www.elfcosmetics.com Open in urlscan Pro
204.2.49.172 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cosmeticcriminal.com/
Effective URL:
https://www.elfcosmetics.com/cosmetic-criminals
Submission: On January 01 via api (January 1st 2024, 10:41:04 am UTC) from US — Scanned from US

Summary HTTP 215 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 66 IPs in 2 countries across 53 domains to perform 215 HTTP transactions. The main IP is 204.2.49.172, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 78022.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.

This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	165.254.198.225 165.254.198.225	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1 12	204.2.49.172 204.2.49.172	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
6	151.101.66.133 151.101.66.133	54113 (FASTLY) (FASTLY)
5	35.190.10.96 35.190.10.96	15169 (GOOGLE) (GOOGLE)
12	2606:4700::68... 2606:4700::6812:83ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4004:c08::61	15169 (GOOGLE) (GOOGLE)
3	2600:9000:234... 2600:9000:234b:5400:a:b89d:a6c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	104.237.62.212 104.237.62.212	18450 (WEBNX) (WEBNX)
6	151.101.130.133 151.101.130.133	54113 (FASTLY) (FASTLY)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2001:4860:480... 2001:4860:4802:34::178	15169 (GOOGLE) (GOOGLE)
1	2600:9000:24b... 2600:9000:24bb:7000:11:85b0:d600:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
3 3	3.225.218.10 3.225.218.10	14618 (AMAZON-AES) (AMAZON-AES)
1	23.40.62.80 23.40.62.80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	3.213.5.9 3.213.5.9	14618 (AMAZON-AES) (AMAZON-AES)
1 2	54.146.211.231 54.146.211.231	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:201... 2600:9000:201e:7e00:15:ad21:c740:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4004:c08::9c	15169 (GOOGLE) (GOOGLE)
2 5	172.253.63.149 172.253.63.149	15169 (GOOGLE) (GOOGLE)
1 2	68.67.160.186 68.67.160.186	29990 (ASN-APPNEX) (ASN-APPNEX)
5	2607:f8b0:400... 2607:f8b0:4004:c08::63	15169 (GOOGLE) (GOOGLE)
1 2	2607:f8b0:400... 2607:f8b0:4004:c08::9a	15169 (GOOGLE) (GOOGLE)
6	99.84.238.117 99.84.238.117	16509 (AMAZON-02) (AMAZON-02)
1 1	18.154.227.34 18.154.227.34	16509 (AMAZON-02) (AMAZON-02)
1	3.162.112.105 3.162.112.105	16509 (AMAZON-02) (AMAZON-02)
1	34.230.254.96 34.230.254.96	14618 (AMAZON-AES) (AMAZON-AES)
3	2606:4700:440... 2606:4700:4400::6812:2a49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	204.2.131.15 204.2.131.15	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1	184.27.13.189 184.27.13.189	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.102.147.248 34.102.147.248	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
9	151.101.129.21 151.101.129.21	54113 (FASTLY) (FASTLY)
1	2600:1408:540... 2600:1408:5400:13::17cf:cacd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:200... 2600:9000:2006:de00:13:d6f4:3240:93a1	16509 (AMAZON-02) (AMAZON-02)
1 4	2607:f8b0:400... 2607:f8b0:4004:c1d::9d	15169 (GOOGLE) (GOOGLE)
1	142.251.16.157 142.251.16.157	15169 (GOOGLE) (GOOGLE)
2	18.155.191.244 18.155.191.244	16509 (AMAZON-02) (AMAZON-02)
2	2a04:4e42:77::84 2a04:4e42:77::84	54113 (FASTLY) (FASTLY)
2	2a03:2880:f00... 2a03:2880:f003:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
22	23.212.250.138 23.212.250.138	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2600:9000:25f... 2600:9000:25f1:c00:a:7914:b00:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.173.121.36 18.173.121.36	16509 (AMAZON-02) (AMAZON-02)
1	34.120.253.250 34.120.253.250	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
2	151.101.129.35 151.101.129.35	54113 (FASTLY) (FASTLY)
1	3.220.245.192 3.220.245.192	14618 (AMAZON-AES) (AMAZON-AES)
3	151.101.0.84 151.101.0.84	54113 (FASTLY) (FASTLY)
2	2001:4860:480... 2001:4860:4802:32::181	15169 (GOOGLE) (GOOGLE)
1 7	35.190.43.134 35.190.43.134	15169 (GOOGLE) (GOOGLE)
2	18.155.202.17 18.155.202.17	16509 (AMAZON-02) (AMAZON-02)
1	2a03:2880:f10... 2a03:2880:f103:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	23.222.5.87 23.222.5.87	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	44.212.142.71 44.212.142.71	14618 (AMAZON-AES) (AMAZON-AES)
3	54.84.87.164 54.84.87.164	14618 (AMAZON-AES) (AMAZON-AES)
2	34.98.67.3 34.98.67.3	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	192.229.210.155 192.229.210.155	15133 (EDGECAST) (EDGECAST)
17	34.98.72.95 34.98.72.95	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
12	192.225.157.157 192.225.157.157	30286 (THM) (THM)
1	34.117.241.125 34.117.241.125	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.149.101.92 34.149.101.92	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.102.221.243 34.102.221.243	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.154.97.89 54.154.97.89	16509 (AMAZON-02) (AMAZON-02)
2	192.225.158.1 192.225.158.1	30286 (THM) (THM)
1	192.225.158.3 192.225.158.3	30286 (THM) (THM)
1	2600:1901:0:5... 2600:1901:0:56e0::	15169 (GOOGLE) (GOOGLE)
2	34.149.130.207 34.149.130.207	15169 (GOOGLE) (GOOGLE)
6	34.111.8.32 34.111.8.32	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	35.244.154.8 35.244.154.8	15169 (GOOGLE) (GOOGLE)
1 2	34.149.254.212 34.149.254.212	15169 (GOOGLE) (GOOGLE)
1 1	107.178.254.65 107.178.254.65	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
215	66

1 165.254.198.225 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)
PTR: d3-12-0-1-25-0.a02.nycmny01.us.ra.verio.net

cosmeticcriminal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 204.2.49.172 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

www.elfcosmetics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.66.133 (United States)

ASN54113 (FASTLY, US)

cdn-fsly.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com

collector-pxxt4gy2ig.px-cloud.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c08::61 (Ashburn, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:234b:5400:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.237.62.212 (El Segundo, United States)

ASN18450 (WEBNX, US)
PTR: api.ipify.org

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.130.133 (United States)

ASN54113 (FASTLY, US)

sdk.iad-05.braze.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:24bb:7000:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.cnnx.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.225.218.10 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-218-10.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.40.62.80 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-40-62-80.deploy.static.akamaitechnologies.com

hb.yahoo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.213.5.9 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-5-9.compute-1.amazonaws.com

pixel.pointmediatracker.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.146.211.231 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-146-211-231.compute-1.amazonaws.com

cnv.event.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:201e:7e00:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)

st.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c08::9c (Ashburn, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.253.63.149 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: bi-in-f149.1e100.net

9231397.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
10742279.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.67.160.186 (Jersey City, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4004:c08::63 (Ashburn, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c08::9a (Ashburn, United States) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 99.84.238.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-238-117.sfo5.r.cloudfront.net

async-px.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.154.227.34 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-154-227-34.iad55.r.cloudfront.net

ads.undertone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.162.112.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-112-105.iad61.r.cloudfront.net

evt.undertone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.230.254.96 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-230-254-96.compute-1.amazonaws.com

px.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::6812:2a49 (United States)

ASN13335 (CLOUDFLARENET, US)

elfcosmetics.a.bigcontent.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.2.131.15 (United States)

ASN393259 (YOTTAA-AS-1, US)

qoe-1.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.27.13.189 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-27-13-189.deploy.static.akamaitechnologies.com

static.ordergroove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com

tag.rmp.rakuten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.129.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:5400:13::17cf:cacd (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

websdk.appsflyer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2006:de00:13:d6f4:3240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.usehero.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c1d::9d (Washington, United States) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.16.157 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f157.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.155.191.244 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-191-244.sfo53.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:77::84 (United States)

ASN54113 (FASTLY, US)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f003:100:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 23.212.250.138 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-212-250-138.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:25f1:c00:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.jebbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.121.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-121-36.sfo53.r.cloudfront.net

t.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com

tag.wknd.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.35 (United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.220.245.192 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-245-192.compute-1.amazonaws.com

api.usehero.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.0.84 (United States)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.190.43.134 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com

tr.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tr6.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.155.202.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-202-17.sfo53.r.cloudfront.net

cdn-scripts.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f103:83:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.222.5.87 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-222-5-87.deploy.static.akamaitechnologies.com

analytics.pangle-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.212.142.71 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-212-142-71.compute-1.amazonaws.com

external-api.jebbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.84.87.164 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-87-164.compute-1.amazonaws.com

c.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com

ut.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.229.210.155 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 192.225.157.157 (United States)

ASN30286 (THM, US)

imgs.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.241.125 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 125.241.117.34.bc.googleusercontent.com

data.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.101.92 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 92.101.149.34.bc.googleusercontent.com

page.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.221.243 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 243.221.102.34.bc.googleusercontent.com

view.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.97.89 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-97-89.eu-west-1.compute.amazonaws.com

srm.ba.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.225.158.1 (United States)

ASN30286 (THM, US)
PTR: a-sac.h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.225.158.3 (United States)

ASN30286 (THM, US)
PTR: d.aa.online-metrix.net

w2txo5aafemihslxtswxpqboff45naoes5ygm3r2c5f6bc415ade5a42sac.d.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:56e0:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

ids.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.130.207 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 207.130.149.34.bc.googleusercontent.com

pd.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
idr.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com

api.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
events.bouncex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.154.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.254.212 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 212.254.149.34.bc.googleusercontent.com

pix.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.178.254.65 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 617	287 KB
18	bounceexchange.com assets.bounceexchange.com — Cisco Umbrella Rank: 2050 api.bounceexchange.com — Cisco Umbrella Rank: 2223	530 KB
14	signifyd.com cdn-scripts.signifyd.com — Cisco Umbrella Rank: 6824 imgs.signifyd.com — Cisco Umbrella Rank: 5865	94 KB
12	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 324	322 KB
12	elfcosmetics.com 1 redirects www.elfcosmetics.com — Cisco Umbrella Rank: 78022	298 KB
11	paypal.com www.paypal.com — Cisco Umbrella Rank: 2085 t.paypal.com — Cisco Umbrella Rank: 2568	238 KB
11	doubleclick.net 9231397.fls.doubleclick.net — Cisco Umbrella Rank: 188726 Failed 10742279.fls.doubleclick.net — Cisco Umbrella Rank: 192049 Failed stats.g.doubleclick.net — Cisco Umbrella Rank: 75 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33	8 KB
11	dynamicyield.com cdn.dynamicyield.com — Cisco Umbrella Rank: 6084 st.dynamicyield.com — Cisco Umbrella Rank: 5745 async-px.dynamicyield.com — Cisco Umbrella Rank: 5840 px.dynamicyield.com — Cisco Umbrella Rank: 23654	227 KB
9	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 93 analytics.google.com — Cisco Umbrella Rank: 152	2 KB
7	snapchat.com 1 redirects tr.snapchat.com — Cisco Umbrella Rank: 758 tr6.snapchat.com — Cisco Umbrella Rank: 88800	2 KB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
7	yottaa.net cdn-fsly.yottaa.net — Cisco Umbrella Rank: 13848 Failed qoe-1.yottaa.net — Cisco Umbrella Rank: 6173	1 MB
6	braze.com sdk.iad-05.braze.com — Cisco Umbrella Rank: 3954	1 KB
5	bouncex.net events.bouncex.net — Cisco Umbrella Rank: 1871	512 B
5	cdnwidget.com 1 redirects ids.cdnwidget.com — Cisco Umbrella Rank: 3280 pd.cdnwidget.com — Cisco Umbrella Rank: 3186 pix.cdnwidget.com — Cisco Umbrella Rank: 4293 idr.cdnwidget.com — Cisco Umbrella Rank: 5705	2 KB
5	contentsquare.net t.contentsquare.net — Cisco Umbrella Rank: 3083 c.contentsquare.net — Cisco Umbrella Rank: 3307 srm.ba.contentsquare.net — Cisco Umbrella Rank: 13368	69 KB
5	px-cloud.net collector-pxxt4gy2ig.px-cloud.net — Cisco Umbrella Rank: 167677	2 KB
3	online-metrix.net h.online-metrix.net — Cisco Umbrella Rank: 2534 w2txo5aafemihslxtswxpqboff45naoes5ygm3r2c5f6bc415ade5a42sac.d.aa.online-metrix.net	16 KB
3	cdnbasket.net data.cdnbasket.net — Cisco Umbrella Rank: 4140 page.cdnbasket.net — Cisco Umbrella Rank: 4148 view.cdnbasket.net — Cisco Umbrella Rank: 4147	1014 B
3	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 1965	33 KB
3	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 715	1 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 329	14 KB
3	jebbit.com js.jebbit.com — Cisco Umbrella Rank: 33156 external-api.jebbit.com — Cisco Umbrella Rank: 39914	60 KB
3	bigcontent.io elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 128663	8 KB
3	yahoo.com 3 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 307	1 KB
2	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 408	835 B
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 465	1 KB
2	linksynergy.com ut.rd.linksynergy.com — Cisco Umbrella Rank: 6223 tags.rd.linksynergy.com — Cisco Umbrella Rank: 4434	698 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	91 KB
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 745	21 KB
2	sc-static.net sc-static.net — Cisco Umbrella Rank: 945	35 KB
2	usehero.com cdn.usehero.com — Cisco Umbrella Rank: 31511 api.usehero.com — Cisco Umbrella Rank: 29821	29 KB
2	undertone.com 1 redirects ads.undertone.com — Cisco Umbrella Rank: 5720 evt.undertone.com — Cisco Umbrella Rank: 5287	1003 B
2	adnxs.com 1 redirects secure.adnxs.com — Cisco Umbrella Rank: 478	1 KB
2	bidr.io 1 redirects cnv.event.prod.bidr.io — Cisco Umbrella Rank: 7763	1 KB
2	ipify.org api.ipify.org — Cisco Umbrella Rank: 2843	442 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	211 KB
1	pippio.com 1 redirects pippio.com — Cisco Umbrella Rank: 777	574 B
1	pangle-ads.com analytics.pangle-ads.com — Cisco Umbrella Rank: 2266	821 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	185 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1387	637 B
1	wknd.ai tag.wknd.ai — Cisco Umbrella Rank: 3860	6 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1266	9 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138	2 KB
1	appsflyer.com websdk.appsflyer.com — Cisco Umbrella Rank: 4632	12 KB
1	rakuten.com tag.rmp.rakuten.com — Cisco Umbrella Rank: 5888	15 KB
1	ordergroove.com static.ordergroove.com — Cisco Umbrella Rank: 16302	42 KB
1	pointmediatracker.com 1 redirects pixel.pointmediatracker.com — Cisco Umbrella Rank: 4562	498 B
1	yahoo.net hb.yahoo.net — Cisco Umbrella Rank: 866	663 B
1	adsrvr.org 1 redirects insight.adsrvr.org — Cisco Umbrella Rank: 557	442 B
1	cnnx.link js.cnnx.link — Cisco Umbrella Rank: 6403	1 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 548	305 B
1	cosmeticcriminal.com 1 redirects cosmeticcriminal.com	324 B
215	53

	Domain	Requested by
22	analytics.tiktok.com	www.elfcosmetics.com analytics.tiktok.com
17	assets.bounceexchange.com	www.elfcosmetics.com
12	imgs.signifyd.com	www.elfcosmetics.com imgs.signifyd.com
12	cdn.cookielaw.org	cdn-fsly.yottaa.net cdn.cookielaw.org www.elfcosmetics.com
12	www.elfcosmetics.com	1 redirects www.elfcosmetics.com cdn-fsly.yottaa.net
9	www.paypal.com	www.elfcosmetics.com www.paypal.com www.paypalobjects.com
7	www.google-analytics.com	www.elfcosmetics.com www.google-analytics.com
6	tr.snapchat.com	1 redirects www.elfcosmetics.com sc-static.net
6	async-px.dynamicyield.com	cdn.dynamicyield.com
6	sdk.iad-05.braze.com	cdn-fsly.yottaa.net
6	cdn-fsly.yottaa.net	www.elfcosmetics.com
5	events.bouncex.net
5	www.google.com	www.elfcosmetics.com
5	collector-pxxt4gy2ig.px-cloud.net	www.elfcosmetics.com
4	googleads.g.doubleclick.net	1 redirects www.elfcosmetics.com
3	www.paypalobjects.com	www.elfcosmetics.com www.paypalobjects.com
3	c.contentsquare.net
3	ct.pinterest.com	s.pinimg.com www.elfcosmetics.com
3	bat.bing.com	www.elfcosmetics.com
3	elfcosmetics.a.bigcontent.io	www.elfcosmetics.com
3	ups.analytics.yahoo.com	3 redirects
3	9231397.fls.doubleclick.net	www.googletagmanager.com cdn.cookielaw.org 9231397.fls.doubleclick.net
3	cdn.dynamicyield.com	www.elfcosmetics.com
2	pix.cdnwidget.com	1 redirects
2	idsync.rlcdn.com	2 redirects
2	h.online-metrix.net	imgs.signifyd.com
2	pixel.tapad.com	2 redirects
2	cdn-scripts.signifyd.com	www.elfcosmetics.com
2	analytics.google.com	www.googletagmanager.com
2	t.paypal.com
2	js.jebbit.com	www.elfcosmetics.com
2	connect.facebook.net	www.elfcosmetics.com
2	s.pinimg.com	www.elfcosmetics.com
2	sc-static.net	www.elfcosmetics.com tr.snapchat.com
2	adservice.google.com	1 redirects 10742279.fls.doubleclick.net
2	secure.adnxs.com	1 redirects www.elfcosmetics.com
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	cnv.event.prod.bidr.io	1 redirects www.elfcosmetics.com
2	10742279.fls.doubleclick.net	www.googletagmanager.com cdn.cookielaw.org
2	api.ipify.org	cdn-fsly.yottaa.net
2	www.googletagmanager.com	www.elfcosmetics.com
1	idr.cdnwidget.com
1	pippio.com	1 redirects
1	tags.rd.linksynergy.com
1	api.bounceexchange.com	www.elfcosmetics.com
1	pd.cdnwidget.com	assets.bounceexchange.com
1	ids.cdnwidget.com	assets.bounceexchange.com
1	w2txo5aafemihslxtswxpqboff45naoes5ygm3r2c5f6bc415ade5a42sac.d.aa.online-metrix.net
1	srm.ba.contentsquare.net	t.contentsquare.net
1	tr6.snapchat.com	sc-static.net
1	view.cdnbasket.net	assets.bounceexchange.com
1	page.cdnbasket.net	assets.bounceexchange.com
1	data.cdnbasket.net	assets.bounceexchange.com
1	ut.rd.linksynergy.com	www.elfcosmetics.com
1	external-api.jebbit.com	js.jebbit.com
1	analytics.pangle-ads.com	analytics.tiktok.com
1	www.facebook.com
1	api.usehero.com	cdn.usehero.com
1	alb.reddit.com
1	tag.wknd.ai	www.elfcosmetics.com
1	t.contentsquare.net	www.elfcosmetics.com
1	www.redditstatic.com	www.elfcosmetics.com
1	www.googleadservices.com	www.elfcosmetics.com
1	cdn.usehero.com	www.elfcosmetics.com
1	websdk.appsflyer.com	www.elfcosmetics.com
1	tag.rmp.rakuten.com	www.elfcosmetics.com
1	static.ordergroove.com	www.elfcosmetics.com
1	qoe-1.yottaa.net	www.elfcosmetics.com
1	px.dynamicyield.com	cdn.dynamicyield.com
1	evt.undertone.com	9231397.fls.doubleclick.net
1	ads.undertone.com	1 redirects
1	st.dynamicyield.com	www.elfcosmetics.com
1	pixel.pointmediatracker.com	1 redirects
1	hb.yahoo.net	www.elfcosmetics.com
1	insight.adsrvr.org	1 redirects
1	js.cnnx.link	www.googletagmanager.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	cosmeticcriminal.com	1 redirects
215	78

This site contains links to these domains. Also see Links.

Domain
cdn.dynamicyield.com
st.dynamicyield.com
rcom.dynamicyield.com
www.tiktok.com
www.instagram.com
www.pinterest.com
www.facebook.com
www.youtube.com
twitter.com
www.snapchat.com
www.linkedin.com
www.elfbeauty.com
elfcosmetics.onelink.me
preferences.elfcosmetics.com
www.onetrust.com

Subject Issuer	Validity	Valid
*.elfcosmetics.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-25` - `2024-10-25`	a year	crt.sh
*.yottaa.net GlobalSign RSA OV SSL CA 2018	`2023-09-13` - `2024-10-14`	a year	crt.sh
*.px-cloud.net Sectigo RSA Domain Validation Secure Server CA	`2023-08-15` - `2024-09-13`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.dynamicyield.com Amazon RSA 2048 M02	`2023-09-03` - `2024-10-01`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2023-02-07` - `2024-02-18`	a year	crt.sh
*.iad-05.braze.com GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-07-27` - `2024-08-27`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
js.cnnx.link Amazon RSA 2048 M02	`2023-07-11` - `2024-08-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.bigcontent.io GeoTrust TLS RSA CA G1	`2023-03-14` - `2024-04-13`	a year	crt.sh
*.ordergroove.com Go Daddy Secure Certificate Authority - G2	`2023-08-04` - `2024-08-17`	a year	crt.sh
tag.rmp.rakuten.com GTS CA 1D4	`2023-12-02` - `2024-03-01`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2023-10-13` - `2024-08-20`	10 months	crt.sh
*.appsflyer.com DigiCert TLS RSA SHA256 2020 CA1	`2023-07-27` - `2024-07-27`	a year	crt.sh
*.usehero.com Amazon RSA 2048 M02	`2023-08-28` - `2024-09-24`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
sc-static.net Amazon RSA 2048 M03	`2023-12-21` - `2025-01-18`	a year	crt.sh
*.pinterest.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-31` - `2024-08-07`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-10-10` - `2024-01-08`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-25` - `2024-02-21`	6 months	crt.sh
*.tiktok.com RapidSSL ECC CA 2018	`2023-07-14` - `2024-08-13`	a year	crt.sh
*.jebbit.com Amazon RSA 2048 M01	`2023-05-24` - `2024-06-21`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
t.contentsquare.net Amazon RSA 2048 M01	`2023-09-13` - `2024-10-11`	a year	crt.sh
tag.wknd.ai R3	`2023-11-20` - `2024-02-18`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-01` - `2024-02-28`	6 months	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2023-09-21` - `2024-10-21`	a year	crt.sh
api.usehero.com Amazon RSA 2048 M01	`2023-02-05` - `2024-03-05`	a year	crt.sh
*.snap.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-13` - `2024-04-12`	a year	crt.sh
cdn-scripts.signifyd.com Amazon RSA 2048 M01	`2023-07-03` - `2024-07-31`	a year	crt.sh
*.pangle-ads.com RapidSSL TLS ECC CA G1	`2023-08-10` - `2024-09-09`	a year	crt.sh
dep.bf.contentsquare.net Amazon RSA 2048 M01	`2023-03-20` - `2024-04-17`	a year	crt.sh
*.rd.linksynergy.com ZeroSSL RSA Domain Secure Site CA	`2023-02-13` - `2024-02-13`	a year	crt.sh
assets.bounceexchange.com GTS CA 1D4	`2023-11-20` - `2024-02-18`	3 months	crt.sh
imgs.signifyd.com Go Daddy Secure Certificate Authority - G2	`2023-10-20` - `2024-11-20`	a year	crt.sh
data.cdnbasket.net GTS CA 1D4	`2023-11-12` - `2024-02-10`	3 months	crt.sh
page.cdnbasket.net GTS CA 1D4	`2023-11-15` - `2024-02-13`	3 months	crt.sh
view.cdnbasket.net GTS CA 1D4	`2023-11-20` - `2024-02-18`	3 months	crt.sh
srm.ba.contentsquare.net Amazon RSA 2048 M02	`2023-11-07` - `2024-12-06`	a year	crt.sh
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2023-01-09` - `2024-01-23`	a year	crt.sh
*.d.aa.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2023-03-03` - `2024-03-04`	a year	crt.sh
ids.cdnwidget.com R3	`2023-11-13` - `2024-02-11`	3 months	crt.sh
pd.cdnwidget.com R3	`2023-11-13` - `2024-02-11`	3 months	crt.sh
*.wunderkind.co R3	`2023-12-06` - `2024-03-05`	3 months	crt.sh
idr.cdnwidget.com R3	`2023-11-13` - `2024-02-11`	3 months	crt.sh

This page contains 15 frames:

Primary Page: https://www.elfcosmetics.com/cosmetic-criminals
Frame ID: 4F917C53C0F2B115B1E7F9C8C411E0C5
Requests: 180 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals
Frame ID: 0105270C3809D61CC30168B537BED62C
Requests: 2 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CP-stKKAvIMDFdyw0QQdapoIGg;src=10742279;type=elf8j0;cat=glo_flap;ord=7850576186917;auiddc=1554942865.1704105656;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals
Frame ID: CDE1FFF67EEC46D1DCC0A2B7F636AB99
Requests: 2 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/ddm/fls/r/dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals
Frame ID: 9D2295632837CADCC8CE64519D8FB437
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CP-stKKAvIMDFdyw0QQdapoIGg;src=10742279;type=elf8j0;cat=glo_flap;ord=7850576186917;auiddc=1554942865.1704105656;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals
Frame ID: 0A286AD4D89C1C45C0B368EAD89B1FDC
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Frame ID: 0F13D68C843B702392B90B00B6F79A7B
Requests: 4 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=dd2cd2cc-8a82-4ac7-b846-32dd9c0df67a&u_sclid=3f27acd2-c539-4099-946f-a9ca98073ae0
Frame ID: E7C76C41F5C0256C9856E3D0D27ABADA
Requests: 2 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 3DC17D469AB46E2EC81EBD1A57FDDBCE
Requests: 3 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: 12C8C5D5711754B08D5EE18AE2DA63E7
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: CEE68A91545CFB921A9834586C28A3F2
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/p?rand=1703024666234&pnid=140&pcid=2762ce09-9bae-4c42-aeca-82fec4ebe427
Frame ID: E38AEF553D0DDE97A9F283416D704EC8
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/iLVTvQedFZbtAukA?5d23ad5dc2f07287=5foOmCIZ4vUntY5rhOYgfMYS4j4kaL5qaDGotsvGBzbdaszDRlpz8W8lr-wk5lJgP2NWKa-DovhH5rDyWIxR0vqNpvAvSI8ftqA7yJMohF8fFDHmnWu7ZFmk7mjEF9sOhVnm7TIysdBZLZQ73Et1XQFYSFCtFygBc9Vv3x_6aS4DeGJXIBUa5FC-x3HCpwKb9GXxQKmYAbm_NDOn&jb=3d33262660716777355563666c6f75732c687365375d696e6e65757b2f32323b392c68736a7f3d436270676f6d24607b6a3d4168786d6d6f2f383031383a
Frame ID: 7DA95389D53AF78F224F4E2C8B4D012C
Requests: 9 HTTP requests in this frame

Frame: https://imgs.signifyd.com/RfYtQfE8YXjxaej3?eb09e78fcc74227f=eqBd5ZWAX_2Kg8nlhqWP4KHhwF8tjUocYQ5nL-3PA36ADCDfYdIo_ibySxg1G1ej-Pfzo4WACDpDqhO_2lZeqg8oSy-qwJyGCgn3NzQtJfKykwsKtZHhuWxR6U0b2wloNrJ5eJA-n9Mx8pgOjnPb4BmNOVYPStb_NTzqn0XA3UcpBr5OUekzTWYCSho21ER1erKhjn7Kk0nzm04454U
Frame ID: B60FE6D2EA50B4CBCF997C59DC645178
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/4s3S5kAkfimegEwN?9ab1ff00cc73c5da=NzA7gLL_qXnXhDs8llMA_eZ7dAm_HgHJJlEBDi6HJ3JsnacxhaFJvd6qVqKtiJzT0x8uGxw6S6wJuZZ0J-uVBFN9LXto49qAEw7B3PEkRZn2KnHaT7I-zoaig9sCdmNi1gZN40I7WF3in1sBTq5ZLsEj_ZS311yMwEhJXXgB0MpX5_ZhsDhK4oi4tn0sZ3W1V9exJbloB1eGGH0GPnk0
Frame ID: ED5CEC58AAA659D51C3FE0B62660F9C1
Requests: 2 HTTP requests in this frame

Frame: https://imgs.signifyd.com/hiXtNDOkHdVYrKdu?d0e48268f843d5c4=euB_1pheo0IQ1DStWgHdPq_JCzefHXhEspNwzlUDLMUuIQv09RtSvWWf68K8APv3IBCz0gslYTyV96CyqLwkrD7uXfw_XomQoDt6wJBYWhYmYb1-wa_gSEy1GJizA3eYmus1Sl7264rgHxEDaiY7Z5WmzTgcnJQfry759MRIjkA2sKixXQPfph_VV12V-OGrcaiPT59GeK2S-hVCj5WB
Frame ID: B5EECF2B15A26C648E0969A86CBC5EFB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Back ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://cosmeticcriminal.com/ HTTP 301
https://www.elfcosmetics.com/cosmetic-criminals Page URL

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Dynamic Yield (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

cdn\.dynamicyield\.\w+/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

PerimeterX (Security) Expand

Overall confidence: 100%
Detected patterns

Rakuten (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

tag\.rmp\.rakuten\.com

basket.js (JavaScript Libraries) Expand

Overall confidence: 10%
Detected patterns

basket.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

215
Requests

94 %
HTTPS

30 %
IPv6

53
Domains

78
Subdomains

66
IPs

2
Countries

3829 kB
Transfer

13920 kB
Size

90
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://cdn.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://st.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://rcom.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@elfyeah/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/eyeslipsfacedotcom

Search URL Search Domain Scan URL

URL: https://twitter.com/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.snapchat.com/add/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/e-l-f-beauty

Search URL Search Domain Scan URL

URL: https://www.elfbeauty.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://elfcosmetics.onelink.me/wTtZ/AcrossSiteCosmetics

Search URL Search Domain Scan URL

URL: https://preferences.elfcosmetics.com/dont_sell
Title: Do Not Sell My Personal Info/Opt Out of Targeted Ads

Search URL Search Domain Scan URL

URL: https://preferences.elfcosmetics.com/privacy
Title: Privacy Rights Request Form

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cosmeticcriminal.com/ HTTP 301
https://www.elfcosmetics.com/cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=RuXdXfQAPcYcfxqrsLy3rq8hoLob23k9-bBbv9CEs1M HTTP 303
https://www.elfcosmetics.com/callback?usid=41b1e6f6-acbb-4b6b-ab38-9a235d472e72&code=rNGOXRf6YVBHtHgDE-MVm9D57GHXbHG4HUgZaRcyGc4

Request Chain 31

https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=9b18e473-9644-4e9b-aa82-e1ff0b2cb58d&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=9b18e473-9644-4e9b-aa82-e1ff0b2cb58d&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=55953&ovsid=9b18e473-9644-4e9b-aa82-e1ff0b2cb58d&gdpr=0&redir=true HTTP 302
https://hb.yahoo.net/cksync?cs=63&axid_e=eS1jeHp4UWZSRTJ1SDJLU1hvOU5UVjNwdHdTY1pmeG5yS35B&gdpr=0&ovsid=9b18e473-9644-4e9b-aa82-e1ff0b2cb58d&dpid=55953

Request Chain 32

https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=9755934b-00e3-48a3-9c7c-6a21916f0efd&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=1263624026 HTTP 302
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=c0898bc3-840a-487a-89e3-e8cc88de6e9b.&ord=5746429272331777512 HTTP 303
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=c0898bc3-840a-487a-89e3-e8cc88de6e9b.&ord=5746429272331777512&_bee_ppp=1

Request Chain 43

https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals HTTP 302
https://9231397.fls.doubleclick.net/activityi;dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals

Request Chain 44

https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7850576186917;auiddc=1554942865.1704105656;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals HTTP 302
https://10742279.fls.doubleclick.net/activityi;dc_pre=CP-stKKAvIMDFdyw0QQdapoIGg;src=10742279;type=elf8j0;cat=glo_flap;ord=7850576186917;auiddc=1554942865.1704105656;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals

Request Chain 47

https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2

Request Chain 59

https://adservice.google.com/ddm/fls/i/dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals HTTP 302
https://9231397.fls.doubleclick.net/ddm/fls/r/dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals

Request Chain 68

https://ads.undertone.com/t?trackerid=7729&cb=365953153 HTTP 307
https://evt.undertone.com/t?trackerid=7729&cb=365953153

Request Chain 105

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=861244339&cv=11&fst=1704105655693&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&auid=1554942865.1704105656&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&ocp_id=uZaSZaTHJ9CcoPMPp4WC6Ao&sscte=1&crd=&eitems=ChEIgOLJrAYQ1tWj2sWOtp_NARIdANJWnmXd671RAeFH3x1rjb8fAXDqQhjH7W8FuI0&pscrd=Ek9DaEVJZ09MSnJBWVF6YzdkeXEzUjRfdm9BUkltQUpSUmV6TUZvLVFMaWlzOW9hcEhIaVNnTHVnbTlMQzNTOU40bTB5VzhNNy1RdFd1LWtZGlpDaEVJZ09MSnJBWVFvNEhPNVBQaXZ0M1NBUkl1QVBDSGtpUVh6dlpzb2prR0pwU0xhM0JhUDNXdE5od1I2UTlPLWEwTm9fWTF0NE9tNUVkeGtILUZCWjVxanciEwjkh4mjgLyDAxVQDmgIHaeCAK0 HTTP 302
https://www.google.com/pagead/1p-conversion/698270988/?random=861244339&cv=11&fst=1704105655693&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&auid=1554942865.1704105656&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ09MSnJBWVF6YzdkeXEzUjRfdm9BUkltQUpSUmV6TUZvLVFMaWlzOW9hcEhIaVNnTHVnbTlMQzNTOU40bTB5VzhNNy1RdFd1LWtZGlpDaEVJZ09MSnJBWVFvNEhPNVBQaXZ0M1NBUkl1QVBDSGtpUVh6dlpzb2prR0pwU0xhM0JhUDNXdE5od1I2UTlPLWEwTm9fWTF0NE9tNUVkeGtILUZCWjVxanciEwjkh4mjgLyDAxVQDmgIHaeCAK0&is_vtc=1&ocp_id=uZaSZaTHJ9CcoPMPp4WC6Ao&cid=CAQSKQAvHhf_7fsZuQEHlMMlu-cSk0ljtXGEPB3GXXvH6u_MJX04-pHdEqGc&eitems=ChEIgOLJrAYQ1tWj2sWOtp_NARIdANJWnmV59jSTuTSMeRTI2HxsBEYLKc4McLBnRMM&random=1142927504

Request Chain 176

https://tr.snapchat.com/cm/s?bt=1d53c387&pnid=140&cb=1704105658799&u_scsid=91ea5dcc-4759-4d73-9acf-77bf91c87646&u_sclid=937e41a9-d8dc-4be9-8922-abf9cc608adb HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1703024666234%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1703024666234%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://tr.snapchat.com/cm/p?rand=1703024666234&pnid=140&pcid=2762ce09-9bae-4c42-aeca-82fec4ebe427

Request Chain 196

https://idsync.rlcdn.com/458359.gif?partner_uid=c9169b03-7bb8-4166-9518-5eebe5864ba1 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGM5MTY5YjAzLTdiYjgtNDE2Ni05NTE4LTVlZWJlNTg2NGJhMRAAGg0Iu63KrAYSBQjoBxAAQgBKAA HTTP 307
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=3ac54a91851681e209c0b378a5eb32910b81d80f988f881497322c3db2b8c1d26ac34734d8e453ee

Request Chain 208

https://pix.cdnwidget.com/redirect?CID=2aLlISCSLeSrDfvuxl0z0arTGKb&DID=2aLlINFMwRkyWUD4yX1v6B8is0m&v=&iv=&deviceid=6391126485375995717&visitid=1704105659837403&wsid=4142&apikey=2^HIykD HTTP 302
https://pippio.com/api/sync?pid=5749 HTTP 307
https://pix.cdnwidget.com/hash.gif?md5=none&sha1=none&sha256=none

215 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request cosmetic-criminals Show response
www.elfcosmetics.com/
Redirect Chain

https://cosmeticcriminal.com/
https://www.elfcosmetics.com/cosmetic-criminals

805 KB
214 KB

1562ms
1475ms

Document
text/html

204.2.49.172
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.49.172 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 8246a4e2f8f8d77d34b08fb83fbcc0ffa8f0e7ebb14994dde12e542c498615e5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 0
cache-control: public, must-revalidate, s-maxage=900
content-encoding: gzip
content-length: 218414
content-type: text/html; charset=utf-8
date: Mon, 01 Jan 2024 10:40:53 GMT
etag: W/"ac667-tJIY3eRQOuRP4zL7/tlDLhBJqag"
vary: Accept-Encoding
via: 1.1 e6fc68fd040718147cda2e3ef6f63636.cloudfront.net (CloudFront)
x-amz-apigw-id: Q2x8PEkbiYcEiZQ=
x-amz-cf-id: SUdwyGaXUoklQd5gxLp5f-N3Fzp-BFxc171YBiW2z59j9lh4CNyLzg==
x-amz-cf-pop: EWR50-C1
x-amzn-remapped-connection: close
x-amzn-remapped-content-length: 706151
x-amzn-remapped-date: Mon, 01 Jan 2024 10:40:53 GMT
x-amzn-requestid: c9bb45f9-35bd-4770-add5-871ae06e951b
x-amzn-trace-id: Root=1-659296b4-7ad93cd922ebb018320974e4;Sampled=0;lineage=2b75b0e9:0
x-cache: Miss from cloudfront
x-yottaa-metrics: 3821cc023194/[1303,1219,-] 38D1cc0231ac/[-,1400.368]
x-yottaa-optimizations: ob/1000000100001000 si/38D1cc0231ac-1703880238-8924556344 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os: 200

Redirect headers

age: 0
content-length: 1198
content-type: text/html; charset=utf-8
date: Mon, 01 Jan 2024 10:40:52 GMT
location: https://www.elfcosmetics.com/cosmetic-criminals
vary: User-Agent
x-yottaa-fw: fb/100000 tid/658dc3ccd93140973bd482ed rid/658dc848d93140973bd496fa stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics: 32D1a5fec6e1/[-,0.164]
x-yottaa-optimizations: ob/0 si/32D1a5fec6e1-1703880240-7038703580 tts/1704105652299 ti/0 ai/658dc3ccd93140973bd482ed

GET
H2 200 init.js Show response
www.elfcosmetics.com/XT4Gy2ig/ 165 KB
74 KB 59ms
59ms Script
application/javascript 204.2.49.172
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.49.172 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: c9d9ec99d8b568a4f1175c1df7e0e687b7611f323f00d9296bff29f91dacfd9e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:53 GMT
content-encoding: gzip
etag: "2939c-vDAjEeo8FqF1qhC7nETBQGuMzvc"
active-cdn: Akamai
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: active-cdn,x-served-by,Akamai-Request-BC
cache-control: max-age=600
x-yottaa-metrics: 38D1cc0231ac/[-,11.154]
x-px-hash: OTJkMjljMWQwOGIwZDhiNTM5NzNiYTM5ZDU3OGEzYWExZGU3YmI3NDg1NWVhMWVhZDA1ZWFlMDQzMTVlNTUyMw==
x-yottaa-optimizations: ob/0 si/38D1cc0231ac-1703880238-8924556353 tts/1704105653983 ti/0 ai/5a0c9b7632f01c35d42101b2

GET /
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/ 0
0

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b

Request headers

Referer
Origin: https://www.elfcosmetics.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd

Request headers

Referer
Origin: https://www.elfcosmetics.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 vendor.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 2 MB
619 KB 63ms
23ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 57e461c9b78558e62478cca713658387eaf54afe6ae0a8128ee38e5846b4d6d8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 7DhVfT1FfID7USGHRQIdkAPtGlAbpV1z
via: 1.1 6ef53c06467f47a1223db91b4e03cb22.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Mon, 01 Jan 2024 10:40:54 GMT
x-amz-cf-pop: PHL50-C1
age: 2302713
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1000 si/23114047a17c-1695931016-541995637 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 621192
content-length: 633349
x-amz-meta-bundle: 10314
x-served-by: cache-yyz4521-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1704105654.128705,VS0,VE2
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 2321cc8d59da/[102,30,-] 23114047a17c/[-,432.958]
accept-ranges: bytes
x-amz-cf-id: 6zb_xtoppKSGsjxOXb8cZXddrv87KnMwd9rYqabcmOz60TiNjtJfsA==
x-cache-hits: 1

GET
H2 200 main.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 2 MB
454 KB 59ms
20ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4f770b32793546ad41060cc03c06e4a744b10e9ae4af0b2b0522cfcf1fb33285

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: ee3xb.NTbr4bzXJ3SxfA7qqa0mkCetT8
via: 1.1 ae39d1ac6bb931d0ff3d636fc3e249de.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Mon, 01 Jan 2024 10:40:54 GMT
x-amz-cf-pop: DFW57-P1
age: 2162617
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1000 si/3211a5fec6ea-1692101820-1092711536 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 621192
content-length: 464645
x-amz-meta-bundle: 10314
x-served-by: cache-yyz4521-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1704105654.129311,VS0,VE0
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 3221a5fec63d/[92,14,-] 3211a5fec6ea/[-,300.513]
accept-ranges: bytes
x-amz-cf-id: SP8GcTgX8S-9dk9oVZ-dFXW31xzGiA9OKL4pryx1uyBi3BYH4arxBA==
x-cache-hits: 2989

GET
H2 200 pages-product-list-product-list-page.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 40 KB
11 KB 58ms
20ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/pages-product-list-product-list-page.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cd0b162bc6e5a1dfcdba80c8b12d3f2ec6ac423a1c1ed7d996779d9c6b81f346

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 3Wq5BoaKPulOYkW6Fp3r6wFQLlG6RLjA
via: 1.1 235099561ba63a2b7662a2b20d9ac036.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Mon, 01 Jan 2024 10:40:54 GMT
x-amz-cf-pop: PHL50-C1
age: 2302686
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1000 si/23114047a17c-1695931016-541996941 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Miss from cloudfront, HIT
x-amz-meta-deploy: 621192
content-length: 11125
x-amz-meta-bundle: 10314
x-served-by: cache-yyz4521-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1704105654.129336,VS0,VE0
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 23214047a183/[70,62,-] 23114047a17c/[-,77.321]
accept-ranges: bytes
x-amz-cf-id: p4dxcsI-tGZ300wVKXQGnxp6Ql9t896iiPVgoouL2AzCxPrUuihNpg==
x-cache-hits: 5

GET
H2 200 us.svg
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/flag-icons/ 9 KB
1 KB 59ms
22ms Image
image/svg+xml 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/flag-icons/us.svg?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 9zy6w68xzC0VtboioQSwQDLT607ezHMK
via: 1.1 812f46bf61001f0b27e402ec485db73c.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Mon, 01 Jan 2024 10:40:54 GMT
x-amz-cf-pop: ORD53-C3
age: 1562538
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1100 si/2611cc028373-1700446746-2117305748 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 621192
content-length: 676
x-amz-meta-bundle: 10314
x-served-by: cache-yyz4521-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1704105654.129094,VS0,VE1
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31104000
x-yottaa-metrics: 2621cc8d587c/[5,-,1702538668691] 2611cc028373/[-,8.745]
accept-ranges: bytes
x-amz-cf-id: q47ic1oVV3BU_vdfTTTlgaPtBFqjKBYj1HMoOR45GdhPJRgUJAMWfw==
x-cache-hits: 1

GET
H2 200 download-on-the-app-store-badge.png
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/global/ 4 KB
4 KB 64ms
27ms Image
image/webp 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/global/download-on-the-app-store-badge.png?yocs=1u_1y_1A_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f114a64c26edb67def4dd84a00694f76e0573aedddb68428c52c6ea8b00de4c3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: Akq7KTd_WVm0_2HVhDA1m.JC63cBf7G7
via: 1.1 83ac07892fa0e0fd0b9db6e878d848aa.cloudfront.net (CloudFront), 1.1 varnish
date: Mon, 01 Jan 2024 10:40:54 GMT
x-amz-cf-pop: ORD53-C3
age: 1371265
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/10000000000100 si/2611cc8d5869-1700446742-1900701262 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 621192
content-length: 3724
x-amz-meta-bundle: 10314
x-served-by: cache-yyz4521-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1704105654.129302,VS0,VE1
content-type: image/webp
cache-control: public, max-age=31104000
x-yottaa-metrics: 2621cc8d5872/[4,-,1702731105441] 2611cc8d5869/[-,7.385]
accept-ranges: bytes
x-amz-cf-id: cGaZY98Dx1vPAc2YAdkvyTwCPtcpFOKGt0cEgkn_mr-gbwMV512u2A==
x-cache-hits: 1

GET
H2 200 google-play-badge.png
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/global/ 3 KB
4 KB 59ms
23ms Image
image/webp 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/global/google-play-badge.png?yocs=1u_1y_1A_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e8f118daabadc747ba3e2236a27edce749bb73dde4f16c6c6acc5cce36009a36

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: XXBoQCUlKEOsesGOGsNaSVfpZce.5TGs
via: 1.1 7608da25eb5aed0ce7cca5fc0587c650.cloudfront.net (CloudFront), 1.1 varnish
date: Mon, 01 Jan 2024 10:40:54 GMT
x-amz-cf-pop: EWR50-C1
age: 986710
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/10000000000100 si/3811cc023146-1693316487-306713587 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 621192
content-length: 3318
x-amz-meta-bundle: 10314
x-served-by: cache-yyz4521-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1704105654.129066,VS0,VE1
content-type: image/webp
cache-control: public, max-age=31104000
x-yottaa-metrics: 3821cc02314a/[4,-,1703118018733] 3811cc023146/[-,5.805]
accept-ranges: bytes
x-amz-cf-id: sIqM7JUokwDjLxnhO3CjphZ74gFYmItH8AsmRvBOqkRe4wwsbSWg6g==
x-cache-hits: 1

POST
H2 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 540 B
787 B 131ms
67ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: f4439a701be0cfa21fd55ca318533170a8dcf74893c41b7a0330780a816f0aab

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 Jan 2024 10:40:53 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 540

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 1 MB
152 KB 112ms
43ms Script
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/OtAutoBlock.js

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e038dff62440b626103b2b81adcbb64b5cb3bd80433d1a710f37162cd7c0cc17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 10:40:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 45232
content-md5: 3CHjrTrl4YSKzn90GsMA3A==
content-length: 154812
x-ms-lease-status: unlocked
last-modified: Mon, 30 Oct 2023 13:08:00 GMT
server: cloudflare
etag: 0x8DBD9493E0E92B7
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: faa9619b-101e-0023-4914-1ea340000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea2598dfad4bcf-BUF
expires: Tue, 02 Jan 2024 10:40:55 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 105ms
37ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d72fa0f78c80b1874d3ee4aadf43d973edc442a65fef83d37e684ac559893b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 10:40:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 5rel+BW+cbOCNkEJ4C4NBQ==
age: 8355
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6841
x-ms-lease-status: unlocked
last-modified: Thu, 21 Dec 2023 21:19:55 GMT
server: cloudflare
etag: 0x8DC026A943751A5
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: d530a67f-201e-0007-3283-3455e0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea2598dfae4bcf-BUF

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 428 KB
121 KB 107ms
42ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c8f761d0c549a7bbddbeac60d5f3740c470cd722fc00bfb9119e359f419c1df9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123610
x-xss-protection: 0
last-modified: Mon, 01 Jan 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 01 Jan 2024 10:40:55 GMT

GET
H2 200 api_dynamic.js Show response
cdn.dynamicyield.com/api/8772046/ 378 KB
44 KB 581ms
369ms Script
application/javascript 2600:9000:234b:5400:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:234b:5400:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 30ca5a7ae3f12eb7d187d400d8c23903395c7e9c3fa7f85cb742785af28f2c81

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:56 GMT
content-encoding: gzip
via: 1.1 74aa91fe819001bcedd882694f52b436.cloudfront.net (CloudFront)
last-modified: Thu, 28 Dec 2023 20:49:56 GMT
server: DYCDN
x-amz-cf-pop: SFO5-P2
x-amz-server-side-encryption: AES256
etag: W/"b89b7a9d333258d9640358edad54dc22"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=30
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: xDrmyuoTe9OK_zK4XoRctsd3KpmBYlHvwwGBmya1ppUcVfIltZ7rQg==

GET
H2 200 api_static.js Show response
cdn.dynamicyield.com/api/8772046/ 385 KB
111 KB 306ms
94ms Script
application/javascript 2600:9000:234b:5400:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:234b:5400:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 2c8574ba42424a1dcf02c58fda5e3482e2262e0b0dddd09e5935bd94e5eba03e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 09:52:24 GMT
content-encoding: gzip
via: 1.1 74aa91fe819001bcedd882694f52b436.cloudfront.net (CloudFront)
last-modified: Thu, 28 Dec 2023 20:49:57 GMT
server: DYCDN
age: 14737
x-amz-cf-pop: SFO5-P2
x-amz-server-side-encryption: AES256
etag: W/"81d82ff6d3b7239a1cfc7723116ee4aa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: VcsDkOPJbpqwh1hfZ2vlGtNl-yGQuPFSTmDdR0GLOp4JqMqpu8c0kw==

GET
H/1.1 200
OK / Show response
api.ipify.org/ 21 B
221 B 265ms
86ms XHR
application/json 104.237.62.212
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.237.62.212 El Segundo, United States, ASN18450 (WEBNX, US),
Reverse DNS: api.ipify.org
Software: nginx/1.25.2 /
Resource Hash: bd746f5f030d16aebdf201ae14d229278bde8405b1f49144eafb27bf6493e1d0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 01 Jan 2024 10:40:55 GMT
Server: nginx/1.25.2
Connection: keep-alive
Content-Length: 21
Vary: Origin
Content-Type: application/json

GET
H/1.1 200
OK / Show response
api.ipify.org/ 21 B
221 B 269ms
88ms XHR
application/json 104.237.62.212
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.237.62.212 El Segundo, United States, ASN18450 (WEBNX, US),
Reverse DNS: api.ipify.org
Software: nginx/1.25.2 /
Resource Hash: bd746f5f030d16aebdf201ae14d229278bde8405b1f49144eafb27bf6493e1d0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 01 Jan 2024 10:40:55 GMT
Server: nginx/1.25.2
Connection: keep-alive
Content-Length: 21
Vary: Origin
Content-Type: application/json

GET
H2

200

callback
www.elfcosmetics.com/
Redirect Chain

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
https://www.elfcosmetics.com/callback?usid=41b1e6f6-acbb-4b6b-ab38-9a235d472e72&code=rNGOXRf6YVBHtHgDE-MVm9D57GHXbHG4HUgZaRcyGc4

0
0

240ms
240ms

Fetch
application/json

204.2.49.172
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/callback?usid=41b1e6f6-acbb-4b6b-ab38-9a235d472e72&code=rNGOXRf6YVBHtHgDE-MVm9D57GHXbHG4HUgZaRcyGc4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Server: 204.2.49.172 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:55 GMT
via: 1.1 158c603777b70da7a395beb589ad17da.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 0
x-amz-cf-pop: EWR50-C1
age: 0
x-amzn-remapped-connection: close
x-amzn-requestid: b97b9f8a-098e-428f-98c0-28b9388ced1f
x-yottaa-optimizations: ob/1000 si/38D1cc0231ac-1703880238-8924556376 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
x-amz-apigw-id: Q2x8wHZEiYcEYZw=
content-length: 0
x-yottaa-forcecache: true
x-amzn-trace-id: Root=1-659296b7-70aa81ec61bcb115214ce8bf;Sampled=0;lineage=2b75b0e9:0
content-type: application/json
cache-control: public, max-age=604800
x-yottaa-os: 200
x-yottaa-metrics: 3821cc023160/[201,197,-] 38D1cc0231ac/[-,204.125]
x-amzn-remapped-date: Mon, 01 Jan 2024 10:40:55 GMT
x-amz-cf-id: iz5ANn9cHEYntwmaGYcTfSK5AcNwUW2QDFX2kk6EuTptyLxQscMU7A==

Redirect headers

date: Mon, 01 Jan 2024 10:40:55 GMT
x-correlation-id: 83ea259acb703910
via: 1.1 8b91488fa62e73ed6328bc389e6d1cbe.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: IAD79-C3
age: 0
x-yottaa-optimizations: ob/0 si/38D1cc0231ac-1703880238-8924556375 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
content-length: 0
pragma: no-cache
x-ratelimit-1m-remaining: 23207, 1963388
x-ratelimit-1m-reset: 4500, 4499
x-ratelimit-1m-limit: 24000, 2000000
vary: Accept-Encoding
location: https://www.elfcosmetics.com/callback?usid=41b1e6f6-acbb-4b6b-ab38-9a235d472e72&code=rNGOXRf6YVBHtHgDE-MVm9D57GHXbHG4HUgZaRcyGc4
cache-control: no-store
x-yottaa-os: 303
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=RuXdXfQAPcYcfxqrsLy3rq8hoLob23k9-bBbv9CEs1M
x-yottaa-metrics: 3821cc02315f/[77,73,-] 38D1cc0231ac/[-,79.618]
cf-ray: 83ea259acb703910-IAD
x-amz-cf-id: 1jy1-xNOVu9Dlx2Qct3Pb1yXlkqZljFRalw5UGV_LG2ghX75l8JwaA==

POST
H2 201 / Show response
sdk.iad-05.braze.com/api/v3/data/ 323 B
454 B 149ms
148ms XHR
application/json 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1a09824b6d7bbd0f5e82a23d14da408abfba60d02f5bdb48309d3ab6ca61bb1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest: true
X-Braze-DataRequest: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/json
Referer: https://www.elfcosmetics.com/
X-Requested-With: XMLHttpRequest

Response headers

date: Mon, 01 Jan 2024 10:40:55 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: MISS
x-request-id: 76ed4c0f-b6b0-492e-8c87-f3724ef6aa30
x-served-by: cache-yyz4560-YYZ
x-runtime: 0.025092
etag: W/"1a09824b6d7bbd0f5e82a23d14da408a"
access-control-max-age: 7200
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin,Accept-Encoding
accept-ranges: bytes
x-cache-hits: 0

OPTIONS
H2 200 /
sdk.iad-05.braze.com/api/v3/data/ Frame 0
0 103ms
42ms Preflight 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
content-encoding: gzip
date: Mon, 01 Jan 2024 10:40:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-yyz4560-YYZ

POST
H2 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 600 B
655 B 85ms
84ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 3320581beae76484fd6700feb23379254e829839ac8d7581d726b274d39ce501

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 Jan 2024 10:40:55 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 600

GET
H2 200 6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json Show response
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 5 KB
2 KB 107ms
46ms XHR
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8a6566c7e926c37c010dc811a5e82d5eddad8b10057bf711f0f644be60707d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 10:40:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 41641
content-md5: 4swZDWVp4C0QChiGUbrcTg==
content-length: 1746
x-ms-lease-status: unlocked
last-modified: Tue, 14 Nov 2023 15:26:04 GMT
server: cloudflare
etag: 0x8DBE5260423F079
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b26488eb-901e-0084-770e-174b82000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea259b7ccf4bc6-BUF
expires: Tue, 02 Jan 2024 10:40:55 GMT

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 756 B
692 B 300ms
300ms XHR
application/json 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b07741fbd0bdb8453cfc2834881c7301a3f8298703bce9f005e3f15251073943

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/json
BRAZE-SYNC-RETRY-COUNT: 0
Referer: https://www.elfcosmetics.com/
X-Requested-With: XMLHttpRequest
X-Braze-ContentCardsRequest: true

Response headers

date: Mon, 01 Jan 2024 10:40:56 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: MISS
x-request-id: 22ab46e1-43cf-4104-9f79-f56863c696f0
x-served-by: cache-yyz4560-YYZ
x-runtime: 0.255209
etag: W/"b07741fbd0bdb8453cfc2834881c7301"
access-control-max-age: 7200
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin,Accept-Encoding
accept-ranges: bytes
x-cache-hits: 0

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 0
0 113ms
113ms Preflight 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
content-encoding: gzip
date: Mon, 01 Jan 2024 10:40:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-yyz4560-YYZ

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 69 B
305 B 116ms
44ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 83ea259c79474bc1-BUF
access-control-allow-headers: Content-Type

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 86ms
25ms Script
text/javascript 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 01 Jan 2024 09:32:54 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 4081
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 01 Jan 2024 11:32:54 GMT

GET activityi;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1...
9231397.fls.doubleclick.net/ Frame 0105 0
0

GET activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7850576186917;auiddc=1554942865.1704105656;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0...
10742279.fls.doubleclick.net/ Frame CDE1 0
0

GET
H2 200 cnxtag-min.js Show response
js.cnnx.link/roi/ 2 KB
1 KB 257ms
78ms Script
text/javascript 2600:9000:24bb:7000:11:85b0:d600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24bb:7000:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:32:46 GMT
via: 1.1 google, 1.1 1d781f2bb177b851bc1e5873375e5544.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: SFO53-P1
age: 489
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
cache-control: max-age=600
x-amz-cf-id: l8GTQGr4Z3j3czB73smOo0pTF0cXgMzb9sU23OHOButcHzNCYbLy9g==

GET
H2

200

cksync
hb.yahoo.net/
Redirect Chain

https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
https://ups.analytics.yahoo.com/ups/55953/sync?uid=9b18e473-9644-4e9b-aa82-e1ff0b2cb58d&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true
https://ups.analytics.yahoo.com/ups/55953/sync?uid=9b18e473-9644-4e9b-aa82-e1ff0b2cb58d&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=55953&ovsid=9b18e473-9644-4e9b-aa82-e1ff0b2cb58d&gdpr=0&redir=true
https://hb.yahoo.net/cksync?cs=63&axid_e=eS1jeHp4UWZSRTJ1SDJLU1hvOU5UVjNwdHdTY1pmeG5yS35B&gdpr=0&ovsid=9b18e473-9644-4e9b-aa82-e1ff0b2cb58d&dpid=55953

57 B
663 B

399ms
114ms

Image
image/gif

23.40.62.80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hb.yahoo.net/cksync?cs=63&axid_e=eS1jeHp4UWZSRTJ1SDJLU1hvOU5UVjNwdHdTY1pmeG5yS35B&gdpr=0&ovsid=9b18e473-9644-4e9b-aa82-e1ff0b2cb58d&dpid=55953

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Server

23.40.62.80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-40-62-80.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ed079d77ba54a8e4bfc931029de75b1f5128fcae45e274d53aca95f8ab17b438

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains, max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=86400 ; includeSubDomains, max-age=604800
date: Mon, 01 Jan 2024 10:40:56 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 57
x-mnet-hl2: E
expires: Mon, 01 Jan 2024 10:40:56 GMT

Redirect headers

location: https://hb.yahoo.net/cksync?cs=63&axid_e=eS1jeHp4UWZSRTJ1SDJLU1hvOU5UVjNwdHdTY1pmeG5yS35B&gdpr=0&ovsid=9b18e473-9644-4e9b-aa82-e1ff0b2cb58d&dpid=55953
date: Mon, 01 Jan 2024 10:40:56 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

cnv
cnv.event.prod.bidr.io/log/
Redirect Chain

https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=9755934b-00e3-48a3-9c7c-6a21916f0efd&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=un...
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=c0898bc3-840a-487a-89e3-e8cc88de6e9b.&ord=5746429272331777512
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=c0898bc3-840a-487a-89e3-e8cc88de6e9b.&ord=5746429272331777512&_bee_ppp=1

43 B
796 B

39ms
39ms

Image
image/gif

54.146.211.231
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=c0898bc3-840a-487a-89e3-e8cc88de6e9b.&ord=5746429272331777512&_bee_ppp=1

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

HTTP/1.1

Server

54.146.211.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-146-211-231.compute-1.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
Date: Mon, 01 Jan 2024 10:40:56 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=c0898bc3-840a-487a-89e3-e8cc88de6e9b.&ord=5746429272331777512&_bee_ppp=1
Date: Mon, 01 Jan 2024 10:40:56 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/ 404 KB
98 KB 38ms
38ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 10:40:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: XJk1ZZTljtwHFT3qcIJg+w==
age: 2708
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 99599
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:36 GMT
server: cloudflare
etag: 0x8DB82A15D413626
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 80bad15d-801e-006c-2fda-12d214000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea259d69514bcf-BUF

POST
H2 200 token Show response
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 2 KB
2 KB 322ms
322ms Fetch
application/json 204.2.49.172
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.49.172 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

acca51897d6fe52598e02e817e8ef5a64a8707fb94716128d423280f4afa9c31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
accept-language: en-US,en;q=0.9
x-pwa-request: true
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 Jan 2024 10:40:56 GMT
content-encoding: gzip
x-correlation-id: 83ea259da8f75b4c
cf-cache-status: DYNAMIC
via: 1.1 27c608e7692c0c2238fa431356d5d6e2.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: EWR50-C1
age: 0
x-yottaa-optimizations: ob/1000 si/38D1cc0231ac-1703880238-8924556377 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
pragma: no-cache
x-ratelimit-1m-remaining: 23194, 1962896
x-ratelimit-1m-reset: 3847, 3846
vary: Accept-Encoding, User-Agent
x-ratelimit-1m-limit: 24000, 2000000
content-type: application/json
cache-control: no-store
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics: 3821cc023161/[283,281,-] 38D1cc0231ac/[-,285.939]
cf-ray: 83ea259da8f75b4c-IAD
x-amz-cf-id: fcDo_QSAZEBwbZl3JpVYm8DD1PYWzjFj5OPvhPv_b34m2mqYp_hxDQ==

GET
H2 200 st Show response
st.dynamicyield.com/ 114 KB
10 KB 138ms
47ms Script
text/javascript 2600:9000:201e:7e00:15:ad21:c740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=f9kn9i8rd5l5qv9dt9gdig0b4h6gc03q&ref=&scriptVersion=1.213.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-US%22%2C%22data%22%3A%5B%5D%7D
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:201e:7e00:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 509b8fbd10c17e0044710c69d7ca1b3349bc58485e6147a62b9ec473483c970a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:56 GMT
content-encoding: gzip
via: 1.1 c974a69619205281e0e6b8e73f95e4b4.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C3
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control: no-cache
x-amz-cf-id: YgTVCSMKH53zhg8FcHF9SCWFmdI1oOga3zEXxhmC960ny1hF5ujzCA==
expires: Mon, 01 Jan 2024 10:40:55 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
212 B 41ms
40ms XHR
text/plain 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=108189358&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgAI~&jid=1805204129&gjid=950412202&cid=1877636890.1704105656&tid=UA-432816-1&_gid=1063520680.1704105656&_r=1&_slc=1&gtm=45He3bt0n81WL3STMXv896608294&gcd=11l1l1l1l1&dma=0&z=1811889709

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/fce1bc7f-b7cb-4383-a7e9-8430e48a01d7/ 202 KB
36 KB 43ms
43ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/fce1bc7f-b7cb-4383-a7e9-8430e48a01d7/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf1b4e2a57de561424fb99aa43ef462868d58d9c205a38ae3f564c10266a4dbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 10:40:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 41641
content-md5: A+auRPWlNU8wck+viG1D2g==
content-length: 36970
x-ms-lease-status: unlocked
last-modified: Tue, 14 Nov 2023 15:26:15 GMT
server: cloudflare
etag: 0x8DBE5260AC67F7E
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 45a814af-d01e-005e-170e-17d263000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea259e8dbb4bc6-BUF
expires: Tue, 02 Jan 2024 10:40:56 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
350 B 103ms
39ms XHR
text/plain 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-432816-1&cid=1877636890.1704105656&jid=1805204129&gjid=950412202&_gid=1063520680.1704105656&_u=YEBAAEAAAAAAACgAI~&z=503885210

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 01 Jan 2024 10:40:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 13 KB
3 KB 38ms
37ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 10:40:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 5mNZducabMgxSDzBo+ZI8w==
age: 41640
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3017
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:30 GMT
server: cloudflare
etag: 0x8DB82A159AF8EA6
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 0c718e4e-201e-0081-6f27-129959000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea259f2de64bc6-BUF

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/ 61 KB
12 KB 39ms
38ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 10:40:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: sXFDxCJwbPEMIT/8f5Prwg==
age: 41640
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12544
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:33 GMT
server: cloudflare
etag: 0x8DB82A15AFF8646
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: cdeea96a-a01e-006b-6ae6-1dbe77000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea259f2de74bc6-BUF

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 21 KB
4 KB 39ms
39ms Fetch
text/css 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 10:40:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: oWkBTLgDDXvrUsd93y/Zxg==
age: 41640
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:41 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: d09127de-b01e-0048-64cd-1224b4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 83ea259f2de84bc6-BUF

GET
H2 200 dy-coll-min.js Show response
cdn.dynamicyield.com/scripts/1.213.0/ 199 KB
62 KB 85ms
85ms Script
application/javascript 2600:9000:234b:5400:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:234b:5400:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 19b9a6628fa003af26766ce1578420be5068227a572c78f0e20b53e2f2fc1886

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 06:51:13 GMT
content-encoding: gzip
via: 1.1 74aa91fe819001bcedd882694f52b436.cloudfront.net (CloudFront)
last-modified: Sun, 15 Oct 2023 07:23:37 GMT
server: DYCDN
age: 6666583
x-amz-cf-pop: SFO5-P2
etag: W/"b587b1ed184fe1cb6e2ea31f12e547c2"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: WCijFjQWF275XT5Szimn_zsabYQxwUvEOo79tk5Q2dWZtL-omYYKNg==

GET
H2

200

activityi;dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm... Show response
9231397.fls.doubleclick.net/ Frame 0105
Redirect Chain

https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;g...
https://9231397.fls.doubleclick.net/activityi;dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=unde...

658 B
527 B

51ms
50ms

Document
text/html

172.253.63.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9231397.fls.doubleclick.net/activityi;dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f149.1e100.net

Software

cafe /

Resource Hash

931d126071a21be1591d3c38690272ff2b56ec64f8309b6501f47193f9062750

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 351
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 Jan 2024 10:40:56 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 Jan 2024 10:40:56 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9231397.fls.doubleclick.net/activityi;dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

activityi;dc_pre=CP-stKKAvIMDFdyw0QQdapoIGg;src=10742279;type=elf8j0;cat=glo_flap;ord=7850576186917;auiddc=1554942865.1704105656;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3... Show response
10742279.fls.doubleclick.net/ Frame CDE1
Redirect Chain

https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7850576186917;auiddc=1554942865.1704105656;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45...
https://10742279.fls.doubleclick.net/activityi;dc_pre=CP-stKKAvIMDFdyw0QQdapoIGg;src=10742279;type=elf8j0;cat=glo_flap;ord=7850576186917;auiddc=1554942865.1704105656;u1=https%3A%2F%2Fwww.elfcosmeti...

652 B
515 B

51ms
50ms

Document
text/html

172.253.63.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10742279.fls.doubleclick.net/activityi;dc_pre=CP-stKKAvIMDFdyw0QQdapoIGg;src=10742279;type=elf8j0;cat=glo_flap;ord=7850576186917;auiddc=1554942865.1704105656;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f149.1e100.net

Software

cafe /

Resource Hash

f82bfdad6650d972584bc3bf0d250ad3417ca70b8d7f3bd3aee48dffcac12e2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 339
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 Jan 2024 10:40:56 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 Jan 2024 10:40:56 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10742279.fls.doubleclick.net/activityi;dc_pre=CP-stKKAvIMDFdyw0QQdapoIGg;src=10742279;type=elf8j0;cat=glo_flap;ord=7850576186917;auiddc=1554942865.1704105656;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
622 B 38ms
38ms Image
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 10:40:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 2745
x-ms-lease-status: unlocked
last-modified: Thu, 21 Dec 2023 21:20:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 81552adf-c01e-000f-5b93-344fef000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 83ea259f9a4d4bcf-BUF

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
490 B 38ms
38ms Fetch
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 10:40:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 41640
x-ms-lease-status: unlocked
last-modified: Thu, 21 Dec 2023 21:20:04 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: a9b48ef7-701e-0078-4f9b-349a7b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 83ea259fae194bc6-BUF

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2

43 B
840 B

43ms
43ms

Image
image/gif

68.67.160.186
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Server

68.67.160.186 Jersey City, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:56 GMT
an-x-request-uuid: 9d5d3deb-f417-4588-9258-85f5e3ae4231
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 96.9.246.195; 96.9.246.195; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:56 GMT
an-x-request-uuid: 156a2eb9-131b-45d8-a13c-da80e3cf9927
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
cache-control: no-store, no-cache, private
x-proxy-origin: 96.9.246.195; 96.9.246.195; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 39ms
38ms Image
image/png 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 10:40:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 8220
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Thu, 21 Dec 2023 21:20:05 GMT
server: cloudflare
etag: 0x8DC026A9A33BA9F
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 2916b006-b01e-0077-67ae-34ec17000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea259fda664bcf-BUF

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 38ms
37ms Image
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 10:40:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 8356
x-ms-lease-status: unlocked
last-modified: Thu, 21 Dec 2023 21:20:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: a220a8b7-a01e-006b-498a-34be77000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 83ea259fda674bcf-BUF

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 107ms
43ms Image
image/gif 2607:f8b0:4004:c08::63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=1877636890.1704105656&jid=1805204129&_u=YEBAAEAAAAAAACgAI~&z=1820873875

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::63 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 sessions Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 0
1 KB 128ms
127ms XHR
text/plain 204.2.49.172
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.49.172 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
accept-language: en-US,en;q=0.9
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjQxYjFlNmY2LWFjYmItNGI2Yi1hYjM4LTlhMjM1ZDQ3MmU3MiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDEwNTYyNiwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsYmRHa3VzMHhId1J3dWxHd0dZWXdIeEc6OmNoaWQ6ICIsImV4cCI6MTcwNDEwNzQ1NiwiaWF0IjoxNzA0MTA1NjU2LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NzcwNTcyMzIzODE3Mzc5In0.cqAkbvkV7vquArNV93BG_dyLYrSn1ZCdEsPXFPFgU81iP5v3VZ7zSNDPSpe7FQsEwzT8eEAoT8UFsXoa2dg_9w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:56 GMT
via: 1.1 cae77502d3847ca96378af9649c50cb4.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: EWR50-C1
age: 0
x-yottaa-optimizations: ob/0 si/38D1cc0231ac-1703880238-8924556384 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
pragma: no-cache
allow: OPTIONS,POST
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 3821cc023167/[87,86,-] 38D1cc0231ac/[-,90.211]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges: bytes
cf-ray: 83ea25a03cb3202d-IAD
x-dw-request-base-id: SZjLe7iWkmUBAAB_
x-amz-cf-id: vqWxCsCotvGENawBqTAUsJaEDRv7X4pvJ8fp8ZdiOC3PuucbwVP8iQ==
x-yottaa-os: 204
expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H2 200 shoppercontext Show response
www.elfcosmetics.com/api/v1/ 114 B
785 B 496ms
495ms XHR
application/json 204.2.49.172
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.49.172 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 6b42a56b231d70ea3691b9f46363b9f8ed6ca35f6b50084718669b8beac1e57d

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
accept-language: en-US,en;q=0.9
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjQxYjFlNmY2LWFjYmItNGI2Yi1hYjM4LTlhMjM1ZDQ3MmU3MiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDEwNTYyNiwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsYmRHa3VzMHhId1J3dWxHd0dZWXdIeEc6OmNoaWQ6ICIsImV4cCI6MTcwNDEwNzQ1NiwiaWF0IjoxNzA0MTA1NjU2LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NzcwNTcyMzIzODE3Mzc5In0.cqAkbvkV7vquArNV93BG_dyLYrSn1ZCdEsPXFPFgU81iP5v3VZ7zSNDPSpe7FQsEwzT8eEAoT8UFsXoa2dg_9w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Mon, 01 Jan 2024 10:40:56 GMT
via: 1.1 79f9fb603ee37517dbf3cd108c449392.cloudfront.net (CloudFront)
content-encoding: gzip
x-amzn-remapped-content-length: 114
x-amz-cf-pop: EWR50-C1
age: 0
x-amzn-remapped-connection: close
x-yottaa-optimizations: ob/1000 si/38D1cc0231ac-1703880238-8924556385 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-amzn-requestid: abbbe30c-246b-4beb-a91f-c63b5caf5983
x-cache: Miss from cloudfront
x-amz-apigw-id: Q2x82EuQCYcEZzA=
content-length: 108
etag: W/"72-HgdmTgyCF/DQfqnMU3u+4UstAzI"
x-amzn-trace-id: Root=1-659296b8-69d5977c0bfeca5d79c37003;Sampled=0;lineage=2b75b0e9:0
content-type: application/json; charset=utf-8
x-yottaa-os: 200
x-yottaa-metrics: 3821cc023168/[454,451,-] 38D1cc0231ac/[-,456.702]
x-amzn-remapped-date: Mon, 01 Jan 2024 10:40:56 GMT
x-amz-cf-id: sSGQNJP6eBaH48qGxJeOd2D7b1OWr0t3ZDei14yviuYXcD2kNh5ffg==

GET
H2 200 geo-ip Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 199 B
869 B 250ms
248ms XHR
application/json 204.2.49.172
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.246.195

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.49.172 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language: en-US,en;q=0.9
x-pwa-request: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Mon, 01 Jan 2024 10:40:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 ea450411fc852f7d373f7efbe784dd74.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR50-C1
age: 0
x-yottaa-optimizations: ob/1000 si/38D1cc0231ac-1703880238-8924556387 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.246.195
x-yottaa-metrics: 3821cc02316a/[207,205,-] 38D1cc0231ac/[-,210.138]
cf-ray: 83ea25a13e2620a2-IAD
x-dw-request-base-id: khnYubiWkmUBAAB_
x-amz-cf-id: Q8BncYDUbIQMVA3d4s7JwpndSJxUxytCOPYz761FADZWauvWzsTnCA==

GET
H2 200 geo-ip Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 199 B
868 B 225ms
224ms XHR
application/json 204.2.49.172
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.246.195

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.49.172 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language: en-US,en;q=0.9
x-pwa-request: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Mon, 01 Jan 2024 10:40:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 78151a5252ddc63300143dbe81b1f0c4.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR50-C1
age: 0
x-yottaa-optimizations: ob/1000 si/38D1cc0231ac-1703880238-8924556388 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.246.195
x-yottaa-metrics: 3821cc02316b/[181,179,-] 38D1cc0231ac/[-,183.891]
cf-ray: 83ea25a13dc081dc-IAD
x-dw-request-base-id: 22TxLriWkmUBAAB_
x-amz-cf-id: Bt63jbds-C8Bl6UtqhSxrURIdHPbeS38M22ExaZzbuH5dlscoTN8Tg==

GET
H2 200 baskets Show response
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/ablbdGkus0xHwRwulGwGYYwHxG/ 11 B
822 B 149ms
148ms Fetch
application/json 204.2.49.172
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/ablbdGkus0xHwRwulGwGYYwHxG/baskets?siteId=elf-us

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.49.172 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
accept-language: en-US,en;q=0.9
x-pwa-request: true
Authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjQxYjFlNmY2LWFjYmItNGI2Yi1hYjM4LTlhMjM1ZDQ3MmU3MiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDEwNTYyNiwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsYmRHa3VzMHhId1J3dWxHd0dZWXdIeEc6OmNoaWQ6ICIsImV4cCI6MTcwNDEwNzQ1NiwiaWF0IjoxNzA0MTA1NjU2LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NzcwNTcyMzIzODE3Mzc5In0.cqAkbvkV7vquArNV93BG_dyLYrSn1ZCdEsPXFPFgU81iP5v3VZ7zSNDPSpe7FQsEwzT8eEAoT8UFsXoa2dg_9w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:56 GMT
x-correlation-id: 83ea25a13e7a1783
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 3ea7dd920772e2ffb2371e107e093dfc.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR50-C1
age: 0
x-yottaa-optimizations: ob/1000 si/38D1cc0231ac-1703880238-8924556389 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding: gzip
x-cache: Miss from cloudfront
content-length: 37
allow: GET,HEAD,OPTIONS
x-ratelimit-remaining: 999
content-type: application/json;charset=UTF-8
vary: Accept-Encoding
sfdc_load: 2
cache-control: max-age=0,no-cache,no-store
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/ablbdGkus0xHwRwulGwGYYwHxG/baskets?siteId=elf-us
x-ratelimit-limit: 99999
accept-ranges: bytes
cf-ray: 83ea25a13e7a1783-IAD
x-amz-cf-id: Javcf8i17bziDmofZwT04DsDPtsFd1-vBMYkRA1GyFnkaPganIsYow==
x-yottaa-metrics: 3821cc02316c/[105,103,-] 38D1cc0231ac/[-,106.209]

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 77 B
187 B 204ms
204ms XHR
application/json 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

82f00a08cc92aafe56c16130c66c1316e0e4b28433e806a426bf3cb5f20391d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/json
BRAZE-SYNC-RETRY-COUNT: 0
Referer: https://www.elfcosmetics.com/
X-Requested-With: XMLHttpRequest
X-Braze-ContentCardsRequest: true

Response headers

date: Mon, 01 Jan 2024 10:40:56 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: MISS
x-request-id: 6f551104-7d79-4681-b16f-8db9f152e73b
x-served-by: cache-yyz4560-YYZ
x-runtime: 0.084630
etag: W/"82f00a08cc92aafe56c16130c66c1316"
access-control-max-age: 7200
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin,Accept-Encoding
accept-ranges: bytes
x-cache-hits: 0

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 0
0 111ms
111ms Preflight 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
content-encoding: gzip
date: Mon, 01 Jan 2024 10:40:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-yyz4560-YYZ

POST
H3 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 32 B
49 B 52ms
51ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 Jan 2024 10:40:56 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32

GET
H3

200

dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v... Show response
9231397.fls.doubleclick.net/ddm/fls/r/ Frame 9D22
Redirect Chain

https://adservice.google.com/ddm/fls/i/dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u...
https://9231397.fls.doubleclick.net/ddm/fls/r/dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=unde...

314 B
163 B

54ms
53ms

Document
text/html

172.253.63.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9231397.fls.doubleclick.net/ddm/fls/r/dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals

Requested by

Host: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f149.1e100.net

Software

cafe /

Resource Hash

c78df258aa619442045244aace725c28f23b3fbb55e228b518b364b87b63a896

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9231397.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 138
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 Jan 2024 10:40:56 GMT
expires: Mon, 01 Jan 2024 10:40:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 Jan 2024 10:40:56 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
location: https://9231397.fls.doubleclick.net/ddm/fls/r/dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dc_pre=CP-stKKAvIMDFdyw0QQdapoIGg;src=10742279;type=elf8j0;cat=glo_flap;ord=7850576186917;auiddc=1554942865.1704105656;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608... Show response
adservice.google.com/ddm/fls/i/ Frame 0A28 194 B
440 B 113ms
49ms Document
text/html 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CP-stKKAvIMDFdyw0QQdapoIGg;src=10742279;type=elf8j0;cat=glo_flap;ord=7850576186917;auiddc=1554942865.1704105656;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals

Requested by

Host: 10742279.fls.doubleclick.net
URL: https://10742279.fls.doubleclick.net/activityi;dc_pre=CP-stKKAvIMDFdyw0QQdapoIGg;src=10742279;type=elf8j0;cat=glo_flap;ord=7850576186917;auiddc=1554942865.1704105656;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10742279.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 85
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 Jan 2024 10:40:56 GMT
expires: Mon, 01 Jan 2024 10:40:56 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 350ms
143ms Fetch 99.84.238.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=252721&uid=-3089469102153886024&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=e3d63c37beb1eece2683dfeb560cad85&expSes=18709&aud=1004392.1092373.1167402.1274296.1324059.1426804.1443347.1846919.884367.884372.884385.884387.998337.1182144.799438.799440&expVisitId=6085907381211323040&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704105656589&rri=8756752
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.238.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-238-117.sfo5.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:56 GMT
via: 1.1 457f6aac6043da8b82d532af40ff19c2.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO5-C3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: -xsdxWfKGY8JdXR5xUPocjE6WdYXGRgB5wZU9cXx-Rb-mSyNHpWiZQ==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 348ms
141ms Fetch 99.84.238.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=479135&uid=-3089469102153886024&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=e3d63c37beb1eece2683dfeb560cad85&expSes=18709&aud=1004392.1092373.1167402.1274296.1324059.1426804.1443347.1846919.884367.884372.884385.884387.998337.1182144.799438.799440&expVisitId=6085907378005042104&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704105656590&rri=2940495
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.238.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-238-117.sfo5.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:56 GMT
via: 1.1 457f6aac6043da8b82d532af40ff19c2.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO5-C3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: sxwaiy_GIkHakbpLeT036Yiz_dXf-M2EplS_0FXbbQSAYvL6HMEF0w==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 348ms
142ms Fetch 99.84.238.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=714884&uid=-3089469102153886024&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=e3d63c37beb1eece2683dfeb560cad85&expSes=18709&aud=1004392.1092373.1167402.1274296.1324059.1426804.1443347.1846919.884367.884372.884385.884387.998337.1182144.799438.799440&expVisitId=6085907381943677859&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704105656591&rri=499527
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.238.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-238-117.sfo5.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:56 GMT
via: 1.1 457f6aac6043da8b82d532af40ff19c2.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO5-C3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: mOSenyiiWUtWPKojzMNT0oD2xZonMvVkr-XE8Xxc3EaTXivU885ykA==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 345ms
140ms Fetch 99.84.238.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=822395&uid=-3089469102153886024&sec=8772046&t=ri&e=1575901&p=1&ve=12692962&va=%5B28207095%5D&ses=e3d63c37beb1eece2683dfeb560cad85&expSes=18709&aud=1004392.1092373.1167402.1274296.1324059.1426804.1443347.1846919.884367.884372.884385.884387.998337.1182144.799438.799440&expVisitId=6085907380473571025&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704105656592&rri=7825864
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.238.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-238-117.sfo5.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:56 GMT
via: 1.1 457f6aac6043da8b82d532af40ff19c2.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO5-C3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: ihwmz6RtshfMjFkBp4VGbiazHxgbQo-8_mb8QxMZoeMYlcx_EnX06Q==
expires: 0

POST
H2 200 uia Show response
async-px.dynamicyield.com/ 0
383 B 345ms
142ms XHR
text/plain 99.84.238.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/uia?cnst=1&_=1704105656594
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.238.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-238-117.sfo5.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:56 GMT
via: 1.1 457f6aac6043da8b82d532af40ff19c2.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO5-C3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: J0nx_eXdEEGBH6jdubyqFLWyU-Kb6RBiNmlVziiJXicDGUFNVghjrA==
expires: 0

POST
H2 200 baskets Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 3 KB
2 KB 335ms
335ms XHR
application/json 204.2.49.172
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.49.172 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

51558a5892a3d93e4c5a38d55aff112e8b6d3860852e3048f622dfe6fa810c29

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language: en-US,en;q=0.9
x-pwa-request: true
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjQxYjFlNmY2LWFjYmItNGI2Yi1hYjM4LTlhMjM1ZDQ3MmU3MiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDEwNTYyNiwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsYmRHa3VzMHhId1J3dWxHd0dZWXdIeEc6OmNoaWQ6ICIsImV4cCI6MTcwNDEwNzQ1NiwiaWF0IjoxNzA0MTA1NjU2LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NzcwNTcyMzIzODE3Mzc5In0.cqAkbvkV7vquArNV93BG_dyLYrSn1ZCdEsPXFPFgU81iP5v3VZ7zSNDPSpe7FQsEwzT8eEAoT8UFsXoa2dg_9w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Mon, 01 Jan 2024 10:40:56 GMT
via: 1.1 e6fc68fd040718147cda2e3ef6f63636.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: EWR50-C1
age: 0
x-yottaa-optimizations: ob/1000 si/38D1cc0231ac-1703880238-8924556391 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
content-length: 1044
pragma: no-cache
etag: 42241f15dd432e8a095ab136814da489cdd46e0dfafbbcab8156bfe683adf414
allow: OPTIONS,POST
content-type: application/json;charset=UTF-8
x-dw-resource-state: 42241f15dd432e8a095ab136814da489cdd46e0dfafbbcab8156bfe683adf414
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 3821cc02316e/[290,287,-] 38D1cc0231ac/[-,293.024]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges: bytes
cf-ray: 83ea25a2291181f4-IAD
x-dw-request-base-id: 22T0LrmWkmUBAAB_
x-amz-cf-id: yb7bzRapMPyft1VKhgi-WvKmZfJzhY_KI9xHw0MnABGfVdbPYqQSAw==
x-yottaa-os: 200
expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H2 200 batch
async-px.dynamicyield.com/ 0
381 B 305ms
143ms Ping
text/plain 99.84.238.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/batch?cnst=1&_=1704105656635_890509
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.238.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-238-117.sfo5.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:56 GMT
via: 1.1 969054bdb3a3ab0ab0c42213e2a06ed8.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO5-C3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: 2h0gm-wcioPF3YQsLtUeAMp5eaq0S8gRxf5ZCluuhK5oXMoJyomEqQ==
expires: 0

GET
H2

204

t
evt.undertone.com/ Frame 9D22
Redirect Chain

https://ads.undertone.com/t?trackerid=7729&cb=365953153
https://evt.undertone.com/t?trackerid=7729&cb=365953153

0
654 B

119ms
35ms

Image
text/plain

3.162.112.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evt.undertone.com/t?trackerid=7729&cb=365953153
Requested by: Host: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/ddm/fls/r/dc_pre=CJLts6KAvIMDFZgBTwgdIJIN6w;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals
Protocol: H2
Server: 3.162.112.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-112-105.iad61.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://9231397.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:57 GMT
via: 1.1 1fecb697c6f121d7ce54a35628ac154e.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD61-P2
x-cache: Miss from cloudfront
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
access-control-allow-origin: https://9231397.fls.doubleclick.net/
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
x-amz-cf-id: VzUD_JT6Iw7sHbRP1RF34t2YxVhowpGYcnQFcS8LEDFrtIfa9sDiqg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Mon, 01 Jan 2024 10:40:56 GMT
via: 1.1 5d1a51a1eb09caa5b28051dd961c7c40.cloudfront.net (CloudFront)
accept-ch: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
x-amz-cf-pop: IAD55-P5
x-cache: Miss from cloudfront
location: https://evt.undertone.com/t?trackerid=7729&cb=365953153
content-length: 0
x-amz-cf-id: wqmhgKeh_EB6VmWoaCImN1FHu9v07LyZ_lmxQ-dEKXmglsmB4CL--w==

POST
H2 200 clog Show response
px.dynamicyield.com/ 0
228 B 135ms
40ms XHR
text/plain 34.230.254.96
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://px.dynamicyield.com/clog
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.254.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-254-96.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:56 GMT
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
expires: 0

GET
H2 200 NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 5 KB
6 KB 160ms
41ms Image
image/png 2606:4700:4400::6812:2a49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2a49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:57 GMT
x-amz-version-id: null
cf-cache-status: HIT
age: 80096
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 5378
last-modified: Sun, 31 Dec 2023 08:18:17 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 83ea25a5abc44bc3-BUF
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 2 KB
1 KB 161ms
43ms Image
image/svg+xml 2606:4700:4400::6812:2a49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2a49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:57 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
age: 60237
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 31 Dec 2023 11:21:28 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 83ea25a5abc64bc3-BUF
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 icon-noun-snowflake-1044022
elfcosmetics.a.bigcontent.io/v1/static/ 3 KB
1 KB 160ms
42ms Image
image/svg+xml 2606:4700:4400::6812:2a49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-snowflake-1044022?%24Desktop%24=&fmt=auto
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2a49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30766af54516bbc623c690d7506f7d86b6c987acbcc1229debb7dff8f463459b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:57 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
age: 80096
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 31 Dec 2023 06:33:07 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 83ea25a5abc54bc3-BUF
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 PWA-UpdateSession Show response
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/ 56 B
1 KB 367ms
366ms XHR
application/json 204.2.49.172
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.49.172 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
accept-language: en-US,en;q=0.9
x-pwa-request: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: gzip
via: 1.1 04d5f6961d9b76b97c908d8ed9816378.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: EWR50-C1
age: 0
x-yottaa-optimizations: ob/1000 si/38D1cc0231ac-1703880238-8924556395 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
pragma: no-cache
content-type: application/json
cache-control: no-cache, no-store, must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
x-yottaa-metrics: 3821cc023173/[322,319,-] 38D1cc0231ac/[-,324.297]
cf-ray: 83ea25a53b79080d-IAD
x-dw-request-base-id: SZjYe7mWkmUBAAB_
x-amz-cf-id: URMl05jRVDMdfwMlUiQj0XvFJ-rurr4LvTXNeLb7iTtYRP0XMc9mKQ==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 27ms
26ms Image
image/gif 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=108189358&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ux&ea=scrolled%20page&el=25%25&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=1877636890.1704105656&tid=UA-432816-1&_gid=1063520680.1704105656&gtm=45He3bt0n81WL3STMXv896608294&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=US&gcd=11l1l1l1l1&dma=0&z=1273394551

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Dec 2023 20:39:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50465
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 28ms
27ms Image
image/gif 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=108189358&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ux&ea=scrolled%20page&el=50%25&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=1877636890.1704105656&tid=UA-432816-1&_gid=1063520680.1704105656&gtm=45He3bt0n81WL3STMXv896608294&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=US&gcd=11l1l1l1l1&dma=0&z=1898780905

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Dec 2023 20:39:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50465
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 29ms
28ms Image
image/gif 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=108189358&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ux&ea=scrolled%20page&el=75%25&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=1877636890.1704105656&tid=UA-432816-1&_gid=1063520680.1704105656&gtm=45He3bt0n81WL3STMXv896608294&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=US&gcd=11l1l1l1l1&dma=0&z=540261860

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Dec 2023 20:39:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50465
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 29ms
29ms Image
image/gif 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=108189358&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ux&ea=scrolled%20page&el=95%25&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=1877636890.1704105656&tid=UA-432816-1&_gid=1063520680.1704105656&gtm=45He3bt0n81WL3STMXv896608294&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=US&gcd=11l1l1l1l1&dma=0&z=1571570826

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Dec 2023 20:39:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50465
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 32 B
49 B 58ms
58ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 Jan 2024 10:40:57 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32

POST
H2 200 event
qoe-1.yottaa.net/log-nt/ 3 B
191 B 122ms
57ms Ping
text/json 204.2.131.15
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://qoe-1.yottaa.net/log-nt/event
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.2.131.15 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 01 Jan 2024 10:40:57 GMT
access-control-expose-headers: X-Results-Data-Source
access-control-allow-credentials: true
cache-control: no-cache
timing-allow-origin: *
content-type: text/json

GET
H/1.1 200
OK main.js Show response
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 144 KB
42 KB 173ms
36ms Script
application/javascript 184.27.13.189
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.27.13.189 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-27-13-189.deploy.static.akamaitechnologies.com

Software

nginx / Express

Resource Hash

ec82b31e96055d86efd9adec9781b4b588e877c51b1b62ce71dbf73d64ab5318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000
Content-Encoding: gzip
Date: Mon, 01 Jan 2024 10:40:57 GMT
Server: nginx
ETag: W/"5dfe8369a3933fdb6e1183aaae1f4985cce427b9"
X-Powered-By: Express
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: must-revalidate, max-age=900
Connection: keep-alive
Content-Length: 42894
Expires: Mon, 01 Jan 2024 10:55:57 GMT

GET
H2 200 110221.ct.js Show response
tag.rmp.rakuten.com/ 47 KB
15 KB 134ms
36ms Script
text/javascript 34.102.147.248
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.rmp.rakuten.com/110221.ct.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

248.147.102.34.bc.googleusercontent.com

Software

Resource Hash

9b3632368a9856515572ac89df71707fcef5d58219d9b7c1b1de04a995f30973

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: gzip
via: 1.1 google
strict-transport-security: max-age=31536000
last-modified: Mon, 01 Jan 2024 10:40:57 GMT
x-cache: hit
x-samesite: secure
content-type: text/javascript
cache-control: max-age=86400
x-dyn: 0
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 js Show response
www.paypal.com/sdk/ 405 KB
113 KB 76ms
25ms Script
application/javascript 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

406c93b0692878bad84a4f34065184d023ac12f1b92d9cb0398642fb0de45c2d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
disable-set-cookie: true
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Mon, 01 Jan 2024 10:40:57 GMT
age: 9332
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT, HIT, MISS
p3p: true
paypal-debug-id: f795141b825a2
server-timing: "traceparent;desc="00-0000000000000000000f795141b825a2-e84f1f95b6377d83-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 113491
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200160-BUR, cache-yyz4559-YYZ, cache-yyz4559-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f795141b825a2-87afe40249f9ddae-01
x-timer: S1704105658.532686,VS0,VE6
etag: W/"1bb53-c79XMxVek5EmjAexQ41SV+7fXh0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 126, 1, 0

GET
H/1.1 200
OK / Show response
websdk.appsflyer.com/ 38 KB
12 KB 132ms
34ms Script
application/javascript 2600:1408:5400:13::17cf:cacd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://websdk.appsflyer.com/?st=banners&
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:5400:13::17cf:cacd Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 10:40:57 GMT
Content-Encoding: gzip
x-amz-request-id: VPCP98F3K3N7Y0S8
x-amz-server-side-encryption: AES256
Connection: keep-alive
Content-Length: 11792
x-amz-id-2: J0ehP83iGtFhFDzx9znFBbdK81DLNN3txzQUDzGLeFDByel0pX1qQacK6amhO9VxDmxquql6M8o=
Last-Modified: Wed, 14 Jun 2023 06:58:45 GMT
Server: AmazonS3
ETag: "5a676288bcea03bd05e483bc4ce066ae"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=3589
Accept-Ranges: bytes
X-DataStream-Cache-Status: 1
Expires: Mon, 01 Jan 2024 11:40:46 GMT

GET
H2 200 loader.js Show response
cdn.usehero.com/ 98 KB
28 KB 201ms
46ms Script
application/javascript 2600:9000:2006:de00:13:d6f4:3240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.usehero.com/loader.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2006:de00:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:06:36 GMT
content-encoding: gzip
via: 1.1 3c55055900531668f134c712b281ef24.cloudfront.net (CloudFront)
last-modified: Tue, 19 Sep 2023 07:56:38 GMT
server: AmazonS3
x-amz-cf-pop: ATL56-C1
age: 2062
x-amz-server-side-encryption: AES256
etag: W/"fbf714a58cbac38c0deea519667d9044"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: 4f_zcSSyJLxBU8IfX6_YIao8JzQhP2EktJOS8OjzD90uEoagT5QGhQ==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10812184462/ 2 KB
2 KB 111ms
44ms Script
text/javascript 2607:f8b0:4004:c1d::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10812184462/?random=1704105655689&cv=11&fst=1704105655689&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&auid=1554942865.1704105656&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::9d Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

14418f48682cd53a6409b96eca664d9f13187a23d376266b9962d2979e449f8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1239
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/698270988/ 3 KB
2 KB 112ms
45ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/698270988/?random=1704105655693&cv=11&fst=1704105655693&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&bttype=purchase&auid=1554942865.1704105656&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

958cf6266164432659b85e2cacc81a9da1a1d34de904ebb557df3fc8b5aba085

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1609
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/865242110/ 2 KB
1 KB 114ms
49ms Script
text/javascript 2607:f8b0:4004:c1d::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/865242110/?random=1704105655711&cv=11&fst=1704105655711&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&auid=1554942865.1704105656&uamb=0&uaw=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&rfmt=3&fmt=4

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::9d Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

24281315b5bba0ab8e353a951a118183a3c292580e8c6a3ca673853a339fb6fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1266
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/ 2 KB
1 KB 107ms
44ms Script
text/javascript 2607:f8b0:4004:c1d::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1704105655712&cv=11&fst=1704105655712&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&auid=1554942865.1704105656&uamb=0&uaw=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&rfmt=3&fmt=4

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::9d Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7dea142a8cade81a17d2cce928a562d6c7ecfab7b5a3bf05fd044c97a1b4ba9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1264
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 scevent.min.js Show response
sc-static.net/ 41 KB
18 KB 304ms
121ms Script
application/javascript 18.155.191.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.155.191.244 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-191-244.sfo53.r.cloudfront.net
Software: CloudFront /
Resource Hash: ab12e815caea6aba8fe2da60e7d298cccb649166f81926ff64e5dc56ea526522

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: gzip
via: 1.1 1d781f2bb177b851bc1e5873375e5544.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: SFO53-P1
x-cache: Miss from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 17610
x-amz-cf-id: 4iY0MIMhARZcYjwxbUNAMdxMb5aFDU-RJSpkQiw9FEph3RLWB0CbXw==

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 4 KB
2 KB 115ms
33ms Script
application/javascript 2a04:4e42:77::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:77::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ef45c21f7e054481c81992c1a46293a28c9bb8b3722bc566479326187f473c8c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: br
x-cdn: fastly
etag: "8d7d8ce32aa2a45d64e9f04a9a5cb1c4"
x-amz-server-side-encryption: AES256
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=7200
alt-svc: h3=":443";ma=600
content-length: 1793

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 98ms
32ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 01 Jan 2024 10:40:57 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: zWAT08RnchV+sluGGm8oZpQ3zh0rEJZoHsmJDpA60sWDvG2Xqi4uKRrUt9rD9U4gIEIlN7WfuNVB+muoiC+UQw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 26 KB
9 KB 94ms
29ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Tue, 12 Dec 2023 19:56:38 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "ead4fccfb1bebd02138cf2dcadd7dcba"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 8123

GET
H2 200 local Show response
www.paypal.com/credit-presentment/experiments/ Frame 0F13 5 KB
2 KB 27ms
26ms Document
text/html 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

76ccee8dcac265bb4a7e8ec0fc9bc41d9c50a4d7152202944486cdf5d29d3104

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com https:; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-expose-headers: Server-Timing
age: 45363
cache-control: s-maxage=86400, max-age=0
content-encoding: gzip
content-length: 1525
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type: text/html; charset=utf-8
date: Mon, 01 Jan 2024 10:40:57 GMT
dc: ccg11-origin-www-1.paypal.com
edge-cache-tag: up-treatments-zoid
etag: W/"1479-Cw0bW9SNdV/AdJwbOb5XSdbCup8"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f385383f65308
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: "traceparent;desc="00-0000000000000000000f385383f65308-7ca2c2c6ff5a1db6-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f385383f65308-d84f887b0dc0d540-01
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT, MISS
x-cache-hits: 6, 4476, 0
x-served-by: cache-bur-kbur8200094-BUR, cache-yyz4559-YYZ, cache-yyz4559-YYZ
x-timer: S1704105658.693524,VS0,VE5
x-xss-protection: 1; mode=block

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 14 KB
6 KB 28ms
28ms Script
application/x-javascript 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.416&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b3dfd765b2448d6b895743c2ef502d2a12efeb74f1506493c9126b99565806d1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-A/3pSAedoDeXaCC+3C/QHRNda8JO80YulAjm1TFNzVJvujEe' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-A/3pSAedoDeXaCC+3C/QHRNda8JO80YulAjm1TFNzVJvujEe' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 01 Jan 2024 10:40:57 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 44031
x-cache: HIT, HIT, MISS
paypal-debug-id: f93840447dc64
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 4797
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200058-BUR, cache-yyz4559-YYZ, cache-yyz4559-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f93840447dc64-d90b3b097a3e4095-01
x-timer: S1704105658.694958,VS0,VE9
etag: W/"3692-QzVHWNx2x6P2T/jQmWJ7N1OzDJ8"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=3600
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 814, 7, 0

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 6 KB
3 KB 164ms
78ms Script
application/javascript 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 2b87052b076dee712c35554a591f7fa41bcfc76acace7199b1e1363d67294907

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id: ec77f15c.8bab45e4
date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101104057CEB5B0A6DCC9416B487A-59772382C630A87E-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 32,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=24, origin; dur=8, inner; dur=3
content-length: 1947
pragma: no-cache
server: nginx
x-tt-logid: 20240101104057CEB5B0A6DCC9416B487A
x-cache-remote: TCP_MISS from a23-220-104-215.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 8,23.220.104.215
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a52426e3b8818feabe83b9942b2d21bacf72807ac24e509597491df79f9643443a043f81f79e7c035031b8d0c7fab530baf1c4ac2b7f3b1b4175e996488f827a6c9229e1553d1509dfaa55ee90ec4bd9a53c5
expires: Mon, 01 Jan 2024 10:40:57 GMT

GET
H2 200 widget.js Show response
js.jebbit.com/companion/v1/ 44 KB
44 KB 302ms
90ms Script
text/javascript 2600:9000:25f1:c00:a:7914:b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.jebbit.com/companion/v1/widget.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:25f1:c00:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a68adcd6e4525179b1a4e28b16abe4777a0afb870b4317b427f6d6ea8fbe22ed

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 31 Dec 2023 11:50:11 GMT
x-amz-version-id: Uw77y8f3Lm7O6.ZhO9qLmkRQyA3BbYtB
via: 1.1 2aaae4c3e73a4a56fa0cd5cd6e4851e6.cloudfront.net (CloudFront)
last-modified: Thu, 21 Dec 2023 18:01:49 GMT
server: AmazonS3
x-amz-cf-pop: SFO53-P5
age: 82247
etag: "c3a781ab856fe1e791e7bbb3d0023f28"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 45036
x-amz-cf-id: o8xLP05pzWn5bhiLtKCVxgzohcfnFkTferOZ5kkKKRSNAjDzK45OpQ==

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 126ms
45ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 01 Jan 2024 10:40:57 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F70058C178FD4177BF79C3D79893FADF Ref B: EWR311000106021 Ref C: 2024-01-01T10:40:57Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2 200 1a8bfa042c9c5.js Show response
t.contentsquare.net/uxa/ 283 KB
68 KB 265ms
90ms Script
application/javascript 18.173.121.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.121.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-121-36.sfo53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e164d3eb3e9b278fea4e13e0d68d3f1bb3fc421c3a2b709710ddfe8762dc4fad

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 31 Dec 2023 10:13:24 GMT
content-encoding: br
via: 1.1 8b07eedf72d3aba1c5de890b68e7694c.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P6
age: 0
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 69384
last-modified: Tue, 19 Dec 2023 14:04:54 GMT
server: AmazonS3
etag: "cf13703979657a27cb3c3eeda3bbb72a"
vary: Origin
content-type: application/javascript;charset=utf-8
cache-control: max-age=900
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: AN73xmm8JswTjt5Z7rD18hztmND9fH1hzeMK3zK37pcpbUwd4CHV8Q==

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 187ms
147ms Preflight 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 0
date: Mon, 01 Jan 2024 10:40:57 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f3613772a2c3f
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f3613772a2c3f-a18addaa72274e64-01
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-content-type-options: nosniff
x-served-by: cache-bur-kbur8200127-BUR, cache-yyz4550-YYZ, cache-yyz4550-YYZ
x-timer: S1704105658.758029,VS0,VE127

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 1003 B
937 B 165ms
165ms XHR
application/json 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b5b5bff47a857b32d62370bd8c282a5aae2630e337b181b649ef7356f141e62b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Mon, 01 Jan 2024 10:40:58 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cache: MISS, MISS, MISS
paypal-debug-id: f361377b60ecf
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-bur-kbur8200067-BUR, cache-yyz4550-YYZ, cache-yyz4550-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f361377b60ecf-8ae314e5f06ddf61-01
x-timer: S1704105658.905997,VS0,VE138
etag: W/"3eb-ZQpdCdfZZylfHfEjK2trJ8kHeZI"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: none
x-cache-hits: 0, 0, 0

GET
H2 200 i.js Show response
tag.wknd.ai/4142/ 18 KB
6 KB 132ms
28ms Script
text/plain 34.120.253.250
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.wknd.ai/4142/i.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 250.253.120.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: 9a77cbb7b054563b83506932790e70186ba3a92e69a147216e3176337178adbb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:39 GMT
content-encoding: gzip
via: 1.1 google
age: 18
x-envoy-upstream-service-time: 0
x-region: us-central1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5754
server: istio-envoy
etag: 84d224ee45e478
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=60
timing-allow-origin: *
link: <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect

GET
H2 200 sdk.js Show response
analytics.tiktok.com/i18n/pixel/ 8 KB
3 KB 175ms
98ms Script
application/javascript 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=BRR4GA0I9JJBU29G8GF0
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b2848023bb8808ebf330b6a2deb823fc64bba02cb94572a2fb2faf4f682b49b3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id: eca7e783.8bab45e5
date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101104057F90F44D012AC5014DF31-6490555DCEE4D6D1-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 48,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=45, origin; dur=4, inner; dur=1
content-length: 2375
pragma: no-cache
server: nginx
x-tt-logid: 20240101104057F90F44D012AC5014DF31
x-cache-remote: TCP_MISS from a23-220-104-215.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 4,23.220.104.215
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a52426e3b8818feabe83b9942b2d21bacf7280af894593328fec87d8293213014da2902686e1117f5008bcfb4bc1b3ebc0c652678b1a04a5149167cc70eb4acfe69227cafbcb4d50ab1ab346c38b3e114f866
expires: Mon, 01 Jan 2024 10:40:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 271 KB
90 KB 49ms
49ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

22fba3fdac1cd52fe3838ac8abb80311188a9be48a19c250f2042f769808379c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92064
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 01 Jan 2024 10:40:57 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10812184462/ 42 B
154 B 43ms
43ms Image
image/gif 2607:f8b0:4004:c08::63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10812184462/?random=1704105655689&cv=11&fst=1704103200000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_vyIzOq7LyOxUrXwZ8DsKcr3n-8jfPWMPYyLsq_SaBQrT-Y4T&random=2126483839&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::63 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.com/pagead/1p-conversion/698270988/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=861244339&cv=11&fst=1704105655693&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u...
https://www.google.com/pagead/1p-conversion/698270988/?random=861244339&cv=11&fst=1704105655693&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%...

42 B
108 B

47ms
46ms

Image
image/gif

2607:f8b0:4004:c08::63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/698270988/?random=861244339&cv=11&fst=1704105655693&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&auid=1554942865.1704105656&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ09MSnJBWVF6YzdkeXEzUjRfdm9BUkltQUpSUmV6TUZvLVFMaWlzOW9hcEhIaVNnTHVnbTlMQzNTOU40bTB5VzhNNy1RdFd1LWtZGlpDaEVJZ09MSnJBWVFvNEhPNVBQaXZ0M1NBUkl1QVBDSGtpUVh6dlpzb2prR0pwU0xhM0JhUDNXdE5od1I2UTlPLWEwTm9fWTF0NE9tNUVkeGtILUZCWjVxanciEwjkh4mjgLyDAxVQDmgIHaeCAK0&is_vtc=1&ocp_id=uZaSZaTHJ9CcoPMPp4WC6Ao&cid=CAQSKQAvHhf_7fsZuQEHlMMlu-cSk0ljtXGEPB3GXXvH6u_MJX04-pHdEqGc&eitems=ChEIgOLJrAYQ1tWj2sWOtp_NARIdANJWnmV59jSTuTSMeRTI2HxsBEYLKc4McLBnRMM&random=1142927504

Protocol

Server

2607:f8b0:4004:c08::63 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:57 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://www.google.com/pagead/1p-conversion/698270988/?random=861244339&cv=11&fst=1704105655693&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&auid=1554942865.1704105656&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ09MSnJBWVF6YzdkeXEzUjRfdm9BUkltQUpSUmV6TUZvLVFMaWlzOW9hcEhIaVNnTHVnbTlMQzNTOU40bTB5VzhNNy1RdFd1LWtZGlpDaEVJZ09MSnJBWVFvNEhPNVBQaXZ0M1NBUkl1QVBDSGtpUVh6dlpzb2prR0pwU0xhM0JhUDNXdE5od1I2UTlPLWEwTm9fWTF0NE9tNUVkeGtILUZCWjVxanciEwjkh4mjgLyDAxVQDmgIHaeCAK0&is_vtc=1&ocp_id=uZaSZaTHJ9CcoPMPp4WC6Ao&cid=CAQSKQAvHhf_7fsZuQEHlMMlu-cSk0ljtXGEPB3GXXvH6u_MJX04-pHdEqGc&eitems=ChEIgOLJrAYQ1tWj2sWOtp_NARIdANJWnmV59jSTuTSMeRTI2HxsBEYLKc4McLBnRMM&random=1142927504
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/698270988/ 42 B
108 B 43ms
43ms Image
image/gif 2607:f8b0:4004:c08::63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/698270988/?random=1704105655712&cv=11&fst=1704103200000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_Pf5xD12vwggtnebMkmdS-P-HMDVoQ5iY9yzoDcDw5xLCDCsJ&random=367571302&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::63 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/865242110/ 42 B
108 B 51ms
50ms Image
image/gif 2607:f8b0:4004:c08::63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/865242110/?random=1704105655711&cv=11&fst=1704103200000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_uZaOFDQmYQNRt5KrgL9tZjOPpgKAX_ujOFtcnw9SUowNF8lE&random=1369646808&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::63 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame 0F13 405 KB
112 KB 23ms
23ms Script
application/javascript 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

406c93b0692878bad84a4f34065184d023ac12f1b92d9cb0398642fb0de45c2d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
disable-set-cookie: true
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Mon, 01 Jan 2024 10:40:57 GMT
age: 9332
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT, HIT, MISS
p3p: true
paypal-debug-id: f795141b825a2
server-timing: "traceparent;desc="00-0000000000000000000f795141b825a2-e84f1f95b6377d83-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 113491
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200160-BUR, cache-yyz4559-YYZ, cache-yyz4559-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f795141b825a2-87afe40249f9ddae-01
x-timer: S1704105658.796570,VS0,VE4
etag: W/"1bb53-c79XMxVek5EmjAexQ41SV+7fXh0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 126, 2, 0

GET
H2 200 main.74d80534.js Show response
s.pinimg.com/ct/lib/ 65 KB
19 KB 34ms
34ms Script
application/javascript 2a04:4e42:77::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.74d80534.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:77::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 60cc60a6fcbd230def379432395199b585791ed521e2e5f595369a2193e617fb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: br
x-cdn: fastly
etag: "cb251578b1e91b3cc440fd1521770cc5"
x-amz-server-side-encryption: AES256
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=1209600
alt-svc: h3=":443";ma=600
content-length: 18895

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 67ms
19ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1704105657795&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=aef67e42-1a6d-4790-9bf3-7ea8b951c661&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_3549b422&dpm=&dpcc=&dprc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:57 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 ts
t.paypal.com/ 42 B
550 B 155ms
105ms Image
image/gif 151.101.129.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1704105657799&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Mon, 01 Jan 2024 10:40:57 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 73c38cf0a501a
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-bur-kbur8200101-BUR, cache-yyz4524-YYZ
pragma: no-cache
correlation-id: 73c38cf0a501a
traceparent: 00-000000000000000000073c38cf0a501a-9c0db6e3843e2560-01
x-timer: S1704105658.861136,VS0,VE86
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 01 Jan 2024 10:40:57 GMT

GET
H2 200 1638306756445368 Show response
connect.facebook.net/signals/config/ 146 KB
37 KB 109ms
108ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1638306756445368?v=2.9.138&r=stable&domain=www.elfcosmetics.com

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7bab85eaa8d74cec964409d9e0a5c6d7ed0000b23b6400c562333c6483761ca2

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 01 Jan 2024 10:40:57 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: dFf52kImS8/DflHFSMC5ENgfvjXOn0Up/Sm6p3rE3hmv2d+P0dNKoIhwO17ZL4Q9rK3qJdBAooMngqNvCGZ/kA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 display Show response
api.usehero.com/webplugin/ 189 B
1 KB 156ms
59ms XHR
application/json 3.220.245.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&state=untouched&outboundFeature=

Requested by

Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-220-245-192.compute-1.amazonaws.com

Software

Resource Hash

33bb56a2ae76b3945214ce826ef8cd4ec9294135a5a2873436e31f5377c9d790

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies: none
surrogate-control: no-store
x-dns-prefetch-control: off
klarna-correlation-id: 28a5f944-93fd-4f54-ac32-08d7300bea49
cross-origin-resource-policy: same-origin
x-geo-longitude: -78.89270
pragma: no-cache
referrer-policy: same-origin
etag: W/"bd-DT6UCHarWghNgUTFoK4Vr1Bo5as"
x-frame-options: SAMEORIGIN
x-geo-zip: 14202
content-type: application/json; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?1
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude: 42.88670
x-accuracy: 20
expires: 0
date: Mon, 01 Jan 2024 10:40:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp
x-time-zone: America/New_York
x-envoy-upstream-service-time: 13
content-length: 189
x-xss-protection: 0
x-request-id: 28a5f944-93fd-4f54-ac32-08d7300bea49
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-country: US
x-geo-city: Buffalo

GET
H2 200 main.MWNkZmM2YTcxNQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 455 KB
117 KB 113ms
112ms Script
application/javascript 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNQ.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 7d6c4d0f6c0243be96359698866dd471c961e463dbc5604aebc1c36a229ba303

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id: 8bab46d6
date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202312211406598ACA90A6D7E13538DEDC
x-tt-trace-id: 00-2312211406598ACA90A6D7E13538DEDC-651FAB37B704D0A2-00
vary: Accept-Encoding
x-cache: TCP_HIT from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 019d2b7825a0e69faa821bb4d912db5eaaf4e6812b8c189a823eab6e4809512a72874be366f7e85a5edd89825ddbe22ca48a1bef260f293a6244753b52270e6dfc2bc47e9e55ea87a3cad96d6fc3e94a47cb4eafb6cb5ca24b1385a083dc4fd4c9
server-timing: cdn-cache; desc=HIT, edge; dur=14, origin; dur=0, inner; dur=4
content-length: 118674

GET
H2 204 5013978.js Show response
bat.bing.com/p/action/ 0
118 B 44ms
44ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5013978.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 01 Jan 2024 10:40:57 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DEB89FD478A04DA5AFBA0353ECB23975 Ref B: EWR311000106021 Ref C: 2024-01-01T10:40:57Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
360 B 113ms
113ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=b64f0f7d-5f63-4d91-a285-08a618ede6f2&sid=3f809ef0a89211eeac81515a8dc5adb7&vid=3f80a180a89211eea5b5d5fbdd54a3a4&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&p=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&r=&lt=5129&evt=pageLoad&sv=1&rn=640786

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 01 Jan 2024 10:40:57 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A43434138B854CF5A0EF6881B639DA52 Ref B: EWR311000106021 Ref C: 2024-01-01T10:40:57Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.MWNkZmM2YTcxNA.js Show response
analytics.tiktok.com/i18n/pixel/static/ 436 KB
114 KB 41ms
41ms Script
application/javascript 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 55788c5128dfe492550d4be991c50248941d9231a1abe334a97dc8951685aab7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id: 8bab46d7
date: Mon, 01 Jan 2024 10:40:57 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20231221140832F244E206A38A9D4E0EEA
x-tt-trace-id: 00-231221140832F244E206A38A9D4E0EEA-7F1C111BAC6C5194-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 016b3794e4c612162c79d860511489a089b465861e9db71462f4a303d59ddc0d8318afd6498c91b87d844b23783a7e5a55c9ba3ffa16666c7fe244c8d987bfa00e0c5fa965d7ce873c358798b960feb4aca9deb09635c73829df87b3a05f878b1b
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4
content-length: 116343

GET
H2 200 / Show response
ct.pinterest.com/user/ 298 B
621 B 335ms
40ms XHR
application/json 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1704105657927&dep=2%2CPAGE_LOAD
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.74d80534.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8e33955f54ef8025b647a6e685fa689a9256fc5c987f7dc98590310ac3c358e5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:58 GMT
content-encoding: gzip
x-cdn: fastly
x-envoy-upstream-service-time: 0
alt-svc: h3=":443";ma=600
x-pinterest-rid: 8435710999130301
content-length: 173
pin-unauth: dWlkPU5tVXpOR1UwT0dFdFpqa3lZeTAwWkRZNUxXRTJNek10WTJKaU5UVXlOMlptWTJKag
pragma: no-cache
referrer-policy: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: 8c23f27d55c77c9c78a5d022d53a766b1295cc23
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 hash Show response
www.paypal.com/credit-presentment/experiments/ Frame 0F13 40 B
2 KB 181ms
180ms Fetch
text/html 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/experiments/hash?device_id=uid_80ce67dcaf_mta6nda6ntc&disableSetCookie=true&features=disable-set-cookie

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com https:; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Mon, 01 Jan 2024 10:40:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 0
edge-cache-tag: up-treatments-hash
x-cache: MISS, MISS, MISS
paypal-debug-id: f361377f53997
server-timing: "traceparent;desc="00-0000000000000000000f361377f53997-2aa4e3857238fb38-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 56
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200041-BUR, cache-yyz4559-YYZ, cache-yyz4559-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f361377f53997-e84adc9cf3062abf-01
x-timer: S1704105658.979280,VS0,VE161
etag: W/"28-xz7oeWVj/8B52QKKulWR9ZDQlKU"
vary: Accept-Encoding
content-type: text/html; charset=utf-8
access-control-expose-headers: Server-Timing
cache-control: s-maxage=86400, max-age=0
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 0, 0, 0

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
185 B 297ms
43ms Image
image/gif 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2274d80534%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1704105657969
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:58 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: *
pinterest-version: 8c23f27d55c77c9c78a5d022d53a766b1295cc23
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 3
alt-svc: h3=":443";ma=600
x-pinterest-rid: 8205115929641578
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
257 B 234ms
39ms Ping
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je3bt0v879088318z8896608294&_p=1704105655113&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1877636890.1704105656&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dt=&sid=1704105658&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&en=page_view&_fv=1&_ss=1&ep.page_type=content&ep.page_environment=production&ep.page_country=US&ep.page_language=EN&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=US&up.user_loyalty_status=false&tfd=5880
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 40ms
40ms Ping
text/plain 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=1877636890.1704105656&gtm=45je3bt0v879088318z8896608294&aip=1&dma=0&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c08::9c Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 p
tr.snapchat.com/ 68 B
459 B 249ms
63ms Image
image/png 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.snapchat.com/p?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&ev=PAGE_VIEW&intg=gtm&pids=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_c1=43c61c73-aa69-423e-9b0a-b530373b926a&u_sclid=3f27acd2-c539-4099-946f-a9ca98073ae0&u_scsid=dd2cd2cc-8a82-4ac7-b846-32dd9c0df67a&bt=1d53c387&d_bvs=%5B%5D&df=true&huah=true&m_dcl=1934&m_fcps=1883&m_pi=1933&m_pl=5129&m_pv=2&m_rd=5888&m_sh=1200&m_sl=0&m_sw=1600&pl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&trackId=b18b9c21-56a7-4270-bab4-a642b198daca&ts=1704105658036&v=3.7.3-2312182359

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via: 1.1 google, 1.1 google
server: API Gateway
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, no-transform
x-envoy-upstream-service-time: 1
alt-svc: clear, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68

GET
H2 200 script-tag.js Show response
cdn-scripts.signifyd.com/api/ 8 KB
3 KB 292ms
79ms Script
application/javascript 18.155.202.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.155.202.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-202-17.sfo53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 613a0081b64a7df6a20f9ba46cd384e4061e288f439ba8755cd664fbad3177c8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:28:08 GMT
content-encoding: gzip
via: 1.1 f9d8d5b78e705b73ae052074828b580a.cloudfront.net (CloudFront)
last-modified: Wed, 13 Dec 2023 10:00:02 GMT
server: AmazonS3
x-amz-cf-pop: SFO53-P2
age: 770
x-amz-server-side-encryption: AES256
etag: W/"615c232b2321c7908499921b3adc8138"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1800
x-amz-cf-id: gPv68mUwWfIgtX3AQvKqESkIM96HLg5bk3UubQGDptAOHQeRRaY2KQ==

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 179ms
32ms Image
text/plain 2a03:2880:f103:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&rl=&if=false&ts=1704105658075&sw=1600&sh=1200&v=2.9.138&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1704105658067.1596200941&ic=fbpixel&ler=empty&it=1704105657813&coo=false&tm=1&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 01 Jan 2024 10:40:58 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 identify_ce767.js Show response
analytics.tiktok.com/i18n/pixel/static/ 135 KB
36 KB 52ms
52ms Script
application/javascript 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_ce767.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a1d4b01843b9dad68a10bba7ab416fb60cbe6052a223f6bd74cbad286b812b2a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id: 8bab4860
date: Mon, 01 Jan 2024 10:40:58 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202312211321129D3CDD8901C61D565E01
x-tt-trace-id: 00-2312211321129D3CDD8901C61D565E01-14C87578DFF56DA9-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0178e302dc8124e832a32563cbbd729046787bd6d7f21b4cf0053465080154a26dfb26f5125df9f5913fc9e605bc68aac541f228dd544e1ed43256c95926890e701e7970dbaf9aa7d2748a253d21b6718f87ea10ab7fa385032f157430f71242dc
server-timing: cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=4
content-length: 36260

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
846 B 1363ms
1362ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: f2fd9255.8bab4893
date: Mon, 01 Jan 2024 10:40:59 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24010110405908EF289601AA3E15B509-16D54BCFCD62D49A-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 1318,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=1316, inner; dur=4
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024010110405908EF289601AA3E15B509
x-cache-remote: TCP_MISS from a23-220-104-219.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 1316,23.220.104.219
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a5242b941d69ef9b2dd418d3c4a5dcc5cbb0d1ebf5cee0680c554bbf12908122e985cbb0d3fa6241f706fd958f0c9f8b4aaa8cf9a026c3874cf122a4601fcd9d36b35234a9fd0ca12e62d18d89ce8ccc089e9
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:59 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
843 B 115ms
114ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: e3d919a7.8bab4894
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24010110405816A84BD2839033121C0E-17117D0ADBCBB528-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 66,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=26, origin; dur=45, inner; dur=41
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024010110405816A84BD2839033121C0E
x-cache-remote: TCP_MISS from a23-220-104-210.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 45,23.220.104.210
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a52421bf22c16d6e50b47ee7f41e15564c8777d394072b7dccf5f90da94ddcfdca862e04b0dc814e1a62e6e1b869938980144ecf4adc77fbc16cc87fbb10b3e93e21f062d5038f7848a1be1454d57dcbdfe0c
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
845 B 195ms
194ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: e3d9ba48.8bab4895
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101104058BEA259F6ABA2FBE89510-76970C64200C9608-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 154,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=7, origin; dur=152, inner; dur=147
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101104058BEA259F6ABA2FBE89510
x-cache-remote: TCP_MISS from a23-220-104-210.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 152,23.220.104.210
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a52421bf22c16d6e50b47ee7f41e15564c87702e1051f962e2bcc2be68b330c6a389677a2b4bd8d7d340253a3aa65fd7bc0af2d7fa3ac59b95347152aa2cf83b62a5b58c0219ab19e216142ae533b8676c81b
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
840 B 57ms
56ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: eca7e7c4.8bab48b0
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101104058EA089AB007D115F6C372-04384F71E561C77D-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 9,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=7, inner; dur=4
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101104058EA089AB007D115F6C372
x-cache-remote: TCP_MISS from a23-220-104-215.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 7,23.220.104.215
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a52426e3b8818feabe83b9942b2d21bacf728736be795dee1b2367522714cc5f6d4927cb2ab40b5a1b5384af5d81dbf7ab6d443ee43d112e4a0c6c7a90d3d296684a6959263df306e83115e49dc5edc24e085
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
847 B 154ms
154ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: eca7e75b.8bab48b7
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2401011040584A7DC5CF0C5D7913CF19-4A38E7921B434FD3-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 114,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=112, inner; dur=109
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202401011040584A7DC5CF0C5D7913CF19
x-cache-remote: TCP_MISS from a23-220-104-215.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 112,23.220.104.215
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a52426e3b8818feabe83b9942b2d21bacf7280af894593328fec87d8293213014da2906d68e8ccd98903074ab04664b95b489d0f4b114b7cf5e9a4172ab3acbf3290d750cbab3511b0cd136615191eea77b2d
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
843 B 99ms
98ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: eca7f079.8bab48bc
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101104058DE3ACB52480BADEB7421-08D3F3EC2953085C-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 47,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=54, origin; dur=8, inner; dur=5
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101104058DE3ACB52480BADEB7421
x-cache-remote: TCP_MISS from a23-220-104-215.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 8,23.220.104.215
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a52426e3b8818feabe83b9942b2d21bacf7283d302743a68f191b104811a29429b4e501d7364ca50821e38672adb56dc62d857890e33d0d86f51282badb1fe3696a5c3b5522540fe20b38d8ef45bd6d31db94
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
840 B 91ms
82ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: e3ffb0b9.8bab48cc
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24010110405821E41D8CD1851017A244-76970C641A4B0130-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 12,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=7, origin; dur=9, inner; dur=5
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024010110405821E41D8CD1851017A244
x-cache-remote: TCP_MISS from a23-220-104-210.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 9,23.220.104.210
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a52421bf22c16d6e50b47ee7f41e15564c8779ca92ef85345b18baf352ec3e0b8355654a824d34274c9dc233ebb287e2579338378aa42c4c8d2df43f8f54ea364ece67e49235c4b79c78921c5c99597314d03
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
840 B 89ms
83ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: eca7f0a5.8bab48cd
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101104058E8F4A93D0E89A233EC29-601FB80538B9C9DC-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 13,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=10, inner; dur=6
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101104058E8F4A93D0E89A233EC29
x-cache-remote: TCP_MISS from a23-220-104-215.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 10,23.220.104.215
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a52426e3b8818feabe83b9942b2d21bacf72813224489049ad463c6a522c35f77513c39a0fe687361032df91a5cd8e5db64afd6c4c4e6aa08244070c6405ccaa22254b6750b3691bbe62e82ea85caec69bcd5
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
843 B 89ms
83ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: e3ffb0b8.8bab48ce
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24010110405826DF9B396FFE40182559-6730BC892FF899FB-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 13,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=9, inner; dur=6
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024010110405826DF9B396FFE40182559
x-cache-remote: TCP_MISS from a23-220-104-210.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 9,23.220.104.210
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a52421bf22c16d6e50b47ee7f41e15564c8775846493f56b50cb5b4e298dbe73197b3da8e22f39c898c023c44fe4149e056d843fb89b76cc3bf38a7f3ef47528842fca2ddb34e3546d6abd8c8d0e40b3bd207
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

POST
H2 200 pangle_pixel
analytics.pangle-ads.com/api/v2/ 0
821 B 153ms
39ms Ping
text/plain 23.222.5.87
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.pangle-ads.com/api/v2/pangle_pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.222.5.87 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-222-5-87.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 64b5b844
date: Mon, 01 Jan 2024 10:40:58 GMT
x-bytefaas-request-id: 202401011040589E338EE6D0A694711989
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2401011040589E338EE6D0A694711989-08D3F3EC2B83A620-00
x-cache: TCP_MISS from a23-209-100-87.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52668873) (-)
server-timing: inner; dur=5, cdn-cache; desc=MISS, edge; dur=0, origin; dur=9
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202401011040589E338EE6D0A694711989
access-control-max-age: 86400
access-control-allow-methods: *
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
x-bytefaas-execution-duration: 3.54
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-gw-dst-psm: ad.union.pangle_web_traffic
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78454d0c8b6dbb4e02661289f8675b327eadc7c8ee8b86bc452d85b26c2e5fca95d2e042efc1efc1a58347d87dd1f5dbe9d22052199fe5bb6b2f118cf917915491a12bad28dbc01bf9e5d623f9a218c75f
x-origin-response-time: 9,23.209.100.87
access-control-allow-headers: *
expires: Mon, 01 Jan 2024 10:40:58 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
843 B 97ms
97ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 7d8cbd5d.8bab48cf
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101104058F8E23616F0512DB70977-70EC7100E6662AED-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 52,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=11, origin; dur=46, inner; dur=43
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101104058F8E23616F0512DB70977
x-cache-remote: TCP_MISS from a23-220-104-213.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 46,23.220.104.213
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a5242de6183e8af21cd9d5af55c7b9b1cbc9faa73feedaee44402171a5b942a8c944a5af11726b5a3925f6d34ebf50e12f9786cdc5b1d793d794379150058d85a91e0ce14c18a6553301333b3344255e57b44
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
843 B 106ms
106ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: b41a791c.8bab48e1
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24010110405817719EC928A08D21C8F1-7443A4F139885E7B-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 49,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=19, origin; dur=37, inner; dur=33
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024010110405817719EC928A08D21C8F1
x-cache-remote: TCP_MISS from a23-220-104-198.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 37,23.220.104.198
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a5242ed5351f7fd7b8e5bcbc21fa39b9452361765d8257e9fa03c7d165bc1ced13a3a537e46f79bc434f2a990262bae9db2ef5f6a476ebf86f0e64e50e3b67016610eba80d8146d0f3ca853e14efe3b5e80a6
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
842 B 95ms
95ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: f32732ad.8bab48e2
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101104058AA64B86E3B680AAF611A-35FC1E1AEAE45127-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 50,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=46, inner; dur=43
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101104058AA64B86E3B680AAF611A
x-cache-remote: TCP_MISS from a23-220-104-219.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 46,23.220.104.219
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a5242b941d69ef9b2dd418d3c4a5dcc5cbb0d78425a8a7115a74cbfb1d579bdfea28a1b0cc68472c2f1f7abe3b87c3cc9c6734a1859ba9804ed88abb6cb6ced85c939e86a13f6a62ff0578831a579d783f533
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
841 B 88ms
83ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: e3ffb133.8bab494f
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2401011040588F083DF3310E66F9CA51-3A1A0EB432BA9773-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 10,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=7, origin; dur=9, inner; dur=6
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202401011040588F083DF3310E66F9CA51
x-cache-remote: TCP_MISS from a23-220-104-210.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 9,23.220.104.210
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a52421bf22c16d6e50b47ee7f41e15564c8775a7cc46dd409205af7bb08977d7019f96469f2e03bb785444a36ad8d859a7fe4dc2ea5d9902a53f3cca2863c4faf887c726176630920433a740efbc7de5efa13
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
843 B 128ms
123ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 7d8cbe9b.8bab4950
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101104058DCAD526BD94DC505E739-6FE03F491DF7190E-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 52,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=49, inner; dur=40
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101104058DCAD526BD94DC505E739
x-cache-remote: TCP_MISS from a23-220-104-213.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 49,23.220.104.213
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a5242de6183e8af21cd9d5af55c7b9b1cbc9fd5466283f014c0397e86cb8e7db757532a09303eb56649576c2b0434a244fa9fb2998e0f3bf0c3b0afe68ee0c301cb61bc0ca2e3b6fc98dc35d9d684fbcf4624
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

GET
H2 200 widget.css
js.jebbit.com/companion/v1/ 15 KB
16 KB 88ms
88ms Stylesheet
text/css 2600:9000:25f1:c00:a:7914:b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.jebbit.com/companion/v1/widget.css
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:25f1:c00:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1a1fe89f11a11d89299028b565a99569e2aa5df3055ce514ba4dec2a8f0fe4fa

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: RTEvjx9S_f.J6xhm_CGfuKjdaFCgE8S4
date: Sun, 31 Dec 2023 12:11:12 GMT
via: 1.1 2aaae4c3e73a4a56fa0cd5cd6e4851e6.cloudfront.net (CloudFront)
last-modified: Thu, 21 Dec 2023 18:01:49 GMT
server: AmazonS3
x-amz-cf-pop: SFO53-P5
age: 80987
x-amz-server-side-encryption: AES256
etag: "8e754beaa7f32e405c184f00c12cece1"
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 15502
x-amz-cf-id: __-lSigdccUdFSVQAY1Ko3jGGJjU3s1RXWeDZl7Ins4G1v8HVtSVEA==

GET
H2 200 launcher_configs Show response
external-api.jebbit.com/moments/v2/ 2 B
448 B 193ms
53ms XHR
application/json 44.212.142.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=

Requested by

Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.212.142.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-212-142-71.compute-1.amazonaws.com

Software

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
surrogate-control: no-store
x-dns-prefetch-control: off
content-length: 2
x-xss-protection: 1; mode=block
pragma: no-cache
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-download-options: noopen
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials: true
expires: 0

GET
H2 204 pageview
c.contentsquare.net/ 0
319 B 126ms
39ms Image
text/plain 54.84.87.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/pageview?pid=1926&uu=f6be7610-0b47-a97d-de31-650823f4e9ad&sn=1&hd=1704105658&pn=1&dw=1600&dh=1202&ww=1600&wh=1200&sw=1600&sh=1200&dr=&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&uc=0&la=en-US&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&v=13.76.1&pvt=n&ex=&r=333740
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.84.87.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-84-87-164.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:58 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

POST logger
www.paypal.com/xoplatform/logger/api/ Frame 0F13 0
0

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
842 B 60ms
60ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: e3ffb25a.8bab496c
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101104058FDF616AE21BA9041F822-5AEF883930F1AC3D-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 13,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=9, inner; dur=5
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101104058FDF616AE21BA9041F822
x-cache-remote: TCP_MISS from a23-220-104-210.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 9,23.220.104.210
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a52421bf22c16d6e50b47ee7f41e15564c8777d394072b7dccf5f90da94ddcfdca862dacb6172f053a2a963933d8edc52d45914d655bb431f84710448919fa2677d05a11668878a8d90864cfc6abb375f07c9
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

GET
H2 200 jsp Show response
ut.rd.linksynergy.com/ 148 B
405 B 101ms
33ms Script
text/plain 34.98.67.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.67.98.34.bc.googleusercontent.com

Software

Resource Hash

dc51d119213575586843fe42864d743cfdd25fcf90c554ddbe222216d7aadc3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-type: text/plain; charset=utf-8
date: Mon, 01 Jan 2024 10:40:58 GMT
via: 1.1 google
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 148
x-samesite: secure

GET
BLOB 200
OK 7c643863-b45e-467f-a159-6f746d2805ab
https://www.elfcosmetics.com/ 7 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.elfcosmetics.com/7c643863-b45e-467f-a159-6f746d2805ab
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a19915f513441bab259dbf5472a9501139e4eda8d1891ca5a0bd4efd6d60dd4d

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Length: 7329
Content-Type: application/javascript

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ 55 KB
16 KB 129ms
34ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/79B8) /

Resource Hash

20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 874533d71dd28
dc: ccg11-origin-www-1.paypal.com
content-length: 16355
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
server: ECAcc (nya/79B8)
traceparent: 00-0000000000000000000874533d71dd28-5c6956e512d7cbad-01
etag: "64f25363-daa8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Mon, 01 Jan 2024 11:40:58 GMT

GET
H2 204 dvar
c.contentsquare.net/ 0
320 B 71ms
38ms Image
text/plain 54.84.87.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/dvar?v=13.76.1&pid=1926&pn=1&sn=1&uu=f6be7610-0b47-a97d-de31-650823f4e9ad&dv=H4sIAAAAAAAAA0WMsQrCUAxFfyVkdnHtpq0VwVEKnUraBgnERF6DWor%2F7hOUjvdwzl1wt%2B%2Bqtjuq96RQukVyhQtPgQVWs9FNBmiFdYTD685J2AaecPPrVgbbHDSUhELc8vorZ3%2FCyYLt%2B1i6KvWesvRgqEUj53bF9wcxTAoRiQAAAA%3D%3D&ct=2&r=449535
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.84.87.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-84-87-164.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:58 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
839 B 49ms
49ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: e3ffb36d.8bab49f8
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101104058D3250516BA41B5203C06-5652D2BF1857406F-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 11,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=10, origin; dur=7, inner; dur=5
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101104058D3250516BA41B5203C06
x-cache-remote: TCP_MISS from a23-220-104-210.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 7,23.220.104.210
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a52421bf22c16d6e50b47ee7f41e15564c87782ae368c20e190852bfeddd07b906ff3a5a22831b931b110b34dbd11cd59c6f32614312dee9b7f854ad87eb58fcbfcccd61c258eb7111023262a202a27cc3644
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

GET
H2 200 runtime_8b30b4890203fd4144c54b9ffd765f5e.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 3 KB
2 KB 160ms
27ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_8b30b4890203fd4144c54b9ffd765f5e.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: c4fad867557fa65e1a778e915c0b4ed0cd1bbb4443452c8943e5cec6504311e7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 16:56:44 GMT
content-encoding: br
age: 236654
x-guploader-uploadid: ABPtcPpuUx_ZhXtJSHNE1KzC4p2qujyNHdHfzycprLd0eVB50XPeQaI908tXfOTF301cW-RN6uPcfgf_SFwbHtcO2yh7
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1317
last-modified: Wed, 29 Nov 2023 16:43:53 GMT
server: UploadServer
etag: "dbc90523c425a5d782995c1a39051881"
x-goog-generation: 1701276233202747
x-goog-hash: crc32c=Xs/EYg==, md5=28kFI8QlpdeCmVwaOQUYgQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 1317
accept-ranges: bytes
content-type: text/javascript

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
847 B 160ms
160ms Ping
text/plain 23.212.250.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.250.138 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-250-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: e3ffb496.8bab4a8d
date: Mon, 01 Jan 2024 10:40:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24010110405843502C5EA113E5274FCB-35FC1E1AE8FBA807-00
x-cache: TCP_MISS from a23-220-106-138.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 119,23.220.106.138
server-timing: cdn-cache; desc=MISS, edge; dur=11, origin; dur=116, inner; dur=113
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024010110405843502C5EA113E5274FCB
x-cache-remote: TCP_MISS from a23-220-104-210.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 116,23.220.104.210
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f78c30960bd1ee05ddea266642a346a52421bf22c16d6e50b47ee7f41e15564c877bf2eb41a1402beba3e34d8e1ccb26c5e48bfdf938c9f2036863ffd5765f9c937acc2e27fc4d011458ce944082a43891888c22bacf6978aafe46ef725d7dfe5ba
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 10:40:58 GMT

GET
H2 200 company_toolkit.js Show response
cdn-scripts.signifyd.com/api/ 4 KB
2 KB 78ms
78ms Script
application/javascript 18.155.202.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.155.202.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-202-17.sfo53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:21:37 GMT
content-encoding: gzip
via: 1.1 f9d8d5b78e705b73ae052074828b580a.cloudfront.net (CloudFront)
last-modified: Tue, 30 May 2023 10:18:44 GMT
server: AmazonS3
x-amz-cf-pop: SFO53-P2
age: 1162
x-amz-server-side-encryption: AES256
etag: W/"2c3950f122b3977df61b0e077aaa92c8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1800
x-amz-cf-id: I9AX8B7MD42b7jWY76ihGpNTcB5gBHJVL6LWjMT5MHZMgq8fYxEzSg==

GET
H2 200 c69c204f-fba0-4685-aea8-ad32f799fa5d.js Show response
tr.snapchat.com/config/com/ 185 B
466 B 116ms
63ms Script
application/javascript 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/config/com/c69c204f-fba0-4685-aea8-ad32f799fa5d.js?v=3.7.3-2312182359

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

2125f1a011cbd591338ae3c896d3b5b6ad80930fe86493af4518510ede5795cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/
Origin: https://www.elfcosmetics.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via: 1.1 google, 1.1 google
server: API Gateway
content-type: application/javascript
access-control-allow-origin: https://www.elfcosmetics.com
x-envoy-upstream-service-time: 0
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 185

GET
H2 200 i Show response
tr.snapchat.com/cm/ Frame E7C7 672 B
741 B 75ms
75ms Document
text/html 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=dd2cd2cc-8a82-4ac7-b846-32dd9c0df67a&u_sclid=3f27acd2-c539-4099-946f-a9ca98073ae0

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 672
content-type: text/html
date: Mon, 01 Jan 2024 10:40:58 GMT
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via: 1.1 google, 1.1 google
x-envoy-upstream-service-time: 11

GET
H2 200 index.html Show response
www.paypalobjects.com/muse/analytics/ Frame 3DC1 55 KB
17 KB 33ms
33ms Document
text/html 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/78F4) /

Resource Hash

7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-length: 16892
content-type: text/html
date: Mon, 01 Jan 2024 10:40:58 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "64f25363-dacc"
expires: Mon, 01 Jan 2024 11:40:58 GMT
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id: 6d9e6836d712a
server: ECAcc (nya/78F4)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000006d9e6836d712a-cc01e12d8b257289-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff

GET
H/1.1 200
OK 3d37zsfn4f866hyx.js Show response
imgs.signifyd.com/ 95 KB
13 KB 294ms
91ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/3d37zsfn4f866hyx.js?fpvjpbyw6frm3khq=w2txo5aa&ohagizumwoq07w8a=LzA4ZGI3YWJmYTc5ZWQzZjA4NzcyZDRjYzc1

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

c8f9d23402ef6e752c5d73154b1e4ebd62386d451ece1cb0312b32227ad8456f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 10:40:58 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: CP=IVAa PSAa
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 main-v2_8aebf97cc6bdaca1cfc56940afdbc7d5.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 452 KB
101 KB 36ms
35ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_8aebf97cc6bdaca1cfc56940afdbc7d5.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 828011e932c7f65177e00c50ef88564628178b9d3190845404b02e3132a14c90

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 20:29:10 GMT
content-encoding: br
age: 1606308
x-guploader-uploadid: ABPtcPqhp_mAPcH53U4VVJCD6n5ia8uXrgwUp37_Qk4FzdTSO52e7SovIBd5lyzdsuCDzw542gdQQ4FN3EmkY-FmlUgO3pe4CMYn
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 103229
last-modified: Wed, 13 Dec 2023 20:29:02 GMT
server: UploadServer
etag: "2404e3009bfbe89e5d2c7f7b24179df7"
x-goog-generation: 1702499342060242
x-goog-hash: crc32c=kCJJLw==, md5=JATjAJv76J5dLH97JBed9w==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 103229
accept-ranges: bytes
content-type: text/javascript

GET
H2 200 cjs_min_1e55b565811f11b08485230cf1d150d6.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 49 KB
16 KB 28ms
27ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 16:23:16 GMT
content-encoding: gzip
age: 1621062
x-guploader-uploadid: ABPtcPoBYmommtKlBQLKIhoIH5TAoSfalsOm-ePG7e-TihViy0IH_ILba8ONrsyCoDl-d5mNeuE_ka7OBB-4KbO7J55bwtkS0dqS
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15751
last-modified: Wed, 13 Dec 2023 16:23:11 GMT
server: UploadServer
etag: "d7dc7d7ebcc4f5af5fc2d4804e7ec737"
x-goog-generation: 1702484591435387
x-goog-hash: crc32c=3TW0yQ==, md5=19x9frzE9a9fwtSATn7HNw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000,no-transform
x-goog-stored-content-length: 15751
accept-ranges: bytes
content-type: text/javascript; charset=utf-8

GET
H2 200 noop.js Show response
www.paypalobjects.com/muse/ Frame 3DC1 18 B
209 B 100ms
99ms Fetch
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/noop.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (daa/7D46) /

Resource Hash

0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.paypalobjects.com/muse/analytics/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
paypal-debug-id: 808c07564f200
dc: ccg11-origin-www-1.paypal.com
content-length: 18
last-modified: Sat, 13 Feb 2021 00:26:56 GMT
server: ECAcc (daa/7D46)
traceparent: 00-0000000000000000000808c07564f200-566f9cd8c7272f30-01
etag: "60271cd0-12"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Mon, 01 Jan 2024 10:40:57 GMT

GET
H2 200 ts
t.paypal.com/ 42 B
248 B 117ms
117ms Image
image/gif 151.101.129.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1704105658664&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Mon, 01 Jan 2024 10:40:58 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 91a563d8d465f
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-bur-kbur8200046-BUR, cache-yyz4524-YYZ
pragma: no-cache
correlation-id: 91a563d8d465f
traceparent: 00-000000000000000000091a563d8d465f-04ed186bb87ea092-01
x-timer: S1704105659.675560,VS0,VE97
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 01 Jan 2024 10:40:58 GMT

GET
H/1.1 200
OK / Show response
data.cdnbasket.net/ 14 B
338 B 152ms
53ms XHR
application/json 34.117.241.125
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.241.125 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 125.241.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2cede5633d463ff64aa49e24a03624ca70f2acf906a45819062c9f51eab41f11

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 10:40:58 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
page.cdnbasket.net/ 14 B
338 B 160ms
55ms XHR
application/json 34.149.101.92
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://page.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.101.92 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 92.101.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e462dc08aa29e50a02b133f3c0f61cdcb485485251c0df165bfc2886a1a24fd6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 10:40:58 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
view.cdnbasket.net/ 14 B
338 B 210ms
54ms XHR
application/json 34.102.221.243
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://view.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.221.243 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 243.221.102.34.bc.googleusercontent.com
Software: /
Resource Hash: 758ecc5ef443fe36eefbfb484b441307128a5f355f7f32c3c0367e5adf7ed88c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 10:40:58 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H2 200 scevent.min.js Show response
sc-static.net/ Frame E7C7 41 KB
18 KB 90ms
90ms Script
application/javascript 18.155.191.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: tr.snapchat.com
URL: https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=dd2cd2cc-8a82-4ac7-b846-32dd9c0df67a&u_sclid=3f27acd2-c539-4099-946f-a9ca98073ae0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.155.191.244 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-191-244.sfo53.r.cloudfront.net
Software: CloudFront /
Resource Hash: ab12e815caea6aba8fe2da60e7d298cccb649166f81926ff64e5dc56ea526522

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tr.snapchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 31 Dec 2023 14:04:56 GMT
content-encoding: gzip
via: 1.1 1d781f2bb177b851bc1e5873375e5544.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: SFO53-P1
age: 74162
etag: b0abdf9f9dff4cfeb2717a9960d575ec
x-cache: Hit from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=86400, max-age=600
access-control-allow-headers: Content-Type
content-length: 17610
x-amz-cf-id: ZBBNJ-SCZQ0Xhyjvrh1udCsSJZDQD0QUoPyblJbGzO51RuNhf-K-_w==

GET
H3 200 inbox-v2_48b3046e5658d067d380731acb25edd9.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 16 KB
5 KB 28ms
27ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_48b3046e5658d067d380731acb25edd9.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: d37545bbfbab30b44e51e630172af7d5d8a717afe66642b3e8eba0f6e1666872

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 17:10:50 GMT
content-encoding: br
age: 235808
x-guploader-uploadid: ABPtcPoJXOkqwu9UqNLQXguspEUCTQtDYeOWXaS8vWKq86ulQRPiqSrzHgiITu0X8fACI2rOicaMfqN7uuokZZ4xPSEwVmkOzhZM
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4862
last-modified: Wed, 29 Nov 2023 16:43:28 GMT
server: UploadServer
etag: "e08d76c0eee63d930afa55862092fe13"
x-goog-generation: 1701276208654351
x-goog-hash: crc32c=om6Z6Q==, md5=4I12wO7mPZMK+lWGIJL+Ew==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 4862
accept-ranges: bytes
content-type: text/javascript

GET
H3 200 sms-v2_59133b5ff2491255abf0da3a6c439b40.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 3 KB
1 KB 30ms
30ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/sms-v2_59133b5ff2491255abf0da3a6c439b40.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 7d6b2e34f8baa2cbb0d0352ba4401894ca78bd0e98a8f0259798be00d3f9f4ec

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 19:41:40 GMT
content-encoding: br
age: 2300358
x-guploader-uploadid: ABPtcPrkyg9jgW3eYmhV9Pfs8LQ1tXqx-wFBfllI-dE0gYd8vNcm3KFSGlGgFLHcrPCwtkQcbAfqZNwWCnFyXYnySo44Xg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1301
last-modified: Mon, 04 Dec 2023 15:20:23 GMT
server: UploadServer
etag: "fc8b1adafd5fdfc3a8542a947659bc4f"
x-goog-generation: 1701703223576805
x-goog-hash: crc32c=pCs8WQ==, md5=/Isa2v1f38OoVCqUdlm8Tw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 1301
accept-ranges: bytes
content-type: text/javascript

GET
H3 200 onsite-v2_5631bf90701659009118a89f964ae570.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 16 KB
5 KB 29ms
28ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_5631bf90701659009118a89f964ae570.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: eddc11d8be0ae5311acc08d5f2ebe7ff9426384f6408ecbb56abbd7fb5e03743

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 10:25:26 GMT
content-encoding: br
age: 173732
x-guploader-uploadid: ABPtcPqKbnDJF6De5Sgf9v_P66qWZz5tlit_NmD7TFD70k91pxFGQrvxewbOs96ULIBLQwxYTyxVqkp4XN8ky0IiW9MzzQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4962
last-modified: Wed, 29 Nov 2023 16:43:42 GMT
server: UploadServer
etag: "801d41813e7b11c4986b4ca00307283b"
x-goog-generation: 1701276222542985
x-goog-hash: crc32c=+KL22A==, md5=gB1BgT57EcSYa0ygAwcoOw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 4962
accept-ranges: bytes
content-type: text/javascript

POST
H2 200 graphql Show response
www.paypal.com/targeting/ Frame 3DC1 434 B
1 KB 209ms
208ms Fetch
application/json 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql?disableSetCookie=true

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

00e285742d014f2662b33186bcb677e1532e044eeaecacd8834c94a0808f53eb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; img-src 'self' https:; script-src 'nonce-uGh4KvxXTNyOL0jRE7hmEEOJKmFmGZtispvZ1MCEF3NR6hzE' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypalobjects.com/
disable-set-cookie: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-uGh4KvxXTNyOL0jRE7hmEEOJKmFmGZtispvZ1MCEF3NR6hzE' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Mon, 01 Jan 2024 10:40:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS, MISS
paypal-debug-id: f5409112e672d
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200082-BUR, cache-yyz4559-YYZ, cache-yyz4559-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f5409112e672d-8e3d07593886c840-01
x-timer: S1704105659.928438,VS0,VE189
etag: W/"1b2-0EMtGyOccDF1+fkiHHpqLBbLtSM"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 0, 0, 0

OPTIONS
H2 204 graphql
www.paypal.com/targeting/ Frame 0
0 151ms
150ms Preflight 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql?disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,disable-set-cookie
Access-Control-Request-Method: POST
Origin: https://www.paypalobjects.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,disable-set-cookie
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
date: Mon, 01 Jan 2024 10:40:58 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f540911688067
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f540911688067-d2e9f1f4c27c110c-01
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-served-by: cache-bur-kbur8200100-BUR, cache-yyz4550-YYZ, cache-yyz4550-YYZ
x-timer: S1704105659.776840,VS0,VE131

POST
H2 200 p
tr6.snapchat.com/ 0
45 B 92ms
63ms Ping
text/plain 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr6.snapchat.com/p

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 01 Jan 2024 10:40:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0
via: 1.1 google, 1.1 google
server: API Gateway
alt-svc: clear, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 jquery-3.5.1.min.js Show response
assets.bounceexchange.com/assets/bounce/ 87 KB
31 KB 27ms
27ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 17:07:04 GMT
content-encoding: br
age: 322434
x-guploader-uploadid: ABPtcPrjEn1nlRhdDgmLVYf-jnuQbDK6Y2TwLxsiEzI3zjTTAbrdJk-l_9dpIpFZ-Sdg4A63J5i387QknSfE209jZWELcA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31571
last-modified: Wed, 13 Dec 2023 20:28:32 GMT
server: UploadServer
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary: Accept-Encoding
x-goog-generation: 1702499312244758
x-goog-hash: crc32c=W9o9Ng==, md5=3F5/GMjTasHT1HU6h8mNCg==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 89476
accept-ranges: none
content-type: text/javascript; charset=UTF-8

GET
H3 200 local_storage_frame17.min.html Show response
assets.bounceexchange.com/assets/bounce/ Frame 12C8 2 KB
969 B 29ms
29ms Document
text/html 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: none
access-control-allow-origin: *
access-control-expose-headers: etag Content-Type
age: 705950
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public,max-age=31536000
content-encoding: br
content-length: 938
content-type: text/html; charset=UTF-8
date: Sun, 24 Dec 2023 06:35:08 GMT
etag: W/"fc893948c3efc689b5b19d8a77958e23"
last-modified: Wed, 13 Dec 2023 20:28:30 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1702499310379960
x-goog-hash: crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2408
x-guploader-uploadid: ABPtcPrrjf51rJTPbRGJeJeVnWFTnMGU_qYYPNinYzbsMxuxfOeVg3msOyX7nFR5JXtLLhJDM65IBCGBV1CGDa0Ej5LP2cpjgh0T

GET
H2 200 ct.html Show response
ct.pinterest.com/ Frame CEE6 565 B
402 B 41ms
41ms Document
text/html 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/ct.html
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443";ma=600
cache-control: max-age=86400
content-encoding: gzip
content-length: 323
content-type: text/html; charset=utf-8
date: Mon, 01 Jan 2024 10:40:58 GMT
pinterest-version: 8c23f27d55c77c9c78a5d022d53a766b1295cc23
referrer-policy: origin
x-cdn: fastly
x-envoy-upstream-service-time: 0
x-pinterest-rid: 9394096100682244

GET
H3

200

p Show response
tr.snapchat.com/cm/ Frame E38A
Redirect Chain

https://tr.snapchat.com/cm/s?bt=1d53c387&pnid=140&cb=1704105658799&u_scsid=91ea5dcc-4759-4d73-9acf-77bf91c87646&u_sclid=937e41a9-d8dc-4be9-8922-abf9cc608adb
https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1703024666234%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1703024666234%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
https://tr.snapchat.com/cm/p?rand=1703024666234&pnid=140&pcid=2762ce09-9bae-4c42-aeca-82fec4ebe427

0
18 B

73ms
73ms

Document
text/html

35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/p?rand=1703024666234&pnid=140&pcid=2762ce09-9bae-4c42-aeca-82fec4ebe427

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer: https://tr.snapchat.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-transform
content-length: 0
content-type: text/html
date: Mon, 01 Jan 2024 10:40:59 GMT
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via: 1.1 google, 1.1 google
x-envoy-upstream-service-time: 11

Redirect headers

accept-ch: Sec-CH-UA Sec-CH-UA-Arch Sec-CH-UA-Bitness Sec-CH-UA-Full-Version-List Sec-CH-UA-Mobile Sec-CH-UA-Model Sec-CH-UA-Platform Sec-CH-UA-Platform-Version Sec-CH-UA-WoW64
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 01 Jan 2024 10:40:59 GMT
location: https://tr.snapchat.com/cm/p?rand=1703024666234&pnid=140&pcid=2762ce09-9bae-4c42-aeca-82fec4ebe427
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
server: Jetty(11.0.13)
strict-transport-security: max-age=31536000
via: 1.1 google

POST
H2 200 exist Show response
srm.ba.contentsquare.net/ 2 B
94 B 331ms
109ms Fetch
application/json 54.154.97.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://srm.ba.contentsquare.net/exist?v=13.76.1&pid=1926&pn=1&sn=1&uu=f6be7610-0b47-a97d-de31-650823f4e9ad
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.97.89 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-97-89.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 01 Jan 2024 10:40:59 GMT
content-length: 2
content-type: application/json

GET
H/1.1 200
OK iLVTvQedFZbtAukA Show response
imgs.signifyd.com/ Frame 7DA9 272 KB
46 KB 96ms
96ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/iLVTvQedFZbtAukA?5d23ad5dc2f07287=5foOmCIZ4vUntY5rhOYgfMYS4j4kaL5qaDGotsvGBzbdaszDRlpz8W8lr-wk5lJgP2NWKa-DovhH5rDyWIxR0vqNpvAvSI8ftqA7yJMohF8fFDHmnWu7ZFmk7mjEF9sOhVnm7TIysdBZLZQ73Et1XQFYSFCtFygBc9Vv3x_6aS4DeGJXIBUa5FC-x3HCpwKb9GXxQKmYAbm_NDOn&jb=3d33262660716777355563666c6f75732c687365375d696e6e65757b2f32323b392c68736a7f3d436270676f6d24607b6a3d4168786d6d6f2f383031383a

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/3d37zsfn4f866hyx.js?fpvjpbyw6frm3khq=w2txo5aa&ohagizumwoq07w8a=LzA4ZGI3YWJmYTc5ZWQzZjA4NzcyZDRjYzc1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

c5e1c37734a3284a4b0fb26670461dbbd336f33e8d377108f1e1bfc2bfd52445

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 10:40:58 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
tmx-nonce: c5f6bc415ade5a42
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=99
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK UzNpfvzcGWoP7Nhg
imgs.signifyd.com/ Frame 7DA9 81 B
475 B 245ms
81ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/UzNpfvzcGWoP7Nhg?760dee81da4ea824=aIJaXmaCI2FoeFhpBkmDdlTp_4eVNi82WRYSU1TgsXmKyeaj2Npd-N5LW0-Fa1BQdUqliBNcD6LJVimgk8hP1QxoCOC8y6TYpUVrzgEh62522LqsDoCaJ2TeA09jyg2L0ktZo5zvC3rGsy24XAZGxvy_ddaLyvDhpv8E8Ks

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 10:40:59 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK z2dImjG8Xp1ettBW
imgs.signifyd.com/ Frame 7DA9 81 B
475 B 254ms
85ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/z2dImjG8Xp1ettBW?5cd896c73d1aed72=sdjRTk_DTyQpp3hkWCoAhKjIVxaFiTHEi3Vk-xtpnQJjfma_9aBRon4toG3nDZ91srp9YlIq8PawlnVPuZj59hTiYIfRYON5MUI7mmNGydR1T5D2AtkLNkztf40TUhSRclu12AvJfileJ8BkswMlUJ3B6_tZOuKwwHNSkQM

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 10:40:59 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 p
tr.snapchat.com/ 0
93 B 65ms
65ms Ping
text/plain 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/p

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 01 Jan 2024 10:40:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via: 1.1 google, 1.1 google
server: API Gateway
access-control-allow-origin: https://www.elfcosmetics.com
x-envoy-upstream-service-time: 2
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK clear.png Show response
imgs.signifyd.com/fp/ Frame 7DA9 81 B
536 B 247ms
82ms XHR
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/clear.png

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/iLVTvQedFZbtAukA?5d23ad5dc2f07287=5foOmCIZ4vUntY5rhOYgfMYS4j4kaL5qaDGotsvGBzbdaszDRlpz8W8lr-wk5lJgP2NWKa-DovhH5rDyWIxR0vqNpvAvSI8ftqA7yJMohF8fFDHmnWu7ZFmk7mjEF9sOhVnm7TIysdBZLZQ73Et1XQFYSFCtFygBc9Vv3x_6aS4DeGJXIBUa5FC-x3HCpwKb9GXxQKmYAbm_NDOn&jb=3d33262660716777355563666c6f75732c687365375d696e6e65757b2f32323b392c68736a7f3d436270676f6d24607b6a3d4168786d6d6f2f383031383a

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, w2txo5aa/c5f6bc415ade5a42lza4zgi3ywjmytc5zwqzzja4nzcyzdrjyzc1
Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 10:40:59 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 01 Jan 2024 10:40:59 GMT
Server: Apache
Etag: c55afd0318c7474d86a177c59e1d1bcd
Content-Type: image/png
Access-Control-Allow-Origin: https://www.elfcosmetics.com
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Sat, 30 Dec 2028 10:40:59 GMT

GET
H/1.1 200
OK RfYtQfE8YXjxaej3 Show response
imgs.signifyd.com/ Frame B60F 90 KB
14 KB 92ms
91ms Document
text/html 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/RfYtQfE8YXjxaej3?eb09e78fcc74227f=eqBd5ZWAX_2Kg8nlhqWP4KHhwF8tjUocYQ5nL-3PA36ADCDfYdIo_ibySxg1G1ej-Pfzo4WACDpDqhO_2lZeqg8oSy-qwJyGCgn3NzQtJfKykwsKtZHhuWxR6U0b2wloNrJ5eJA-n9Mx8pgOjnPb4BmNOVYPStb_NTzqn0XA3UcpBr5OUekzTWYCSho21ER1erKhjn7Kk0nzm04454U

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

f8cb6eee123a10e13734eff6d7a30a07104639e272217ba28c1dbf36e0eabaf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Mon, 01 Jan 2024 10:40:59 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=98
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
No Content jIOmSds06PUg8vSA Show response
imgs.signifyd.com/ Frame 7DA9 0
387 B 119ms
85ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 10:40:59 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK 4s3S5kAkfimegEwN Show response
h.online-metrix.net/ Frame ED5C 103 KB
15 KB 273ms
88ms Document
text/html 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/4s3S5kAkfimegEwN?9ab1ff00cc73c5da=NzA7gLL_qXnXhDs8llMA_eZ7dAm_HgHJJlEBDi6HJ3JsnacxhaFJvd6qVqKtiJzT0x8uGxw6S6wJuZZ0J-uVBFN9LXto49qAEw7B3PEkRZn2KnHaT7I-zoaig9sCdmNi1gZN40I7WF3in1sBTq5ZLsEj_ZS311yMwEhJXXgB0MpX5_ZhsDhK4oi4tn0sZ3W1V9exJbloB1eGGH0GPnk0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

a-sac.h.online-metrix.net

Software

Apache /

Resource Hash

d3c48f5b4c2735a72d39be99a6d869f699957bc5267d0107cadd796ac511e799

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Mon, 01 Jan 2024 10:40:59 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK hiXtNDOkHdVYrKdu Show response
imgs.signifyd.com/ Frame B5EE 90 KB
13 KB 89ms
85ms Document
text/html 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/hiXtNDOkHdVYrKdu?d0e48268f843d5c4=euB_1pheo0IQ1DStWgHdPq_JCzefHXhEspNwzlUDLMUuIQv09RtSvWWf68K8APv3IBCz0gslYTyV96CyqLwkrD7uXfw_XomQoDt6wJBYWhYmYb1-wa_gSEy1GJizA3eYmus1Sl7264rgHxEDaiY7Z5WmzTgcnJQfry759MRIjkA2sKixXQPfph_VV12V-OGrcaiPT59GeK2S-hVCj5WB

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

b32049a37275488432092b8fb2f61c19b0424a356eef7243f7efc6715c24fc15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Mon, 01 Jan 2024 10:40:59 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
204 jIOmSds06PUg8vSA Show response
imgs.signifyd.com/ Frame 7DA9 0
218 B 173ms
89ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/jIOmSds06PUg8vSA?76d6dbe067d0bfae=8NBkbbjyonh2wemJakMFJPDrYW-rVLNul3hsOVuyTytsC-7nKnccZ3_GtOokOTq84RKXCZZK6Z-KyGJNNBdrZ8ci3hu4ly-RHAo2v5JhfKxlnn0X3gvg0btVSJ3BS61te-lLJ_Wejgy8IKz6SAwcvCJfdm4&ja=393234382c246b3f25343a382e7a3f302c643d3b3c3a30783b3832382c616437393c3230703b32303a247b7a713f3a7038266670783f31263b3c3030263b30383a2c333c383a2e313a3a302c3b34383224333838382c33363a322c3b383a302c3a26322e67743f6b303230616a6964633d356c666e666c316d613a343b33343d3a3c62396b3d632e676e3f3e2e79616435383426666a356a7c767a7b2d334325384425384c7d7777246f6e6e696f71676d7e6b637b24636f67273a446b6d79656d746b632761726367636e6166792478663d312c78623f37306c32386b633e606b64686d393131623d31383d6b6f30643968666a3864362c60623f326c6c643738603e3a6e326b6b3e393a613831666c6b6e3964326964303f38372c62796d3d5f636e6465757b273a323b392e6a71623741687865676525383a333a3a266879677f3f576164646f7d712e687b607f354b68706f6767266462693d342c64666537382464657e723d382c747a6e3f58636b6b6c616b253046426d6e65667f6c752c67637c62723f3e383a3164396932626f6138306d34696b3d3632303230616e3b3f35343a3b646c3e353a32393e33643e6f616138366c6131366b6e6a6435323933333b333c61266e783f607e7472792d3943253a4c25324c757f752667666e6b6f716d6f7669697924636f672f304e696f71676d7e6b6325697269676b666364712c7835706e756d6b6e556c666173622f374d6c616e796d2b726c7d6d696e5575616c6c6d7d7b576d676463635f7a666b7965782f374d6c616e796d2b726c7d6d696e55636c6d6a6755696b726d626b76253f4f6c616c796f2378667565636655737561696b74636f6d273d476c69647367217a6e756d63645f73626561637d61746f2d3f4766696673652b7264776f6b64577a65636c7a6e61736f7825354f6c63647965237a647f65696655766c695d786e697b6f7a2d3547666b6e736f2b7a6c756d636c576e65746b647c70253d4f666166716d23786e7f6f616e5d737c655f7c636f7765782f374d6c616e796d2b726c7d6d696e5568697469273f4d6e616e736f24676655693d776f6865645d65604d442f3030392430253832204d7867644f442530304f5125383a382e302f38324b62726d67617f6f295f6f624746273a324f4e59442d3232455927323a3b243025383a2a477a656c4d442f30304d5925323a454451442738384d5327323a332e3a2f38304362786d6563756f235f6f604b617e5765684961762d303a5f6d62454c4b4c47464f55696e797e636669656655697870617179253348273a324d5a5e576a6c676e6e5d6d63646761782f39402d383047525c55616f6465725f68776e646d705560696c645f6c6e6f6b7e2f33422f38324d52545d6c6465637457686c6564662d314a2738384d58565f6c70616d556e65707e62273b4825303a4d52565f7b6261646f7057766d7a7e7d7a655d6c65662539482f32304f5256577e657a7e7d78675f6b656d7078677b71616d64576a7076632f31422f383a45585e55766d727477786d55616f657a72657971616d665d786f7c6327334827323a4f52545f7e6f7a7c7f7267556e636e746d785f61646b7b6d7c706578616327334827323a4f52545f7958454a2f33402f3a3a4d455b55656c6f6f6d6c7c5d63666c657a5f7f6b6e7e2f394225383a4d4d595f646867557065666e6572556f617265637a2d3b4227323a4d455955797461646e637a6e5f666f7a6374617c63766579273b402d303a474d535d746f7a747f786f5f666665637c2f33402f3a3a4d455b55746572767d706d5d6c646761765f666b6e6f6b782533482f3038454551557c6f7a747d78655f6263646457646667697427334827323a454f535f7e6f7a7c7f726755606b6e66576c6c6f6b76576e616c6f697a2531422f3030454f595f766f78766d725f63787a6b7b5f67686a6569762d314a2738385f454047465d63656665725f687f646e6f725d6c646563742d39422538325f474a4546576b6f6f70786773796f6e5f746f72767d78655d6b7b7e61253b4825323a554d404f4e556b676d72726f71736f6e557465727e777a6f5f677e6b2f31422d3830574f404f4e5761656578726773796764557e6f78747f7867576f74613b2d3940253a3a57454845445d6b6d67787a6571736f665f7e6f727475786f5d7b3974612f3b482732385d45424d4e5761676f7a7a6d7371656e5d746f727e75726f55713b7e635d797a6d60253b4825323a554d404f4e556c6d627767557065646e6f726578556b666c6f27394a2f30305f4f4247465d6c67787662577c657a747f70652f394825323a5d474a4d4c5d6e7a6b755f6a7f66666f707b273b402f3a385747424d4e5f666579655f69656c7c6f78762f3b482732385d45424d4e576f7d6e7e61576470617d33362c6d665f683739646e3f64646c3c3d36306c6e63343a356d343a606f386d3736643837353e3c3b30346e3e303d3326756d647c3f49667e656c2f30384b6661242e7f676e72374b6e7e6f6625323a4370617925303a477a676e4f4625323a476665616c6f2e6b63663d3b&jb=393f35266673354f67786364646127324c372e3a2f3830285d636c6c6577712f3a3a4c542d3830313a2c38273b402f3a38576b6e3c362539482f3230723c36212f32324b787a6e655f6f624b63762d304e37393f2633342538322841425e4d4c2f38412d38306e63636f2732384d6563616d21273a3249607a6f6f652f30463b383a2e30243c3231332e3338312f30305b6b6661786b2d304e37393f263334

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 10:40:59 GMT
Strict-Transport-Security: max-age=31536000
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK JNsE7gNEFBmq8xHZ
w2txo5aafemihslxtswxpqboff45naoes5ygm3r2c5f6bc415ade5a42sac.d.aa.online-metrix.net/ Frame 7DA9 81 B
438 B 1082ms
88ms Image
image/png 192.225.158.3
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w2txo5aafemihslxtswxpqboff45naoes5ygm3r2c5f6bc415ade5a42sac.d.aa.online-metrix.net/JNsE7gNEFBmq8xHZ?57b7bf2b92f8f6f9=Se7ju6AvQiRRkilm_O90vfE7vqFf1Cqd2xTdMIAECY520-1gvzbA7d-ESzOehlGGHNj2p8m-vG452JOhKB2DrGTBgXTpF-5JIg5TCPyDh1b8_burbf0TrkJ9wNOx8SdkqpPd9VWURXCneSz5HeacrPgItpRoSBYMZha0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.158.3 , United States, ASN30286 (THM, US),

Reverse DNS

d.aa.online-metrix.net

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 10:41:00 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content avI-hhDqwEFqPLpB Show response
imgs.signifyd.com/ Frame B60F 0
387 B 88ms
85ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/avI-hhDqwEFqPLpB?e297b6820ee1b3da=BGaKif2Ir092K4MY7KKus3gL47je5twS8uE6cn-ubZfuL2u-YtUEQeY1tpDn7ADrXtNyual_gv1o_N8siY1so6eBfsU7BAujvIHa4PITe0sNurliwf53fpqLx7XoWriGSn8B6O2dvCIxicNs8pAFyGQB96Q&jf=3b3c266c796035666d336e3b3a3866376b30373e3f696362693d603a6e33376f3d3f32376d3d62

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/RfYtQfE8YXjxaej3?eb09e78fcc74227f=eqBd5ZWAX_2Kg8nlhqWP4KHhwF8tjUocYQ5nL-3PA36ADCDfYdIo_ibySxg1G1ej-Pfzo4WACDpDqhO_2lZeqg8oSy-qwJyGCgn3NzQtJfKykwsKtZHhuWxR6U0b2wloNrJ5eJA-n9Mx8pgOjnPb4BmNOVYPStb_NTzqn0XA3UcpBr5OUekzTWYCSho21ER1erKhjn7Kk0nzm04454U

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imgs.signifyd.com/RfYtQfE8YXjxaej3?eb09e78fcc74227f=eqBd5ZWAX_2Kg8nlhqWP4KHhwF8tjUocYQ5nL-3PA36ADCDfYdIo_ibySxg1G1ej-Pfzo4WACDpDqhO_2lZeqg8oSy-qwJyGCgn3NzQtJfKykwsKtZHhuWxR6U0b2wloNrJ5eJA-n9Mx8pgOjnPb4BmNOVYPStb_NTzqn0XA3UcpBr5OUekzTWYCSho21ER1erKhjn7Kk0nzm04454U
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 10:40:59 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 ze6w-9kk3_1wGCgA
imgs.signifyd.com/ Frame 7DA9 0
401 B 133ms
89ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/ze6w-9kk3_1wGCgA?1192e8a6053d4aa1=Ryg0HOC9P-Tom2FIIAWx-oAwC8enLWHdj4kpIiduArYWQMj07hvp6abPfouWkopNei5PsZZHvTuPdkfQaaOT_oYevF5gEAniLLBw_eYnLt4UiXs17RLhnAbrOjYHaEV0AN7znC7DTV7l3ZZHyzTbTevudws13VOYwTOajLc0xmagvoMYu4pbsLgs72lnEIkKO75g-1XRMPv25d4cqec&jf=3c3b3626796b6c5d7a6c6e357c64705f4658515f5c62626664526851337133782e796b64576e61746f3f393538363b383d3637392c71696e557e79706f37756d683a67696c7963267b63645f6167713f3b323f313b3033333a34303d386b38363e32616d39643238383b32363832326132343c3a6b67396c383332313a3530393e3830303a3e643e38333468313334663a3e6665326431643a333c6a3a6330366c3a36683b3b39623f3935383a323568383263396b3a66306c6338633f373d3d3c3435333c33353b3c3e6233323c66386f3732386b3e31393c3c653668333d646e3b396c6e6335656b313368326c6636683e373e3e643739303964323a6e36346f606c323b322c7b61645d7363653d393a3e3530383833383a633232303a353038386536333669363b61333a3a336666333b333b396f32326c6b606a6e31343f3e3a6733306b39303a6439643f323f316e3637356b3638693c3a32323a39366d6c36306e696e60343f3b32306c636a346a603e393b6430316e37326e6b3833663d39336b3261663c3f3e61636a3338633e356b606c63326a383237656c2473636c783d30

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 10:40:59 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=100
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 c Show response
ids.cdnwidget.com/ 448 B
786 B 126ms
63ms XHR
application/json 2600:1901:0:56e0::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=245000207&GCS2=Yzg3NmMzMDUtMjAwMy00Y2E3LWE4OTktYWQ3NTI5M2VhOWU2LmxvY2Fs&pe=false&wsid=4142&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Atrue%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A4142%2C%22loadID%22%3A%22Z1mk49SX7FYl3iJ%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A2%2C%22IDStageStart%22%3A2%2C%22netComplete%22%3A133%2C%22obsReqdata%22%3A163%2C%22obsReqpage%22%3A171%2C%22obsReqview%22%3A214%2C%22IDStagePrefire%22%3A214%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A-10%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%226391126485375995717%22%2C%22visitid%22%3A%221704105658832428%22%7D
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:56e0:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: b1e7552098bfa8f97ae14e65aa12dbb1a17d84097b0757022a768473def04dce

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:40:59 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 448

GET
H2 200 lookup Show response
pd.cdnwidget.com/ 49 B
169 B 143ms
80ms XHR
application/json 34.149.130.207
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pd.cdnwidget.com/lookup?deviceID=2aLlINFMwRkyWUD4yX1v6B8is0m&bxwid=4142&bxdid=6391126485375995717&visitID=1704105658832428&enableUID2=false
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_8aebf97cc6bdaca1cfc56940afdbc7d5.br.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 207.130.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 01 Jan 2024 10:40:59 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49
content-type: application/json

GET
H/1.1 204
204 VVhYAU_PtzfyvpAw
h.online-metrix.net/ Frame ED5C 0
400 B 88ms
88ms Image
image/png 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/VVhYAU_PtzfyvpAw?db64be1c649e8a2d=pNUs4Tht6lSoCnkUDYvfHsJgI8PyvMce27qO9h9i9DOfdKvCDbNxzV44RoELa3f9C6gyTwObW-J8vrAl5b-K3zvSfFqb_U6TrXuyPrfrQZoFkc-z0B9nJA3aUmOeB6z-Z5reeiyr3ZTX_77Gi1CXyG4cH5vUgfGtn4rWMdYrBFgyxkMgjC6OeRmgfOsH_DZ2Id6T6Gk4dAD2PmQGLXQ&jf=3c3b3626796b6c5d7a6c6e357c64705f603b79474c6961794078523d7336767e2e796b64576e61746f3f393538363b383d3637392c71696e557e79706f37756d683a67696c7963267b63645f6167713f3b323f313b3033333a34303d386b38363e32616d39643238383b32363832326132343c3a6b67396c383332313a3530393e3830303a3e366c6b61306f393867303939333838333e6469303230393134366f3438323f3b32666e32663c6f656669313a6664696e386333673b356c376c3c6b3334353d37646b3d393437693d353f3f3737326e3b30666d3c6433693769363f60323c696230666e60353c3a3e3236693f366e3b3136333f3335366e3866333d633d3a30342c7b61645d7363653d393a3e3530383833383a383b33316864393e333333693730346c606c316e3136386e6438386c396534396f613a3864676b6a6b37306a68396538326d3b6c303d39696363663c313969383a32323a39333e3d623238386f37343f3866626b673a363e636b306d3935633b33333e696934656c3a3b313b31603d303b64643f6b6639383b31643136326a3a6466383c2473636c783d31

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

a-sac.h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://h.online-metrix.net/4s3S5kAkfimegEwN?9ab1ff00cc73c5da=NzA7gLL_qXnXhDs8llMA_eZ7dAm_HgHJJlEBDi6HJ3JsnacxhaFJvd6qVqKtiJzT0x8uGxw6S6wJuZZ0J-uVBFN9LXto49qAEw7B3PEkRZn2KnHaT7I-zoaig9sCdmNi1gZN40I7WF3in1sBTq5ZLsEj_ZS311yMwEhJXXgB0MpX5_ZhsDhK4oi4tn0sZ3W1V9exJbloB1eGGH0GPnk0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 10:40:59 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 init1.js Show response
api.bounceexchange.com/bounce/ 122 KB
22 KB 201ms
61ms Script
text/javascript 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/init1.js?wklzs=1155&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHYAGAFn2IFYA2SgTmuv02AC8QprjjMB3AUwBGOVMH4B9VABMo5UgCZMAJ344QAGzhoMBLsQAe+ed2X8Y-JSqVRsAQ3XrUCAObi4S9VAAWwYAAccAFIAZgBBQPkAMQjI3jiAOn51GCQQHABbfjQkHHjU9JjUjKzUJABaJCVUdKd7HEwAN1QRYHFUkABrVH4oQMIAIQj5dT8hkPD5eR9-IPlKMIjKKMWouN5E5KLM7Nz8lcitkvLK6tr1WfkIgGEhpTGFybHCABFsEE7u3oGhqWl7ifk1GCdHwRmopAAHPNCPQ6JRCEQxvIbpMmlJ-kQyBQaJQIRDgvIFBDrkMGv8+oNJuoQM5nPwpJIEP8YHV+CTJvwGhZxNTafTGczWez5EhbEpWgBHYAAT3+xGFovF4ga9jgbMeYXlyKGODgghqvn5GBa6suYRZ53VKOGNLpDKckik-AQaBg3XRGtCFpwVqGitaPuAgstCrFQc93rZL2FUmckVQShwwAAMiBbB6zaFgEo1cKvGKpABJZ7kybyWzJ9SFgDKV2ryf41aUzxgDTg+nUxFYxDFABUAOIAaUESOtahgwGLpcmFarADlIgBZXgAJQ60oA6gBVZ6kaUADXwDWo-QhzWIBUe2smsfJ30mzQACiomiA4Dgru-QJk7hGhdf5Gaas9RwE5BAsYMfVDJAvAkYALnGTFyCoWgGCYPoSxeRoxRwABtXk7UZABdWBWWwxNcM5bkCP5JwSMjci8P9cQpWlEieBVCjmJVTR+HYxjcL8JQQAZITSj40jLQEoSRPEBBbEyeiyM4vCHSTEAkA6JSpJU3DdX1UQxAZY1RAkhjdPaLoJHSET7HEITVGdYBtJ9ASaPtBBHSc1A3XpFz+AE5jA386SpD8cQcA6OAQossMYpwwSXwiqKYqdGBcO41UJI4tL8NtWjPOkbzfKkVKzAysMIqyELLO6cRQBAHkxTpSTXMEPwoB4LIOtwgAif1eoAGn62wxGcEAlGlIb+tgzS32AaavBATJppkqQ4BQaafTFGDeqIzA-Hgmx8j8RxbGQCQYHUWxnBsBp8xsfMlHtGRy0rGs6wbJsWzbDsux7JQB2HTBx1aaQoDe+cl1Xddt13A8jxPM8cAvIA
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: 40bbf29a0b23da4cb24a8ad5aa9946c8f6b852e81e1e9b60bb2353bf3a48d6e2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:59 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 01 Jan 2024 10:40:59 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 25
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H/1.1 204
No Content jIOmSds06PUg8vSA Show response
imgs.signifyd.com/ Frame 7DA9 0
387 B 86ms
86ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 10:40:59 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

cs
tags.rd.linksynergy.com/
Redirect Chain

https://idsync.rlcdn.com/458359.gif?partner_uid=c9169b03-7bb8-4166-9518-5eebe5864ba1
https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGM5MTY5YjAzLTdiYjgtNDE2Ni05NTE4LTVlZWJlNTg2NGJhMRAAGg0Iu63KrAYSBQjoBxAAQgBKAA
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=3ac54a91851681e209c0b378a5eb32910b81d80f988f881497322c3db2b8c1d26ac34734d8e453ee

37 B
293 B

51ms
34ms

Image
image/gif

34.98.67.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tags.rd.linksynergy.com/cs?ns=lr&uid3=3ac54a91851681e209c0b378a5eb32910b81d80f988f881497322c3db2b8c1d26ac34734d8e453ee

Protocol

Server

34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.67.98.34.bc.googleusercontent.com

Software

Resource Hash

bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-type: image/gif
date: Mon, 01 Jan 2024 10:40:59 GMT
via: 1.1 google
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37
x-samesite: secure

Redirect headers

date: Mon, 01 Jan 2024 10:40:59 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://tags.rd.linksynergy.com/cs?ns=lr&uid3=3ac54a91851681e209c0b378a5eb32910b81d80f988f881497322c3db2b8c1d26ac34734d8e453ee
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 creatives-base-styles.a53944a2.min.css
assets.bounceexchange.com/tag/css/ 37 KB
6 KB 28ms
27ms Stylesheet
text/css 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/tag/css/creatives-base-styles.a53944a2.min.css
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 19:41:39 GMT
content-encoding: gzip
age: 2300360
x-guploader-uploadid: ABPtcPoeSusRxZIcUp_x_oH-4vS07wUtiVtCUR-P6c8vmFZ4ZiwtfXCv5bLKTig_smAW9H8TNiZqPz3PsjXyBotqjBxG19VlLxpB
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6053
last-modified: Tue, 13 Dec 2022 17:12:22 GMT
server: UploadServer
etag: "54f61bdcbfb6f81427c8a6803f48b02f"
vary: Accept-Encoding
x-goog-generation: 1670951542233151
x-goog-hash: crc32c=lLRhfg==, md5=VPYb3L+2+BQnyKaAP0iwLw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 6053
accept-ranges: bytes
content-type: text/css

GET
H2 200 visit
events.bouncex.net/track.gif/ 42 B
95 B 40ms
37ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoB1ETAEwIDuYNgDkAKmwCMzFpQDMAITbdMANgAs8pdWYAPDQEo2AQQAOp0gk4IARgGkoNBnIDsjOarbs7ACTF4AGRoAYTZSEABrBDYAcQQAYwiCIx1ggAskAgBbaLpJHRZGVWYAThLGfJK2AGUUADMUJBAneld3VQAyUAgYJAQ65D6kHC7wKGgKPh40U3QEWCRSHDTISFNhalbjGno6HboBQ8YEUjr4gjAcyBB4sEZzrP3ac8uEa-iAWnimrJ4UUjAox60D6YAIpFg1wImF0OEkxWYQPGoPBkJA0IAnnCdIjuuN4vBINlgI0QCgbJYwDhKC5tNRSAQ0BheAB9Hg0ajybbUagNAG5TnUUI8hDAZAshlMhCs9k8rkcvmIDkhDnxRqQFkAR0gGOVcm5OmVQtV6pZJIhAvlPNYcuNPNMmVZDpulv1Cv+SttwuoDoIrMwKByeoNistduoPBZYCJiWD7v5Ru9YFgNl+q2lLOhPVdIY9Ye95wIERACBZWT9-xZDoQiGwcZ5ocTHMlzLZmDZvCw1zqJd49d5eabPLVSA1iEg-cbXo5pl4pijEVgk8H0+H6uXCdXPr6wAXS7lbobK85LgAIkiYIXiwhqbSObwQH2DwbVHISpJ8hoABytFz0Mr0C4kguEO1CgE+nL6sBzDqNI9CqP+X6uOozByCqPLAHGd5nuh1C8GgtAgEg0YBAQKAQVykBILAuTemkjS8AAkqe-bUCgASkIx1TBNUAQINUSCnnUwCwLopDMEQzCNGIMR2DYoFgnUkDMax7GcSItB4AIABKEQYpwACqp7qBiAAakjAKoChfuAzCPFu+FYXS4AAAo7ui8DBIS2TIMGU7euA1QpmA3wgDYvnPv5JrxGkpaQBskHGNBsHMPB-6qKokg0ix4bCROz7JXBCFVOGKAEMGNreqQpj9isawbFsTxPIcAjHKcLxXDcdwPE8HVvDcXw-H8AKgSgCVcpVHLAKYmEFbhFGHnhoFIP2oHxMA+WJYVqXFbhEALcYHxZeGaDfMGSG4fZiWTTypAbcG21pSVBaBrMIBoJg41unePLUPCkglOoX5OVNs3Xbhd2bVyj27Th4bUK4qjvsDz40nSwBgxNEP3QVLgwUV-7ZUTZ4dPAyBzNg0A2JkQjIDg6SZDkpOIKgGCU2KxHopg2IyDIxRlBU1AlMz5NszAFgoJAdQEEgWQ4Co-BCFIiJk6zXbQJ2oDxG8GKmDenZgBERKmB0BLRj5SDQPRIXQhzkDSjgiIYAQ0DnLA2BIBi5ydjgBnVB0zuuwQ7tUV7foIHIvvVMYAcIC7bsexiAY5L7mBQNKNSQJLNaxy7fRoFzOAiAAmrnIIIAX0LJzeIgIAIbDFzLERl-EUBYgosB1HyBBl6YFxZ6Q3s3pI6g6NQLfQtcmBdkPRcx+WPuIgItjZo+OCwaPF5rzDiHIahHSay6a+vu+n5A7+-4lIBwEdLMGCgHX28dIgmo0Zg2tr4i8ThF21w5NGr04R4xSk9L8Lgvymx-tgFApgQAcwgNCHAWc0ByAPqKF0OBeDP2DkgbWOBl42A6BTXAqtsFKQ7DgNiHFGIaS0rpfSRkTLmUstZWyWQOj0SQDKXglC1JcR4nxASQkRJiQklJJAMk5JAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:59 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H2 200 pageview
events.bouncex.net/track.gif/ 42 B
165 B 38ms
36ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdBOgGYDGA9oQLYS4YHQk26963PgKEBaDqhi8YAOxDpCAMlCRYCRB2SFcXXlBAKQAI3QRCmYgHYAQtSrouYSABMA+itdklFRUbGqEEAFUAMKu0BCoPu6eEL7+wYGuoeoR6dGuHOa4PgCOuACeARSuAAyRMcEFqEVm6Mg5VBnBtbn1VMCoXL79Qu2dIWGjecH9gz6q-JVB49l1rio+RlwcANaLmROrwYTIlkr4KT5cyoQwuKNVwVnhh1TcXNtwPryDaj79thBlLg9o8Dj1XElvH5lH4vIDBGw4F4QctnuCGoUNgIUU9Jr1gF5gBttsgcWCOlNXoUySt0X1UNBiaT0g9UaMHAARLTgaBwJBvD62GAALwgmAAbABWAAs3J0fP0IGUVyEahw+CInTotEY8BY7Ek-EEwlEJgkPCNsnkihUYTlvL0As+xi4iXMkEwuPtun5XHezrKwDFpGA6m9CqdEA2IrFkuqAEYABwaMTAfS8YCYaopkxp3AcNhZnMZlCETPZ1OIMDAcsab5wovwCCWG53GBeTDS+PSqgaWCt9uYeMOapd6qSqUATkTpAc0uqpA0cNgHAgg-FpEn8fjVHF0sTktnksnk8lDmH4YQg-jGnCxTaylX15T6DgQME-CMIAzQ5HY4nx6JomvYcK+8IgMAMBQPENxXJguDgIuy4jJgXi3lwaCrpgTaWBoPJApghjxOhbBFIOVAgAAMugACSAByNAALLwAAStsZQAOoAKoctKZQABrxlA4pOImMCENUvAaNg5ipB2FHUTRADKURKZREBKagHJsFAyAAB7oNUwrVOYAAqADiADSlhAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:40:59 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H3 200 7fe61b61deb67574fcbd423f591430a3.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 72 KB
72 KB 28ms
27ms Image
image/jpeg 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/7fe61b61deb67574fcbd423f591430a3.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: be699ffd6b1fdc6facf4666ddbff72e6903bc7ee85f7b271dcfd1a3b18fe00dc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 19:45:28 GMT
age: 2300131
x-guploader-uploadid: ABPtcPq6d0icLZpIDSItRwjNtaTOlnOgNXMPnDtii-2irGnd-1raucyR0n-bnalAeCXxtATmJZTOONI50Pxjh3kvhRfWAw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73525
last-modified: Tue, 31 Oct 2023 17:11:44 GMT
server: UploadServer
etag: "7fe61b61deb67574fcbd423f591430a3"
x-goog-generation: 1698772304840828
x-goog-hash: crc32c=itwfgw==, md5=f+YbYd62dXT8vUI/WRQwow==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 73525
accept-ranges: bytes
content-type: image/jpeg

GET
H3 200 59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 18 KB
18 KB 39ms
37ms Image
image/png 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 17:25:04 GMT
age: 234955
x-guploader-uploadid: ABPtcPoO44dhZ6C-dIHLmvK6rbJ9SChGCnJxkENliIdUgiGxGoNIwDH86cBBEYyr6uWZvK51dNgt3z1tXIebifZBIqIblQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18352
last-modified: Tue, 25 Aug 2020 15:57:40 GMT
server: UploadServer
etag: "59a941c096f98029341d8c56b7b89113"
x-goog-generation: 1598371060392963
x-goog-hash: crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 18352
accept-ranges: bytes
content-type: image/png

GET
H3 200 21acb0e87b74f5d66b46f5abbdfdae5d.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 34 KB
34 KB 45ms
44ms Image
image/jpeg 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/21acb0e87b74f5d66b46f5abbdfdae5d.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: c30b3c8f59aa0a8a6b4a286bee5ee71142b349231f200a3d8a8b1439f10c0cff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 05:06:50 GMT
age: 1056849
x-guploader-uploadid: ABPtcPprMCX4219WawjdfK7BfhZG-h43NzAiRLV6KifsMvUAm7oGEtIJyQI18dLQ3oWq6qceUNBpX9Gf7tMzXQJa2IjS-g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35063
last-modified: Wed, 01 Nov 2023 17:15:09 GMT
server: UploadServer
etag: "21acb0e87b74f5d66b46f5abbdfdae5d"
x-goog-generation: 1698858909771820
x-goog-hash: crc32c=ojJAOQ==, md5=Iayw6Ht09dZrRvWrvf2uXQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 35063
accept-ranges: bytes
content-type: image/jpeg

GET
H3 200 2d76399daf4b42a8a1789b981554960f.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 43 KB
43 KB 60ms
59ms Image
image/jpeg 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/2d76399daf4b42a8a1789b981554960f.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 4b412e122fd548bc6bf3a4bb81438a5a86dd8aadeae74a013dcd1a0c10f2ebca

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 19:45:28 GMT
age: 2300131
x-guploader-uploadid: ABPtcPrV0lTrdvD4Nse-2dVpmM5C7PZEyEFTWMlDgn4-Lyl8eg0nw9VldbBxvZVd8dtDnwAU2nlepo4XOSsil189bglAFg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44310
last-modified: Tue, 31 Oct 2023 17:01:36 GMT
server: UploadServer
etag: "2d76399daf4b42a8a1789b981554960f"
x-goog-generation: 1698771696675921
x-goog-hash: crc32c=0f/E0Q==, md5=LXY5na9LQqiheJuYFVSWDw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 44310
accept-ranges: bytes
content-type: image/jpeg

GET
H3 200 077fb7636e1876128516799bc11f63f5.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 50 KB
50 KB 52ms
51ms Image
image/jpeg 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/077fb7636e1876128516799bc11f63f5.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f445b2f3037ecfea6eb43c2eb344c2ed2f24c58a9880c2aa5aaf328d012df607

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 31 Dec 2023 12:11:39 GMT
age: 80960
x-guploader-uploadid: ABPtcPrtBfBrdw5zV9t5Mae1jiTWXsrJCG-3XQbYXi1gP0jnX9wkqYbI8OuLuFmITQLGE_I6PNsbWhe1WITEsnbx5_xdxA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51556
last-modified: Tue, 31 Oct 2023 17:01:59 GMT
server: UploadServer
etag: "077fb7636e1876128516799bc11f63f5"
x-goog-generation: 1698771719473549
x-goog-hash: crc32c=IwEB3w==, md5=B3+3Y24YdhKFFnmbwR9j9Q==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 51556
accept-ranges: bytes
content-type: image/jpeg

GET
H3 200 aad294f617411e0fd0ad3a2b05a5ae0d.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 57 KB
57 KB 66ms
64ms Image
image/jpeg 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/aad294f617411e0fd0ad3a2b05a5ae0d.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 6f34262b9a0345ac42b2d8d30b29c919a72d2c5bc789b0d5548cb41e2576df78

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 01:39:33 GMT
age: 378086
x-guploader-uploadid: ABPtcPpC9qVKoODRlzeRUNkE9kN0mcddssNDCAy8o8ZXIMa5RwOESYVFnOjirHZfoHuOOYb0iTdnacn1D9WFgs0go7OZOA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58088
last-modified: Tue, 31 Oct 2023 17:02:17 GMT
server: UploadServer
etag: "aad294f617411e0fd0ad3a2b05a5ae0d"
x-goog-generation: 1698771737010712
x-goog-hash: crc32c=zHWrCA==, md5=qtKU9hdBHg/QrTorBaWuDQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 58088
accept-ranges: bytes
content-type: image/jpeg

GET
H3 200 949ca8ee3c54e911de817865524ddb08.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 64 KB
64 KB 78ms
77ms Image
image/jpeg 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/949ca8ee3c54e911de817865524ddb08.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: b734645b3b1ff2f0daafc3b1f558a0418f557f893cfd737f569654b024260953

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:35:43 GMT
age: 2037916
x-guploader-uploadid: ABPtcPoTT-g73Q6w_FuasCJ_PiJoJX1xP-4w8Iub3LlwpcSAJoQvrcI0RJxkPfAFfz7sLARj41yY6uXHsFCZ7Z1iGPY0ylZxFLEA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65413
last-modified: Tue, 31 Oct 2023 17:02:40 GMT
server: UploadServer
etag: "949ca8ee3c54e911de817865524ddb08"
x-goog-generation: 1698771760157666
x-goog-hash: crc32c=05n7iQ==, md5=lJyo7jxU6RHegXhlUk3bCA==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 65413
accept-ranges: bytes
content-type: image/jpeg

GET
H3 200 16f45df19355361dc1c101036c0035b0.png
assets.bounceexchange.com/assets/uploads/clients/3258/creatives/ 2 KB
2 KB 79ms
77ms Image
image/png 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/3258/creatives/16f45df19355361dc1c101036c0035b0.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 04:15:52 GMT
age: 1664707
x-guploader-uploadid: ABPtcPrPA6WV_SHWe8EPba0HeniolRQLrInWjcYfU88v_ObHWMUFSOrn2TN5oIwyZ2fu0lzKc3Vl0H_LXPLYL8vz5zTJEg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2419
last-modified: Thu, 01 Apr 2021 03:01:32 GMT
server: UploadServer
etag: "16f45df19355361dc1c101036c0035b0"
x-goog-generation: 1617246092060079
x-goog-hash: crc32c=pklVBw==, md5=FvRd8ZNVNh3BwQEDbAA1sA==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 2419
accept-ranges: bytes
content-type: image/png

GET
H2

200

hash.gif
pix.cdnwidget.com/
Redirect Chain

https://pix.cdnwidget.com/redirect?CID=2aLlISCSLeSrDfvuxl0z0arTGKb&DID=2aLlINFMwRkyWUD4yX1v6B8is0m&v=&iv=&deviceid=6391126485375995717&visitid=1704105659837403&wsid=4142&apikey=2^HIykD
https://pippio.com/api/sync?pid=5749
https://pix.cdnwidget.com/hash.gif?md5=none&sha1=none&sha256=none

68 B
626 B

56ms
55ms

Image
image/png

34.149.254.212
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.cdnwidget.com/hash.gif?md5=none&sha1=none&sha256=none
Protocol: H2
Server: 34.149.254.212 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 212.254.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:41:00 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

date: Mon, 01 Jan 2024 10:41:00 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pix.cdnwidget.com/hash.gif?md5=none&sha1=none&sha256=none
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 202 graph
idr.cdnwidget.com/ 0
100 B 114ms
55ms Image
text/plain 34.149.130.207
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idr.cdnwidget.com/graph?cookieID=2aLlISCSLeSrDfvuxl0z0arTGKb&deviceID=2aLlINFMwRkyWUD4yX1v6B8is0m&bxdid=6391126485375995717&bxvid=1704105659837403&bxwid=4142&gm=true&apikey=2^HIykD&loadID=Z1mk49SX7FYl3iJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 207.130.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 01 Jan 2024 10:41:00 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 eligible
events.bouncex.net/track.gif/ 42 B
97 B 36ms
35ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7AAYALHKUBWAGwaAnFq1yycAI7yypEHwB2nAPoRgUHGVE8ADgQghrjnACYAZgUtXTkADgsWVGRMHAQWa1iADzICEExbHAArKDIeJmA4pTIAd0wkCE5MPzUVfzJGKCq-RVV1bT1w4JUlQIoGCFi-LUCwuX8tFXCNYL1dDQVFMk8MxkxS1otMEzhM4eAA1yIITM5OCD4oTgIPeWU1TQMlTX7kE7OCdwh6bGamaw4G4gfpFRixHDAKJ4ex+fwEAAyRAAkgA5ABiAFlSgAlADWAE8AOoAVQAIioCQANOT0LQAIXC0CUPDI4gIqGADkO8KRyJgbBgCMwMFQZLw9DgySISgAXkoOVIAOIAaQQQA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:41:00 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H2 200 pop
events.bouncex.net/track.gif/ 42 B
95 B 36ms
35ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/pop?wklz=A4e2C4EMGMBcEsBukEgHYF4EFsCmAnAMgHNcRxoQBXNWfAT0oBNcMBVAZRLPH12PjoMAOQCa3cpVrw0uWs1bCAgoSoBHDAEZC0SNmCR4xNPCYYATAGYA7ADYAnJoAchAM7V80VgCNqaLwAehJCktBgAVq6E2CAsGAAMhADuuN6u8LC4phgALJo55oSI8OkIZprW8XnxAKy2NfZONjnxloQsxV7ZtpaOmua2OU41Ng32NdYVhAakxbhJ2dquuGpUcl1mbdAANvBysDi4rrB6wFqV1XW28bU5Orv7kMBIBOlCJ8RtHfBeGExuIAAZrAAPrZcyQAAy2wAksIAGIAWSSACUANb0ADqbAAIjl6AANTSIWwAIScJXi2EIAAtIPgmGCzBDoTCOABhDiQ3AcfA4wGIKgBbbxABe8XpABUAOIAaW8QA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:41:00 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 26ms
26ms Image
image/gif 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=108189358&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Wunderkind&ea=Wunderkind%20Impression&el=SMS%20Opt-In%20-%20Entrance%20-%20Combined%20(Email%20THEN%20Type%20Text)%20%7C%20Entrance%20%7C%20Desktop%2FTablet%20%7C%20Unidentified%20%7C%20Test%3A%20Creative%20-%20GIF%20v%20Static%20%7C%20CCC%20%7C%20Single%20Build%20(2376912)%3A%20Overlay%20-%20variation%20-%20Combined%20(Email%20THEN%20Type%20Text)%20%7C%20Entrance%20%7C%20Static%20(2376918)&_u=aHDAAEABAAAAACgAIAC~&jid=&gjid=&cid=1877636890.1704105656&tid=UA-432816-1&_gid=1063520680.1704105656&gtm=45He3bt0n81WL3STMXv896608294&gcd=11l1l1l1l1&dma=0&z=1029540366

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Dec 2023 20:39:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50468
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 dvar
c.contentsquare.net/ 0
319 B 39ms
38ms Image
text/plain 54.84.87.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/dvar?v=13.76.1&pid=1926&pn=1&sn=1&uu=f6be7610-0b47-a97d-de31-650823f4e9ad&dv=H4sIAAAAAAAAA5VOywrCMBD8lSUnPYj33jTGB6KXRjyWtFllabot7VoU67%2B74Bd4GebBDPM2p1VxPRa2bUpijDBzTaAEfu%2FO4F8dgsenzGECx9IHrlDpBoda2m7pQ5lQ1LgwRWShG%2BnCpJVBMrA9BqERYQG7wxZGyEV1pbm1VjEnvieE9YNSNJn568Fvyny%2B8HX0Zr8AAAA%3D&ct=2&r=950873
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.84.87.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-84-87-164.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:41:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H3 200 id_sync
events.bouncex.net/track.gif/ 42 B
60 B 37ms
37ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2aLlINFMwRkyWUD4yX1v6B8is0m&source=web&agent=cjs&deviceid=6391126485375995717&visitid=1704105659837403&websiteid=4142&pageviewid=1&sequenceid=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:41:00 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

POST
H3 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 32 B
49 B 55ms
54ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 Jan 2024 10:41:00 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32

POST
H2 204 collect
analytics.google.com/g/ 0
54 B 40ms
39ms Ping
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je3bt0v879088318&_p=1704105655113&gcd=11l1l1l1l1&dma=0&cid=1877636890.1704105656&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&dt=&sid=1704105658&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&en=scroll&ep.page_type=content&ep.page_environment=production&ep.page_country=US&ep.page_language=EN&epn.percent_scrolled=90&_et=19&tfd=10907
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 10:41:03 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/

Domain: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=1243527165130;auiddc=1554942865.1704105656;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?

Domain: 10742279.fls.doubleclick.net
URL: https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7850576186917;auiddc=1554942865.1704105656;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?

Domain: www.paypal.com
URL: https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Verdicts & Comments Add Verdict or Comment

190 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

90 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sc-static.net/scevent.min.js	1970-01-20 17:23:12	Name: X-AB Value: b0abdf9f9dff4cfeb2717a9960d575ec
.elfcosmetics.com/	1970-01-21 02:07:21	Name: _pxvid Value: 3d4c9c20-a892-11ee-ba52-eb196a3d8697
.elfcosmetics.com/	1969-12-31 23:59:59	Name: pxcts Value: 3d4caf81-a892-11ee-ba52-95126f2ab497
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: initAuthComplete Value: true
.elfcosmetics.com/	1970-01-21 02:57:45	Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57 Value: %7B%22g%22%3A%22cbad24e6-5ac3-6ff5-ca48-0eb6729e37c4%22%2C%22e%22%3A1704107455134%2C%22c%22%3A1704105655135%2C%22l%22%3A1704105655135%7D
.elfcosmetics.com/	1970-01-21 02:57:45	Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57 Value: %7B%22g%22%3A%2202393175-0a3f-eaf5-75c9-c2fb08449cef%22%2C%22c%22%3A1704105655138%2C%22l%22%3A1704105655138%7D
.elfcosmetics.com/	1970-01-20 17:21:45	Name: _px3 Value: aad28ffd1c0b12607d01d46801013fdc6ea5e4a8d7c2004241a50ae771fde95f:Y1Eyno+zsdPa1JAjpRAxbtS61KcMYK8yZLSiE6+tvV81UmwMVsTMK4xp3r3ot59cqiW94GPOI+deyoA3i+hPWQ==:1000:W0ByoqVAvJDcx8RR3runUJJBfNMx8em6mPSPdNrY8jetFXU0oiuZX0LG7dXobj5ek3cugRAtwAKQMCHX2EYp6iQ9nrIVJOcX+vMyckpZj6QmfrzITn/Ihit34SA1Hti6T6p0DxYapOlZWvBi1Nc1BIGU2MDRv2f5hFLVucWy9NjwtDjXTTwRXfwAAHznbPgprOiVIlJafBpWwp4ht2XBIu1sEHgZPyTk+Buwc9KxUa0=
.elfcosmetics.com/	1970-01-20 19:31:21	Name: _gcl_au Value: 1.1.1554942865.1704105656
www.elfcosmetics.com/	1970-01-20 17:31:50	Name: FPC Value: 9755934b-00e3-48a3-9c7c-6a21916f0efd
.adsrvr.org/	1970-01-21 02:08:48	Name: TDID Value: 9b18e473-9644-4e9b-aa82-e1ff0b2cb58d
.adsrvr.org/	1970-01-21 02:08:48	Name: TDCPM Value: CAESGQoKcmlnaHRtZWRpYRILCLiAjayFsMU8EAUYBSgBMgsIyOGP2ZuwxTwQBUIPIg0IARIJCgV0aWVyMhABWgczZnRmbmgzYAFyCnJpZ2h0bWVkaWE.
.elfcosmetics.com/	1970-01-20 17:21:47	Name: _dyjsession Value: f9kn9i8rd5l5qv9dt9gdig0b4h6gc03q
.elfcosmetics.com/	1969-12-31 23:59:59	Name: dy_fs_page Value: www.elfcosmetics.com%2Fcosmetic-criminals
.elfcosmetics.com/	1970-01-20 17:21:48	Name: _dy_csc_ses Value: f9kn9i8rd5l5qv9dt9gdig0b4h6gc03q
.elfcosmetics.com/	1970-01-20 18:04:57	Name: _dy_c_exps Value:
.yahoo.com/	1970-01-21 02:07:43	Name: A3 Value: d=AQABBLeWkmUCEOwWrMrCpI7dizkrrK5S7LgFEgEBAQHok2WcZdxH0iMA_eMAAA&S=AQAAAsjPTPq4PCkJD8QV-VZCCiI
.elfcosmetics.com/	1970-01-20 17:23:12	Name: _gid Value: GA1.2.1063520680.1704105656
.elfcosmetics.com/	1970-01-20 17:21:45	Name: _gat_UA-432816-1 Value: 1
.elfcosmetics.com/	1970-01-21 02:07:21	Name: _dy_soct Value: 647796.1248068.1704105655.f9kn9i8rd5l5qv9dt9gdig0b4h6gc03q836603.1652212.1704105655837245.1654610.1704105656*861617.1750272.1704105655
.analytics.yahoo.com/	1970-01-21 02:07:21	Name: IDSYNC Value: "1769~2fxm:19e0~2fxm"
.pointmediatracker.com/	1970-01-21 02:08:48	Name: c Value: 79a1ae6a-0d8e-42a8-a12e-f4ad3906c060
.dynamicyield.com/	1970-01-21 02:08:48	Name: DYID Value: -3089469102153886024
.elfcosmetics.com/	1970-01-20 18:04:57	Name: _dycnst Value: dg
.elfcosmetics.com/	1970-01-21 02:07:21	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Jan+01+2024+00%3A40%3A56+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=0f4361f1-3ad6-4759-b2e2-5d646d927810&interactionCount=0&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&groups=1%3A1%2C2%3A1%2C3%3A1%2COSSTA_BG%3A1%2C4%3A1%2C5%3A1
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: scapi Value: prd:41b1e6f6-acbb-4b6b-ab38-9a235d472e72:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjQxYjFlNmY2LWFjYmItNGI2Yi1hYjM4LTlhMjM1ZDQ3MmU3MiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDEwNTYyNiwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsYmRHa3VzMHhId1J3dWxHd0dZWXdIeEc6OmNoaWQ6ICIsImV4cCI6MTcwNDEwNzQ1NiwiaWF0IjoxNzA0MTA1NjU2LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NzcwNTcyMzIzODE3Mzc5In0.cqAkbvkV7vquArNV93BG_dyLYrSn1ZCdEsPXFPFgU81iP5v3VZ7zSNDPSpe7FQsEwzT8eEAoT8UFsXoa2dg_9w
.adnxs.com/	1970-01-20 19:31:21	Name: uuid2 Value: 3871029856059803373
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: dwsid Value: S7asffWT7IFgXWHgm1bqmxuy_jngF6fkChBYOkG2lTebG-xJpYcUKr4hbNvohAMmgFRnBx9o61DP6WZffiBogQ==
www.elfcosmetics.com/	1970-01-20 21:40:57	Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92 Value: ablbdGkus0xHwRwulGwGYYwHxG
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: __cq_dnt Value: 1
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: dw_dnt Value: 1
.elfcosmetics.com/	1970-01-20 18:04:57	Name: _dyid Value: -3089469102153886024
.elfcosmetics.com/	1969-12-31 23:59:59	Name: _dyfs Value: 1704105656507
.bidr.io/	1970-01-21 02:50:15	Name: bito Value: AAIb5k7LJS0ABCZzYejPLg
.bidr.io/	1970-01-21 02:50:15	Name: bitoIsSecure Value: ok
.adnxs.com/	1970-01-20 19:31:21	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2In2jx+]i!]tbP6j2F-XstGt!@Dv@$wZge
.elfcosmetics.com/	1970-01-20 18:04:57	Name: _dycst Value: dk.w.c.ws.
.elfcosmetics.com/	1970-01-20 18:04:57	Name: _dy_geo Value: US.NA.US_NY.US_NY_Buffalo
.hb.yahoo.net/	1970-01-20 21:40:57	Name: visitor-id Value: 3471072566573139000V10
.hb.yahoo.net/	1970-01-20 17:41:55	Name: data-ttd Value: 9b18e473-9644-4e9b-aa82-e1ff0b2cb58d~~63
.elfcosmetics.com/	1970-01-20 18:04:57	Name: _dy_df_geo Value: United%20States.New%20York.Buffalo
.elfcosmetics.com/	1970-01-20 18:04:57	Name: _dy_toffset Value: 0
.doubleclick.net/	1970-01-21 02:57:45	Name: IDE Value: AHWqTUnNq5GM1keYrwqdUoAPDQMiB3trCGBnmlPSfoV_ZfUO69ppymo4k6lFlg0_wkk
.undertone.com/	1970-01-21 02:07:21	Name: UTID Value: fbad870306df4f03a64e4fd1369f3cb6
.undertone.com/	1970-01-21 02:07:21	Name: UTID_ENC Value: ewebh4qfu4zgz22pe8vmpixti
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.currency Value: USD
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: sid Value: OhoKjFzG9lPsSBsqqppq82oeWMhJQr02hgU
www.elfcosmetics.com/	1970-01-21 02:07:42	Name: _dyid_server Value: -3089469102153886024
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.InternationalUser Value: ""
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.location Value: US
www.elfcosmetics.com/	1970-01-20 17:23:12	Name: currentLocale Value: en_US
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.sessionid Value: ablbdGkus0xHwRwulGwGYYwHxG
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.LanguageIsoCode Value: en_US
.elfcosmetics.com/	1970-01-20 18:04:57	Name: rmStore Value: dmid:9097
.elfcosmetics.com/	1970-01-20 19:31:21	Name: _rdt_uuid Value: 1704105657794.aef67e42-1a6d-4790-9bf3-7ea8b951c661
.tiktok.com/	1970-01-21 02:43:21	Name: _ttp Value: 2aLlIAX6CB3bGPiW5OnVkfncFdi
.elfcosmetics.com/	1970-01-20 17:23:12	Name: _uetsid Value: 3f809ef0a89211eeac81515a8dc5adb7
.elfcosmetics.com/	1970-01-21 02:43:21	Name: _uetvid Value: 3f80a180a89211eea5b5d5fbdd54a3a4
.elfcosmetics.com/	1970-01-21 02:51:32	Name: _scid Value: 43c61c73-aa69-423e-9b0a-b530373b926a
.elfcosmetics.com/	1970-01-21 02:51:32	Name: _scid_r Value: 43c61c73-aa69-423e-9b0a-b530373b926a
.elfcosmetics.com/	1970-01-21 02:57:45	Name: _ga Value: GA1.1.1877636890.1704105656
.bing.com/	1970-01-21 02:43:21	Name: MUID Value: 05D6E24F175365590663F1B616316405
.bat.bing.com/	1970-01-20 17:31:50	Name: MR Value: 0
.elfcosmetics.com/	1970-01-21 02:07:21	Name: hero-session-efcf9631-4c6b-4874-9f76-51f71464249a Value: author=client&expires=1735641658042&visitor=0f566053-db4b-4056-ac99-70475f2cb731
.elfcosmetics.com/	1970-01-21 02:57:45	Name: _ga_ZLYXLXNDL8 Value: GS1.1.1704105658.1.0.1704105658.60.0.0
.elfcosmetics.com/	1970-01-20 19:31:21	Name: _fbp Value: fb.1.1704105658067.1596200941
.elfcosmetics.com/	1970-01-21 02:43:21	Name: _tt_enable_cookie Value: 1
.elfcosmetics.com/	1970-01-21 02:43:21	Name: _ttp Value: g8G8ZZEIrTT1qGsYNwdzFzGJZ46
.elfcosmetics.com/	1970-01-21 02:51:09	Name: _cs_c Value: 0
.elfcosmetics.com/	1970-01-21 02:51:09	Name: _cs_id Value: f6be7610-0b47-a97d-de31-650823f4e9ad.1704105658.1.1704105658.1704105658.1558384338.1738269658256
.pinterest.com/	1970-01-21 02:07:21	Name: ar_debug Value: 1
.elfcosmetics.com/	1970-01-21 02:07:21	Name: _pin_unauth Value: dWlkPU5tVXpOR1UwT0dFdFpqa3lZeTAwWkRZNUxXRTJNek10WTJKaU5UVXlOMlptWTJKag
.linksynergy.com/	1970-01-21 02:07:21	Name: rmuid Value: c9169b03-7bb8-4166-9518-5eebe5864ba1
imgs.signifyd.com/	1970-01-21 02:57:45	Name: thx_guid Value: d49d7b181f60689472c0eb76d9a11355
.elfcosmetics.com/	1970-01-20 17:21:47	Name: _cs_s Value: 1.5.0.1704107458964
.tapad.com/	1970-01-20 18:48:09	Name: TapAd_TS Value: 1704105658981
.tapad.com/	1970-01-20 18:48:09	Name: TapAd_DID Value: 2762ce09-9bae-4c42-aeca-82fec4ebe427
.tapad.com/	1970-01-20 18:48:09	Name: TapAd_3WAY_SYNCS Value:
.snapchat.com/	1970-01-21 02:43:21	Name: sc_at Value: v2\|H4sIAAAAAAAAAE3GwREAIQgEsIqYYRUQ7UYFqrD4+15eiR3p7TjNxCY5meStisJU7x3oUvYgvDBYwGo636/8Ac9/gGxAAAAA
.elfcosmetics.com/	1970-01-21 02:51:32	Name: _sctr Value: 1%7C1704103200000
.cdnwidget.com/	1970-01-21 02:53:26	Name: __3idcontext Value: {"cookieID":"2aLlISCSLeSrDfvuxl0z0arTGKb","deviceID":"2aLlINFMwRkyWUD4yX1v6B8is0m","iv":"","v":""}
.elfcosmetics.com/	1970-01-21 02:50:33	Name: __idcontext Value: eyJjb29raWVJRCI6IjJhTGxJU0NTTGVTckRmdnV4bDB6MGFyVEdLYiIsImRldmljZUlEIjoiMmFMbElORk13Umt5V1VENHlYMXY2QjhpczBtIiwiaXYiOiIiLCJ2IjoiIn0%3D
.rlcdn.com/	1970-01-21 02:07:21	Name: rlas3 Value: ZGL6X2fhHwKvwfdMYIopgD/Vq1CzEbS336LYMVaTY0I=
.bounceexchange.com/	1970-01-20 17:21:47	Name: bounceClientVisit4142c Value: %7B%22vid%22%3A1704105659837403%2C%22did%22%3A%226391126485375995717%22%7D
.elfcosmetics.com/	1970-01-20 17:21:47	Name: bounceClientVisit4142v Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0ApmAGYDGA9igLYUICWtKZDTRDzrDgFpaAJzZM2AOwCGYFCAA0IUTBBKQbFAH0A5vW0oKKFG3pSY1OUeVa9EQ8dPnL1igF8gA
.rlcdn.com/	1970-01-20 18:48:09	Name: pxrc Value: CLutyqwGEgUI6AcQABIGCOTrARAA
.linksynergy.com/	1970-01-21 02:07:21	Name: icts Value: 2024-01-01T10:40:59Z
.pippio.com/	1970-01-21 02:07:21	Name: did Value: ch4wTfbWB_TIu-6G
.pippio.com/	1970-01-21 02:07:21	Name: didts Value: 1704105660
.pippio.com/	1970-01-20 18:48:09	Name: nnls Value:
.pippio.com/	1970-01-20 18:48:09	Name: pxrc Value: CLytyqwGEgUI9ywQAA==

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://www.elfcosmetics.com/cosmetic-criminals(Line 362) Message: Access to image at 'https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_ Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://connect.facebook.net/signals/config/1638306756445368?v=2.9.138&r=stable&domain=www.elfcosmetics.com(Line 146) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
ads.undertone.com
adservice.google.com
alb.reddit.com
analytics.google.com
analytics.pangle-ads.com
analytics.tiktok.com
api.bounceexchange.com
api.ipify.org
api.usehero.com
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.usehero.com
cnv.event.prod.bidr.io
collector-pxxt4gy2ig.px-cloud.net
connect.facebook.net
cosmeticcriminal.com
ct.pinterest.com
data.cdnbasket.net
elfcosmetics.a.bigcontent.io
events.bouncex.net
evt.undertone.com
external-api.jebbit.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
hb.yahoo.net
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
js.cnnx.link
js.jebbit.com
page.cdnbasket.net
pd.cdnwidget.com
pippio.com
pix.cdnwidget.com
pixel.pointmediatracker.com
pixel.tapad.com
px.dynamicyield.com
qoe-1.yottaa.net
s.pinimg.com
sc-static.net
sdk.iad-05.braze.com
secure.adnxs.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tags.rd.linksynergy.com
tr.snapchat.com
tr6.snapchat.com
ups.analytics.yahoo.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aafemihslxtswxpqboff45naoes5ygm3r2c5f6bc415ade5a42sac.d.aa.online-metrix.net
websdk.appsflyer.com
www.elfcosmetics.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
cdn-fsly.yottaa.net
www.paypal.com
104.237.62.212
107.178.254.65
142.251.16.157
151.101.0.84
151.101.129.140
151.101.129.21
151.101.129.35
151.101.130.133
151.101.66.133
165.254.198.225
172.253.63.149
18.154.227.34
18.155.191.244
18.155.202.17
18.173.121.36
184.27.13.189
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
2001:4860:4802:32::181
2001:4860:4802:34::178
204.2.131.15
204.2.49.172
23.212.250.138
23.222.5.87
23.40.62.80
2600:1408:5400:13::17cf:cacd
2600:1901:0:56e0::
2600:9000:2006:de00:13:d6f4:3240:93a1
2600:9000:201e:7e00:15:ad21:c740:93a1
2600:9000:234b:5400:a:b89d:a6c0:93a1
2600:9000:24bb:7000:11:85b0:d600:93a1
2600:9000:25f1:c00:a:7914:b00:93a1
2606:4700:4400::6812:2a49
2606:4700:4400::ac40:9b77
2606:4700::6812:83ec
2607:f8b0:4004:c08::61
2607:f8b0:4004:c08::63
2607:f8b0:4004:c08::9a
2607:f8b0:4004:c08::9c
2607:f8b0:4004:c1d::9d
2620:1ec:c11::200
2a03:2880:f003:100:face:b00c:0:3
2a03:2880:f103:83:face:b00c:0:25de
2a04:4e42:600::396
2a04:4e42:77::84
3.162.112.105
3.213.5.9
3.220.245.192
3.225.218.10
34.102.147.248
34.102.221.243
34.111.113.62
34.111.8.32
34.117.241.125
34.120.253.250
34.149.101.92
34.149.130.207
34.149.254.212
34.230.254.96
34.98.67.3
34.98.72.95
35.190.10.96
35.190.43.134
35.244.154.8
44.212.142.71
52.223.40.198
54.146.211.231
54.154.97.89
54.84.87.164
68.67.160.186
99.84.238.117
00e285742d014f2662b33186bcb677e1532e044eeaecacd8834c94a0808f53eb
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
14418f48682cd53a6409b96eca664d9f13187a23d376266b9962d2979e449f8b
19b9a6628fa003af26766ce1578420be5068227a572c78f0e20b53e2f2fc1886
1a09824b6d7bbd0f5e82a23d14da408abfba60d02f5bdb48309d3ab6ca61bb1f
1a1fe89f11a11d89299028b565a99569e2aa5df3055ce514ba4dec2a8f0fe4fa
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
2125f1a011cbd591338ae3c896d3b5b6ad80930fe86493af4518510ede5795cf
22fba3fdac1cd52fe3838ac8abb80311188a9be48a19c250f2042f769808379c
24281315b5bba0ab8e353a951a118183a3c292580e8c6a3ca673853a339fb6fb
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2b87052b076dee712c35554a591f7fa41bcfc76acace7199b1e1363d67294907
2c8574ba42424a1dcf02c58fda5e3482e2262e0b0dddd09e5935bd94e5eba03e
2cede5633d463ff64aa49e24a03624ca70f2acf906a45819062c9f51eab41f11
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5
30766af54516bbc623c690d7506f7d86b6c987acbcc1229debb7dff8f463459b
30ca5a7ae3f12eb7d187d400d8c23903395c7e9c3fa7f85cb742785af28f2c81
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
3320581beae76484fd6700feb23379254e829839ac8d7581d726b274d39ce501
33bb56a2ae76b3945214ce826ef8cd4ec9294135a5a2873436e31f5377c9d790
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c
3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b
3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
406c93b0692878bad84a4f34065184d023ac12f1b92d9cb0398642fb0de45c2d
40bbf29a0b23da4cb24a8ad5aa9946c8f6b852e81e1e9b60bb2353bf3a48d6e2
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4b412e122fd548bc6bf3a4bb81438a5a86dd8aadeae74a013dcd1a0c10f2ebca
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f770b32793546ad41060cc03c06e4a744b10e9ae4af0b2b0522cfcf1fb33285
509b8fbd10c17e0044710c69d7ca1b3349bc58485e6147a62b9ec473483c970a
51558a5892a3d93e4c5a38d55aff112e8b6d3860852e3048f622dfe6fa810c29
55788c5128dfe492550d4be991c50248941d9231a1abe334a97dc8951685aab7
57e461c9b78558e62478cca713658387eaf54afe6ae0a8128ee38e5846b4d6d8
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
60cc60a6fcbd230def379432395199b585791ed521e2e5f595369a2193e617fb
613a0081b64a7df6a20f9ba46cd384e4061e288f439ba8755cd664fbad3177c8
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6b42a56b231d70ea3691b9f46363b9f8ed6ca35f6b50084718669b8beac1e57d
6d72fa0f78c80b1874d3ee4aadf43d973edc442a65fef83d37e684ac559893b7
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6f34262b9a0345ac42b2d8d30b29c919a72d2c5bc789b0d5548cb41e2576df78
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
758ecc5ef443fe36eefbfb484b441307128a5f355f7f32c3c0367e5adf7ed88c
76ccee8dcac265bb4a7e8ec0fc9bc41d9c50a4d7152202944486cdf5d29d3104
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b
7bab85eaa8d74cec964409d9e0a5c6d7ed0000b23b6400c562333c6483761ca2
7d6b2e34f8baa2cbb0d0352ba4401894ca78bd0e98a8f0259798be00d3f9f4ec
7d6c4d0f6c0243be96359698866dd471c961e463dbc5604aebc1c36a229ba303
7dea142a8cade81a17d2cce928a562d6c7ecfab7b5a3bf05fd044c97a1b4ba9f
8246a4e2f8f8d77d34b08fb83fbcc0ffa8f0e7ebb14994dde12e542c498615e5
828011e932c7f65177e00c50ef88564628178b9d3190845404b02e3132a14c90
82f00a08cc92aafe56c16130c66c1316e0e4b28433e806a426bf3cb5f20391d2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8e33955f54ef8025b647a6e685fa689a9256fc5c987f7dc98590310ac3c358e5
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45
931d126071a21be1591d3c38690272ff2b56ec64f8309b6501f47193f9062750
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
958cf6266164432659b85e2cacc81a9da1a1d34de904ebb557df3fc8b5aba085
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77
9a77cbb7b054563b83506932790e70186ba3a92e69a147216e3176337178adbb
9b3632368a9856515572ac89df71707fcef5d58219d9b7c1b1de04a995f30973
a19915f513441bab259dbf5472a9501139e4eda8d1891ca5a0bd4efd6d60dd4d
a1d4b01843b9dad68a10bba7ab416fb60cbe6052a223f6bd74cbad286b812b2a
a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a68adcd6e4525179b1a4e28b16abe4777a0afb870b4317b427f6d6ea8fbe22ed
ab12e815caea6aba8fe2da60e7d298cccb649166f81926ff64e5dc56ea526522
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c
acca51897d6fe52598e02e817e8ef5a64a8707fb94716128d423280f4afa9c31
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b07741fbd0bdb8453cfc2834881c7301a3f8298703bce9f005e3f15251073943
b1e7552098bfa8f97ae14e65aa12dbb1a17d84097b0757022a768473def04dce
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22
b2848023bb8808ebf330b6a2deb823fc64bba02cb94572a2fb2faf4f682b49b3
b32049a37275488432092b8fb2f61c19b0424a356eef7243f7efc6715c24fc15
b3dfd765b2448d6b895743c2ef502d2a12efeb74f1506493c9126b99565806d1
b5b5bff47a857b32d62370bd8c282a5aae2630e337b181b649ef7356f141e62b
b734645b3b1ff2f0daafc3b1f558a0418f557f893cfd737f569654b024260953
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd746f5f030d16aebdf201ae14d229278bde8405b1f49144eafb27bf6493e1d0
be699ffd6b1fdc6facf4666ddbff72e6903bc7ee85f7b271dcfd1a3b18fe00dc
bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c
c30b3c8f59aa0a8a6b4a286bee5ee71142b349231f200a3d8a8b1439f10c0cff
c4fad867557fa65e1a778e915c0b4ed0cd1bbb4443452c8943e5cec6504311e7
c5e1c37734a3284a4b0fb26670461dbbd336f33e8d377108f1e1bfc2bfd52445
c78df258aa619442045244aace725c28f23b3fbb55e228b518b364b87b63a896
c8f761d0c549a7bbddbeac60d5f3740c470cd722fc00bfb9119e359f419c1df9
c8f9d23402ef6e752c5d73154b1e4ebd62386d451ece1cb0312b32227ad8456f
c9d9ec99d8b568a4f1175c1df7e0e687b7611f323f00d9296bff29f91dacfd9e
ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd0b162bc6e5a1dfcdba80c8b12d3f2ec6ac423a1c1ed7d996779d9c6b81f346
cf1b4e2a57de561424fb99aa43ef462868d58d9c205a38ae3f564c10266a4dbc
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d37545bbfbab30b44e51e630172af7d5d8a717afe66642b3e8eba0f6e1666872
d3c48f5b4c2735a72d39be99a6d869f699957bc5267d0107cadd796ac511e799
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d8a6566c7e926c37c010dc811a5e82d5eddad8b10057bf711f0f644be60707d3
dc51d119213575586843fe42864d743cfdd25fcf90c554ddbe222216d7aadc3b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
e038dff62440b626103b2b81adcbb64b5cb3bd80433d1a710f37162cd7c0cc17
e164d3eb3e9b278fea4e13e0d68d3f1bb3fc421c3a2b709710ddfe8762dc4fad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e462dc08aa29e50a02b133f3c0f61cdcb485485251c0df165bfc2886a1a24fd6
e8f118daabadc747ba3e2236a27edce749bb73dde4f16c6c6acc5cce36009a36
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ec82b31e96055d86efd9adec9781b4b588e877c51b1b62ce71dbf73d64ab5318
ed079d77ba54a8e4bfc931029de75b1f5128fcae45e274d53aca95f8ab17b438
eddc11d8be0ae5311acc08d5f2ebe7ff9426384f6408ecbb56abbd7fb5e03743
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef45c21f7e054481c81992c1a46293a28c9bb8b3722bc566479326187f473c8c
f114a64c26edb67def4dd84a00694f76e0573aedddb68428c52c6ea8b00de4c3
f4439a701be0cfa21fd55ca318533170a8dcf74893c41b7a0330780a816f0aab
f445b2f3037ecfea6eb43c2eb344c2ed2f24c58a9880c2aa5aaf328d012df607
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6
f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f82bfdad6650d972584bc3bf0d250ad3417ca70b8d7f3bd3aee48dffcac12e2d
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
f8cb6eee123a10e13734eff6d7a30a07104639e272217ba28c1dbf36e0eabaf2
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616

www.elfcosmetics.com Open in urlscan Pro 204.2.49.172 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

215 Requests

94 %HTTPS

30 %IPv6

53 Domains

78 Subdomains

66 IPs

2 Countries

3829 kBTransfer

13920 kBSize

90 Cookies

16 Outgoing links

Page URL History

Redirected requests

215 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.elfcosmetics.com Open in urlscan Pro
204.2.49.172 Public Scan

Screenshot
Live screenshot

Full Image

215
Requests

94 %
HTTPS

30 %
IPv6

53
Domains

78
Subdomains

66
IPs

2
Countries

3829 kB
Transfer

13920 kB
Size

90
Cookies

215 HTTP transactions
3 data transactions