKafLjmyncP/0=; path=/; expires=Mon, 29-May-23 16:16:49 GMT; domain=.buydomains.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cefdf34af23b4f7-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
play.google.com/log?format=json&hasfast=true&authuser=0
142.250.74.14200 OK 0 B URL POST HTTP/2 play.google.com/log?format=json&hasfast=true&authuser=0
IP 142.250.74.14:443
Requested by https://accounts.google.com/gsi/button?theme=filled_blue&size=medium&ux_mode=redirect&auto_select=true&width=186&height=35&redirect_uri=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fgrammarhelp.net%3Fdomain%3Dgrammarhelp.net%26utm_source%3Dgrammarhelp.net%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&client_id=493010564269-4qns5belsuphdbuurpmae7pknmirdktg.apps.googleusercontent.com&iframe_id=gsi_203426_118249&as=2%2FPjIxs3Gbrgo6No3MZyhQ
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:BA:19:A5:81:25:05:32:72:13:A7:18:CF:67:8C:D6:6F:13:B3:EF
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://accounts.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: https://accounts.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Mon, 29 May 2023 15:46:54 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+126; expires=Wed, 28-May-2025 15:46:54 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 29 May 2023 15:46:54 GMT
cache-control: private
X-Firefox-Spdy: h2
www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
104.18.24.148200 OK 407 kB URL User Request GET HTTP/2 www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
IP 104.18.24.148:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint40:6A:AE:37:C4:FC:0B:1B:93:F4:04:6A:12:FA:50:22:25:34:3D:D1
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Size 407 kB (407244 bytes)
Hash 1443db21ad1f8212b5d4ee874dc03381
6f2cc02f9589eaf9ce80283c1e1a7e69bb01bc72
50f02b1991d2e5b2b5bda08ac11628f1b52b1272a71a115ea59d18cc32370040
GET /lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect HTTP/1.1
Host: www.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:42 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.6.8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-php-backend: www-02.prod
x-node: www-02.prod
cf-cache-status: DYNAMIC
set-cookie: PHPSESSID=uoftl3qtbh3fmkibtmpoenqag5; path=/; HttpOnly
USER_COUNTRY=%22Norway%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
USER_COUNTRY_CODE_DEFAULT=%22NO%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
TOLLFREE_PHONE=%22866-277-3420%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
WW_PHONE=%22%2B1-339-222-5135%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
TOLLFREE_PHONE=%22%28855%29+687-0658%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
WW_PHONE=%22%28781%29+373-6820%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_source=%22grammarhelp.net%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_medium=%22click%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_campaign=%22tdfs-AprTest%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
traffic_id=%22AprTest%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
traffic_type=%22tdfs%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_medium=%22direct-visit%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
visitor=6474c8e27977f; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
visitorType=new; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
__cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=; path=/; expires=Mon, 29-May-23 16:16:42 GMT; domain=.buydomains.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7cefdf25acf1b4f7-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-72-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml
35.244.181.201 445 B URL aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-72-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml
IP 35.244.181.201:0
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (332)
Hash d39546249a86d29697ea6b389afd84f2
244ce5f2d9a3e80da843e527f35cae0b9d9e20be
ba339c9812783530a739e05b9bc0ec254d9c22eb13779e8e5be5860a192f8c80
GET /update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-72-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: 17805
rule-data-version: 1
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2023-06-30-14-14-56.chain; p384ecdsa=hBfdRCoM5kAOHtFa4EGtyxqlX3JpBLL8ZCTLbL3Yzc3yxu4X1BO3X7eCIXh92u_-SMCuyrbKHds3BuWjPq2Yjlm0Ig2xWbDfOPQiFhGD_4-efmXbvgLHxZSHtPsO3IDN
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Mon, 29 May 2023 15:36:56 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 445
age: 604
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
62.115.252.113 512 kB URL ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP 62.115.252.113:0
ASN #1299 Telia Company AB
File type Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size 512 kB (511815 bytes)
Hash 152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48
Analyzer Verdict Alert VirusTotal 0/60
GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Last-Modified: Wed, 24 May 2023 20:52:50 GMT
ETag: 152eda253e242e18443ef3282495bc7c
Content-Length: 511815
Accept-Ranges: bytes
X-Timestamp: 1684961569.84930
Content-Type: application/zip
X-Trans-Id: txa73051eac09b464dbbbc2-00646fbb00dfw1
Cache-Control: public, max-age=161196
Expires: Wed, 31 May 2023 12:33:37 GMT
Date: Mon, 29 May 2023 15:47:01 GMT
Connection: keep-alive
wsv3cdn.audioeye.com/v2/build/3772.bundle.de1cf08.js
172.64.151.222200 OK 480 B URL GET HTTP/2 wsv3cdn.audioeye.com/v2/build/3772.bundle.de1cf08.js
IP 172.64.151.222:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintEE:8B:07:1F:A3:E3:C1:17:AC:CF:C5:DE:FD:E0:83:D9:2E:B0:89:8A
ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with very long lines (522), with no line terminators
Hash 77d77972457cc321dcffb36a7a825c19
86e192fce522b43b843bc8d2a471b8fd033616a5
758b9b328bf659b388a4acc07bb017434b86b0c1c40c78cc9de27762187b060a
GET /v2/build/3772.bundle.de1cf08.js HTTP/1.1
Host: wsv3cdn.audioeye.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:45 GMT
content-type: application/javascript
last-modified: Fri, 26 May 2023 22:12:05 GMT
etag: W/"64712eb5-1e0"
access-control-allow-origin: *
cf-cache-status: HIT
age: 6743
expires: Tue, 28 May 2024 15:46:45 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf3a4b83b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-NL5LTF
142.250.74.168200 OK 266 kB URL GET HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-NL5LTF
IP 142.250.74.168:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File type ASCII text, with very long lines (16731)
Size 266 kB (266297 bytes)
Hash 7074ba933287a0bb0dbbba5f82786a9a
eaf96ed983e20eb16454a73e93d3444e9df0beef
d15157a069765320e55a0b6b02c91cff05ef5122fbe01c5c98c04730b7258390
GET /gtm.js?id=GTM-NL5LTF HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 29 May 2023 15:46:43 GMT
expires: Mon, 29 May 2023 15:46:43 GMT
cache-control: private, max-age=900
last-modified: Mon, 29 May 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90618
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
wsv3cdn.audioeye.com/v2/build/jquery.bundle.de1cf08.js
172.64.151.222200 OK 98 kB URL GET HTTP/2 wsv3cdn.audioeye.com/v2/build/jquery.bundle.de1cf08.js
IP 172.64.151.222:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintEE:8B:07:1F:A3:E3:C1:17:AC:CF:C5:DE:FD:E0:83:D9:2E:B0:89:8A
ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2/build/jquery.bundle.de1cf08.js HTTP/1.1
Host: wsv3cdn.audioeye.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:45 GMT
content-type: application/javascript
last-modified: Fri, 26 May 2023 22:12:06 GMT
etag: W/"64712eb6-17d8a"
access-control-allow-origin: *
cf-cache-status: HIT
age: 6590
expires: Tue, 28 May 2024 15:46:45 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf38790db515-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.buydomains.com/cdn-cgi/challenge-platform/scripts/invisible.js
104.18.24.148302 Found 27 kB URL GET HTTP/2 www.buydomains.com/cdn-cgi/challenge-platform/scripts/invisible.js
IP 104.18.24.148:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint40:6A:AE:37:C4:FC:0B:1B:93:F4:04:6A:12:FA:50:22:25:34:3D:D1
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn-cgi/challenge-platform/scripts/invisible.js HTTP/1.1
Host: www.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=uoftl3qtbh3fmkibtmpoenqag5; USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Mon, 29 May 2023 15:46:43 GMT
content-encoding: gzip
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/938e2b5c/invisible.js
vary: accept-encoding
cache-control: max-age=300, public
server: cloudflare
cf-ray: 7cefdf30b820b4f7-OSL
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300italic,400,300,600,700&display=swap
142.250.74.106200 OK 15 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300italic,400,300,600,700&display=swap
IP 142.250.74.106:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:AC:74:E6:97:66:CD:D0:F1:EA:0D:01:37:89:65:2E:98:22:84:6C
ValidityMon, 08 May 2023 08:24:50 GMT - Mon, 31 Jul 2023 08:24:49 GMT
Hash b96199015eb41839a6da8a1575ae0e9f
30ae49f53833565d0d54013f9fbb88afb93099dc
a1ca1f41ae3825853af12338d1d22e38651f1d05a196f9a09e145449d13bb8ff
GET /css?family=Open+Sans:300italic,400,300,600,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 29 May 2023 15:46:43 GMT
date: Mon, 29 May 2023 15:46:43 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/gsi/button?theme=filled_blue&size=medium&ux_mode=redirect&auto_select=true&width=186&height=35&redirect_uri=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fgrammarhelp.net%3Fdomain%3Dgrammarhelp.net%26utm_source%3Dgrammarhelp.net%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&client_id=493010564269-4qns5belsuphdbuurpmae7pknmirdktg.apps.googleusercontent.com&iframe_id=gsi_203426_118249&as=2%2FPjIxs3Gbrgo6No3MZyhQ
216.58.207.237200 OK 108 kB URL GET HTTP/3 accounts.google.com/gsi/button?theme=filled_blue&size=medium&ux_mode=redirect&auto_select=true&width=186&height=35&redirect_uri=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fgrammarhelp.net%3Fdomain%3Dgrammarhelp.net%26utm_source%3Dgrammarhelp.net%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&client_id=493010564269-4qns5belsuphdbuurpmae7pknmirdktg.apps.googleusercontent.com&iframe_id=gsi_203426_118249&as=2%2FPjIxs3Gbrgo6No3MZyhQ
IP 216.58.207.237:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:BA:19:A5:81:25:05:32:72:13:A7:18:CF:67:8C:D6:6F:13:B3:EF
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7754)
Size 108 kB (107627 bytes)
Hash 7285f15e7077d09025eeab0e3facd018
bdc69469f0073ad28f3b4a259457728ab75682d1
a40f8fdb42edbd7832c77e5e10c108b9ac890db31768c86c0bd93434d48538e7
GET /gsi/button?theme=filled_blue&size=medium&ux_mode=redirect&auto_select=true&width=186&height=35&redirect_uri=https%3A%2F%2Fwww.buydomains.com%2Flander%2Fgrammarhelp.net%3Fdomain%3Dgrammarhelp.net%26utm_source%3Dgrammarhelp.net%26utm_medium%3Dclick%26utm_campaign%3Dtdfs-AprTest%26traffic_id%3DAprTest%26traffic_type%3Dtdfs%26redirect%3Dono-redirect&client_id=493010564269-4qns5belsuphdbuurpmae7pknmirdktg.apps.googleusercontent.com&iframe_id=gsi_203426_118249&as=2%2FPjIxs3Gbrgo6No3MZyhQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 29 May 2023 15:46:43 GMT
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-security-policy: script-src 'nonce-RY_57EumunPghVKgjIz5zg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
analytics.audioeye.com/air/v0/send
34.213.168.31200 OK 0 B URL POST HTTP/2 analytics.audioeye.com/air/v0/send
IP 34.213.168.31:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerAmazon
Subjectreport-prod.audioeye.com
Fingerprint9F:82:18:0B:5E:60:CF:4C:82:20:29:CF:EC:BB:B2:2D:FE:E7:A9:65
ValidityMon, 17 Oct 2022 00:00:00 GMT - Wed, 15 Nov 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /air/v0/send HTTP/1.1
Host: analytics.audioeye.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 397
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:46 GMT
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
wsv3cdn.audioeye.com/v2/build/874.bundle.de1cf08.js
172.64.151.222200 OK 193 B URL GET HTTP/2 wsv3cdn.audioeye.com/v2/build/874.bundle.de1cf08.js
IP 172.64.151.222:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintEE:8B:07:1F:A3:E3:C1:17:AC:CF:C5:DE:FD:E0:83:D9:2E:B0:89:8A
ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash aec9cc058b42d8eba2f8448d937a0bd4
0d93fb7caa5e55742aedb8f0aaa1cc04d72a4bbd
716d1649f39cbd3dea0ebbff07036b4f6f59d6f2ab71f3ee1e91f54724e73f74
GET /v2/build/874.bundle.de1cf08.js HTTP/1.1
Host: wsv3cdn.audioeye.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:45 GMT
content-type: application/javascript
last-modified: Fri, 26 May 2023 22:12:05 GMT
etag: W/"64712eb5-c1"
access-control-allow-origin: *
cf-cache-status: HIT
age: 102
expires: Tue, 28 May 2024 15:46:45 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf3a4b8cb515-OSL
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/gsi/client
216.58.207.237200 OK 194 kB URL GET HTTP/2 accounts.google.com/gsi/client
IP 216.58.207.237:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint6C:C9:34:01:32:00:11:F3:7A:E2:AA:FC:7C:E3:13:17:3D:17:71:8A
ValidityMon, 08 May 2023 08:25:19 GMT - Mon, 31 Jul 2023 08:25:18 GMT
File type ASCII text, with very long lines (3001)
Size 194 kB (193593 bytes)
Hash f77e70169d565bbd6625796a3c266dde
92ffc42400a5fcfad346555c97ae933474310f7a
faaaef692d4282ab086ddf122cd859660a1bfe7b81cbfa3565365cf7cd23ba21
GET /gsi/client HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
expires: Mon, 29 May 2023 15:46:43 GMT
date: Mon, 29 May 2023 15:46:43 GMT
cache-control: private, max-age=1800
content-security-policy: script-src 'nonce-6X8wBEFwLJ5jtj9rMeMS4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/202301.2.0/assets/otCenterRounded.json
104.18.170.114200 OK 9.7 kB URL GET HTTP/2 cdn.cookielaw.org/scripttemplates/202301.2.0/assets/otCenterRounded.json
IP 104.18.170.114:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectcookielaw.org
Fingerprint72:BB:48:60:EB:F2:A2:EB:51:29:51:1A:B9:2A:85:30:97:3D:9A:2E
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (9730), with no line terminators
Hash 10874d7d6ab37096a5af67ab1842c6f6
12449ee86186d4cd75bee931c2252467b4e4c878
94c65800d947156afed4dfba528892ccbfd9b2587d7bfd2c071a0ca673d42a8e
GET /scripttemplates/202301.2.0/assets/otCenterRounded.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.buydomains.com/
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: application/json
content-length: 2639
content-encoding: gzip
content-md5: 3j6krUd8tta5DgtKf9NJpg==
last-modified: Fri, 17 Feb 2023 03:39:04 GMT
etag: 0x8DB1098846D14B4
x-ms-request-id: dd32f8e4-b01e-006d-67e1-5a72c8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 13577
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cefdf35d82c0b31-OSL
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/202301.2.0/assets/otCommonStyles.css
104.18.170.114200 OK 22 kB URL GET HTTP/2 cdn.cookielaw.org/scripttemplates/202301.2.0/assets/otCommonStyles.css
IP 104.18.170.114:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectcookielaw.org
Fingerprint72:BB:48:60:EB:F2:A2:EB:51:29:51:1A:B9:2A:85:30:97:3D:9A:2E
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (11231)
Hash 5dcc6595e01c3c63b69f991366b1c7d9
5ccdd7e36f0f99fdb215ca9fae7ef1a41ced8a90
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
GET /scripttemplates/202301.2.0/assets/otCommonStyles.css HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.buydomains.com/
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: text/css
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
last-modified: Fri, 17 Feb 2023 03:39:15 GMT
x-ms-request-id: 71c104cb-d01e-0150-34e1-5a81bb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 13577
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cefdf35d8320b31-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
wsv3cdn.audioeye.com/v2/build/startup.bundle.de1cf08.js
172.64.151.222200 OK 439 kB URL GET HTTP/2 wsv3cdn.audioeye.com/v2/build/startup.bundle.de1cf08.js
IP 172.64.151.222:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintEE:8B:07:1F:A3:E3:C1:17:AC:CF:C5:DE:FD:E0:83:D9:2E:B0:89:8A
ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT
Size 439 kB (438643 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2/build/startup.bundle.de1cf08.js HTTP/1.1
Host: wsv3cdn.audioeye.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:45 GMT
content-type: application/javascript
last-modified: Fri, 26 May 2023 22:12:03 GMT
etag: W/"64712eb3-6b173"
access-control-allow-origin: *
cf-cache-status: HIT
age: 5452
expires: Tue, 28 May 2024 15:46:45 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf38790fb515-OSL
content-encoding: br
X-Firefox-Spdy: h2
wsv3cdn.audioeye.com/bootstrap.js?h=14c6de8f682ef4a27da4f9a05784a723
172.64.151.222200 OK 45 kB URL GET HTTP/2 wsv3cdn.audioeye.com/bootstrap.js?h=14c6de8f682ef4a27da4f9a05784a723
IP 172.64.151.222:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintEE:8B:07:1F:A3:E3:C1:17:AC:CF:C5:DE:FD:E0:83:D9:2E:B0:89:8A
ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bootstrap.js?h=14c6de8f682ef4a27da4f9a05784a723 HTTP/1.1
Host: wsv3cdn.audioeye.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: application/javascript; charset=UTF-8
etag: W/"a33904c2041f087033ef59dd5f613f1e"
cache-control: max-age=120
cache-tags: 14c6de8f682ef4a27da4f9a05784a723
surrogate-keys: 14c6de8f682ef4a27da4f9a05784a723
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf35bd19b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/gsi/style
216.58.207.237200 OK 530 B URL GET HTTP/3 accounts.google.com/gsi/style
IP 216.58.207.237:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:BA:19:A5:81:25:05:32:72:13:A7:18:CF:67:8C:D6:6F:13:B3:EF
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File type ASCII text, with very long lines (530), with no line terminators
Hash 6ce3c682ce6b9e0b88670395a63345c8
8cbfc0856a52320e3567792dfe2487748ac07458
524f1ea2ac242c6fae3c1cc52c7ae7d05a8a7db466fe3c7b46e8efcfc2d95e53
GET /gsi/style HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css; charset=utf-8
expires: Mon, 29 May 2023 15:46:43 GMT
date: Mon, 29 May 2023 15:46:43 GMT
cache-control: private, max-age=86400
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-4WAQpnc5YAywCK4CQvnZqg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cdn.cookielaw.org/logos/static/powered_by_logo.svg
104.18.170.114200 OK 5.2 kB URL GET HTTP/2 cdn.cookielaw.org/logos/static/powered_by_logo.svg
IP 104.18.170.114:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectcookielaw.org
Fingerprint72:BB:48:60:EB:F2:A2:EB:51:29:51:1A:B9:2A:85:30:97:3D:9A:2E
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (5220), with no line terminators
Hash 38b5388f36f8f885deb26afdac0e3116
112eccab1891a3a7cab1c5602ba72c9e127136e0
a8562f11c5a80a5c1c4ab388cfa2a69598203a57a5c67d1f80512bddd80d09ef
GET /logos/static/powered_by_logo.svg HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: image/svg+xml
content-md5: Y+c301RBZNK39PvKQWrIBw==
last-modified: Thu, 25 May 2023 19:30:08 GMT
x-ms-request-id: b3111f2c-101e-00a7-014e-8fe105000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 83720
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cefdf364b1fb527-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
wsv3cdn.audioeye.com/v2/scripts/loader.js?h=14c6de8f682ef4a27da4f9a05784a723&lang=en&cb=de1cf08
172.64.151.222200 OK 69 kB URL GET HTTP/2 wsv3cdn.audioeye.com/v2/scripts/loader.js?h=14c6de8f682ef4a27da4f9a05784a723&lang=en&cb=de1cf08
IP 172.64.151.222:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintEE:8B:07:1F:A3:E3:C1:17:AC:CF:C5:DE:FD:E0:83:D9:2E:B0:89:8A
ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT
File type ASCII text, with very long lines (46288)
Hash 49d584d0345aa9290127b10a7de06018
51cf1427f8b858c18dbe12b19f899b915cd9bbee
5045ea7a413e0795ba6fed2f5d800e24b0cafaba87a5edfad6b1131546da6806
GET /v2/scripts/loader.js?h=14c6de8f682ef4a27da4f9a05784a723&lang=en&cb=de1cf08 HTTP/1.1
Host: wsv3cdn.audioeye.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:45 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60, s-maxage=7200, max-stale=86400, stale-while-revalidate=86400, public
surrogate-key: prod 14c6de8f682ef4a27da4f9a05784a723 de1cf08
last-modified: Mon, 29 May 2023 13:26:12 GMT
cf-cache-status: HIT
age: 2317
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf38ab141c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.buydomains.com/browser/html/offendingChars.html
104.18.24.148200 OK 131 B URL GET HTTP/2 www.buydomains.com/browser/html/offendingChars.html
IP 104.18.24.148:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint40:6A:AE:37:C4:FC:0B:1B:93:F4:04:6A:12:FA:50:22:25:34:3D:D1
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 89af248e1f61b1eeeadc9dc659d9afdc
81b095492a715870e756229a258f47211a984a86
a2dd2c5c94cc814dcbdc55f0dc8c1f3e6e160c5aa0fdb9f4225648976f690ca0
GET /browser/html/offendingChars.html HTTP/1.1
Host: www.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Cookie: PHPSESSID=uoftl3qtbh3fmkibtmpoenqag5; USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: text/html; charset=UTF-8
last-modified: Thu, 24 Feb 2022 19:25:10 GMT
x-node: www-01.prod
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cefdf30b80fb4f7-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
wsv3cdn.audioeye.com/v2/build/smartrems.bundle.de1cf08.js
172.64.151.222200 OK 139 kB URL GET HTTP/2 wsv3cdn.audioeye.com/v2/build/smartrems.bundle.de1cf08.js
IP 172.64.151.222:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintEE:8B:07:1F:A3:E3:C1:17:AC:CF:C5:DE:FD:E0:83:D9:2E:B0:89:8A
ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT
Size 139 kB (138621 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2/build/smartrems.bundle.de1cf08.js HTTP/1.1
Host: wsv3cdn.audioeye.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:45 GMT
content-type: application/javascript
last-modified: Fri, 26 May 2023 22:12:05 GMT
etag: W/"64712eb5-21d7d"
access-control-allow-origin: *
cf-cache-status: HIT
age: 4585
expires: Tue, 28 May 2024 15:46:45 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf3a0b1bb515-OSL
content-encoding: br
X-Firefox-Spdy: h2
wsv3cdn.audioeye.com/v2/build/6365.bundle.de1cf08.js
172.64.151.222200 OK 1.1 kB URL GET HTTP/2 wsv3cdn.audioeye.com/v2/build/6365.bundle.de1cf08.js
IP 172.64.151.222:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintEE:8B:07:1F:A3:E3:C1:17:AC:CF:C5:DE:FD:E0:83:D9:2E:B0:89:8A
ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT
File type troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (1092), with no line terminators
Hash dc8e555211e2ff66ce1e14b92c4335cc
46065d0b001eff7e7ef6f3e9dbfb70ff385a8299
24948e4ec5ec78edcaa737c23480f29e67e0a36d3d27808d9314ddc302cb5436
GET /v2/build/6365.bundle.de1cf08.js HTTP/1.1
Host: wsv3cdn.audioeye.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Cookie: aelastsite=T9AuRHB6UAobkOoCpj8FxR0dzIiYCwOmTYogwHRsnIWAXhDTtJhbUYi864r%2FUXP8; aelreadersettings=%7B%22c_big%22%3A0%2C%22rg%22%3A0%2C%22memph%22%3A0%2C%22contrast_setting%22%3A0%2C%22colorshift_setting%22%3A0%2C%22text_size_setting%22%3A0%2C%22space_setting%22%3A0%2C%22font_setting%22%3A0%2C%22k%22%3A0%2C%22k_disable_default%22%3A0%2C%22hlt%22%3A0%2C%22disable_animations%22%3A0%2C%22display_alt_desc%22%3A0%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:48 GMT
content-type: application/javascript
last-modified: Fri, 26 May 2023 22:12:02 GMT
etag: W/"64712eb2-42e"
access-control-allow-origin: *
cf-cache-status: HIT
age: 1128
expires: Tue, 28 May 2024 15:46:48 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf4d9f93b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
wsmcdn.audioeye.com/aem.js
104.18.36.34200 OK 1.0 kB URL GET HTTP/2 wsmcdn.audioeye.com/aem.js
IP 104.18.36.34:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintCB:D4:01:D1:34:D0:EC:2D:33:35:F4:9D:73:CE:25:00:EA:E5:47:00
ValidityWed, 15 Mar 2023 00:00:00 GMT - Thu, 14 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (1068), with no line terminators
Hash 2183eb89ebc92535b3b5080d018f69e7
d664353a40b8439bfbdde04cf0bbcd84fc523a31
3c8ce21442faeae06843628c5619a00b6eb37397482baeb19e01bcf04be1954c
GET /aem.js HTTP/1.1
Host: wsmcdn.audioeye.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: application/javascript; charset=UTF-8
etag: W/"c5f5d23dbd841fb0868078e4bfbbd713"
cache-control: max-age=3600
cache-tags:
surrogate-keys:
cf-cache-status: HIT
age: 87
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf34ff2f0b45-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.buydomains.com/locate?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
104.18.24.148200 OK 2.1 kB URL POST HTTP/2 www.buydomains.com/locate?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
IP 104.18.24.148:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint40:6A:AE:37:C4:FC:0B:1B:93:F4:04:6A:12:FA:50:22:25:34:3D:D1
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with very long lines (2442), with no line terminators
Hash 3fa8cc8a2cca58d8f1d08a3602e8ff61
0b5ed8b6137da24ee0ec1ae65b1f71bc3a5474d3
7f7961762087264c96c8d8afd68087f9c4a321d599d500f71b7ef7e85277e590
POST /locate?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect HTTP/1.1
Host: www.buydomains.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 3227
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Cookie: PHPSESSID=uoftl3qtbh3fmkibtmpoenqag5; USER_COUNTRY=%22Norway%22; USER_COUNTRY_CODE_DEFAULT=%22NO%22; TOLLFREE_PHONE=%22%28855%29+687-0658%22; WW_PHONE=%22%28781%29+373-6820%22; utm_source=%22grammarhelp.net%22; utm_medium=%22direct-visit%22; utm_campaign=%22tdfs-AprTest%22; traffic_id=%22AprTest%22; traffic_type=%22tdfs%22; trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; visitor=6474c8e27977f; visitorType=new; __cf_bm=vI0byVctJtimdD2FN0vbhkLG.HLMO1oKE_QJ14X9dME-1685375202-0-AfxX+49bm3qYEZoxDZvRvr8w2oW8elXNsDWiKTXzT7SfEYqGmM2jAf7oKdisREcCrBrD/xkt7NfF7NThThlNJ5o=; tracking_params_allowed=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:45 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.6.8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: USER_COUNTRY=%22Norway%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
USER_COUNTRY_CODE_DEFAULT=%22NO%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
TOLLFREE_PHONE=%22%28855%29+687-0658%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
WW_PHONE=%22%28781%29+373-6820%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_source=%22grammarhelp.net%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_medium=%22click%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_campaign=%22tdfs-AprTest%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
traffic_id=%22AprTest%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
traffic_type=%22tdfs%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
utm_medium=%22direct-visit%22; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
trackingParams=%7B%22utm_source%22%3A%22grammarhelp.net%22%2C%22utm_medium%22%3A%22direct-visit%22%2C%22utm_campaign%22%3A%22tdfs-AprTest%22%2C%22utm_content%22%3Anull%2C%22traffic_id%22%3A%22AprTest%22%2C%22traffic_type%22%3A%22tdfs%22%2C%22referrer_id%22%3Anull%7D; path=/; samesite=Lax; domain=.buydomains.com; secure; httponly
x-php-backend: www-03.prod
x-node: www-03.prod
access-control-allow-origin: https://www.buydomains.com
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cefdf34cf5ab4f7-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
wsv3cdn.audioeye.com/v2/build/5121.bundle.de1cf08.js
172.64.151.222200 OK 382 B URL GET HTTP/2 wsv3cdn.audioeye.com/v2/build/5121.bundle.de1cf08.js
IP 172.64.151.222:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintEE:8B:07:1F:A3:E3:C1:17:AC:CF:C5:DE:FD:E0:83:D9:2E:B0:89:8A
ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with very long lines (400), with no line terminators
Hash 9e8cec962bcd8aada36d3cbce5c27cea
82d30c3b3e578d02ac706ec60b2a112970a04379
40c8f477fc470603f0a453ff081d1a545b6954e372c2880ae338092157f31d3e
GET /v2/build/5121.bundle.de1cf08.js HTTP/1.1
Host: wsv3cdn.audioeye.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:45 GMT
content-type: application/javascript
last-modified: Fri, 26 May 2023 22:12:05 GMT
etag: W/"64712eb5-17e"
access-control-allow-origin: *
cf-cache-status: HIT
age: 6371
expires: Tue, 28 May 2024 15:46:45 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf3a4b88b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.cookielaw.org/consent/91181fd5-0816-4a3d-8427-63a8d53f717e/91181fd5-0816-4a3d-8427-63a8d53f717e.json
104.18.170.114200 OK 4.0 kB URL GET HTTP/2 cdn.cookielaw.org/consent/91181fd5-0816-4a3d-8427-63a8d53f717e/91181fd5-0816-4a3d-8427-63a8d53f717e.json
IP 104.18.170.114:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectcookielaw.org
Fingerprint72:BB:48:60:EB:F2:A2:EB:51:29:51:1A:B9:2A:85:30:97:3D:9A:2E
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with very long lines (4780), with no line terminators
Hash f574cbaa3d3181ca6bd205fd302c1ad5
b56902c6e1dcbceaabf62f555a393b4adfeaaf82
b5a206765e477a015e82b83ff81bd852da5b8e37440d2f1ad2ce291bf9d33912
GET /consent/91181fd5-0816-4a3d-8427-63a8d53f717e/91181fd5-0816-4a3d-8427-63a8d53f717e.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: application/x-javascript
content-length: 1619
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: yZt2cxY/Qzo0A3FqE49NnQ==
last-modified: Thu, 23 Feb 2023 16:34:12 GMT
etag: 0x8DB15BBCBE3AE88
x-ms-request-id: 50df4c2c-801e-0021-3ce1-5ab5d7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 13578
expires: Tue, 30 May 2023 15:46:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cefdf31ba990b31-OSL
X-Firefox-Spdy: h2
geolocation.onetrust.com/cookieconsentpub/v1/geo/location
104.18.29.38200 OK 72 B URL GET HTTP/2 geolocation.onetrust.com/cookieconsentpub/v1/geo/location
IP 104.18.29.38:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectonetrust.com
Fingerprint9E:F3:57:7F:94:76:6C:42:96:83:B5:15:57:B4:17:C4:0A:90:F6:3D
ValidityTue, 13 Dec 2022 00:00:00 GMT - Wed, 13 Dec 2023 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash adf75b99dbbf416c627dfc5de30f9ad1
699f3845f7dfb3fa9968c2117b44c3f3eb728fff
a0e4a8f457272bd17d07ae2e1e09731df6cc6fdc3ea9e32e713ef4a8a012fc27
GET /cookieconsentpub/v1/geo/location HTTP/1.1
Host: geolocation.onetrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.buydomains.com
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:44 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7cefdf32aa8db4ed-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
wsv3cdn.audioeye.com/v2/build/launcher.bundle.de1cf08.js
172.64.151.222200 OK 82 kB URL GET HTTP/2 wsv3cdn.audioeye.com/v2/build/launcher.bundle.de1cf08.js
IP 172.64.151.222:443
Requested by https://www.buydomains.com/lander/grammarhelp.net?domain=grammarhelp.net&utm_source=grammarhelp.net&utm_medium=click&utm_campaign=tdfs-AprTest&traffic_id=AprTest&traffic_type=tdfs&redirect=ono-redirect
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintEE:8B:07:1F:A3:E3:C1:17:AC:CF:C5:DE:FD:E0:83:D9:2E:B0:89:8A
ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 8ff7c431d2ff321964728412f3f3018a
1b6e222459bf49406a3ebd812fb28328695b6ab6
f9b074865c89d0fa43a3d519fbc3b8b6fdb2c2da7b66e6381f01a6e307b6a86f
GET /v2/build/launcher.bundle.de1cf08.js HTTP/1.1
Host: wsv3cdn.audioeye.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.buydomains.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 15:46:48 GMT
content-type: application/javascript
last-modified: Fri, 26 May 2023 22:12:03 GMT
etag: W/"64712eb3-13f4b"
access-control-allow-origin: *
cf-cache-status: HIT
age: 6791
expires: Tue, 28 May 2024 15:46:48 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefdf4cfebdb515-OSL
content-encoding: br
X-Firefox-Spdy: h2