www.elfcosmetics.com Open in urlscan Pro
204.2.133.170 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cosmeticcrimal.com/
Effective URL:
https://www.elfcosmetics.com/elf-cosmetic-criminals
Submission: On June 27 via api (June 27th 2024, 11:43:54 am UTC) from US — Scanned from DE

Summary HTTP 125 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 41 IPs in 4 countries across 28 domains to perform 125 HTTP transactions. The main IP is 204.2.133.170, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 103291.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.

This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	204.141.88.74 204.141.88.74	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1 15	204.2.133.170 204.2.133.170	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
4	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
5 11	2a02:26f0:310... 2a02:26f0:3100::1735:2b10	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2a02:26f0:310... 2a02:26f0:3100::1735:2b28	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
3	151.101.130.133 151.101.130.133	54113 (FASTLY) (FASTLY)
7	2606:4700:440... 2606:4700:4400::6812:25a1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2606:4700::68... 2606:4700::6813:b134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
3	2600:9000:275... 2600:9000:275d:ae00:a:b89d:a6c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	104.26.13.205 104.26.13.205	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:2250:a200:15:ad21:c740:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	142.250.186.164 142.250.186.164	15169 (GOOGLE) (GOOGLE)
1	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
7	13.35.58.109 13.35.58.109	16509 (AMAZON-02) (AMAZON-02)
1	165.254.56.40 165.254.56.40	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1	34.102.147.248 34.102.147.248	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	151.101.1.21 151.101.1.21	54113 (FASTLY) (FASTLY)
1	184.31.94.141 184.31.94.141	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a02:26f0:350... 2a02:26f0:3500:11::215:14d5	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	172.217.16.206 172.217.16.206	15169 (GOOGLE) (GOOGLE)
1	18.244.18.53 18.244.18.53	16509 (AMAZON-02) (AMAZON-02)
1	151.101.193.21 151.101.193.21	54113 (FASTLY) (FASTLY)
2	172.217.23.104 172.217.23.104	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	34.98.67.3 34.98.67.3	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	34.49.124.132 34.49.124.132	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
2	54.72.226.63 54.72.226.63	16509 (AMAZON-02) (AMAZON-02)
2 4	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
2	54.171.23.152 54.171.23.152	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700:440... 2606:4700:4400::ac40:91b7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.211.148.8 52.211.148.8	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	18.244.179.17 18.244.179.17	16509 (AMAZON-02) (AMAZON-02)
13	91.235.133.113 91.235.133.113	30286 (THM) (THM)
1	91.235.132.130 91.235.132.130	30286 (THM) (THM)
1	2620:f3:0:14:... 2620:f3:0:14:b401:8ee8:4321:ad82	30286 (THM) (THM)
1	91.235.134.131 91.235.134.131	30286 (THM) (THM)
125	41

1 204.141.88.74 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

cosmeticcrimal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 204.2.133.170 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

www.elfcosmetics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:26f0:3100::1735:2b10 (Frankfurt am Main, Germany) 5 redirects

ASN20940 (AKAMAI-ASN1, NL)

cdn.media.amplience.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:3100::1735:2b28 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.static.amplience.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.130.133 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn-fsly.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:4400::6812:25a1 (United States)

ASN13335 (CLOUDFLARENET, US)

sdk.iad-05.braze.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6813:b134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:275d:ae00:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.13.205 (None, )

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:a200:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)

st.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.164 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.35.58.109 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-58-109.fra60.r.cloudfront.net

async-px.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 165.254.56.40 (United States)

ASN393259 (YOTTAA-AS-1, US)

qoe-1.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com

tag.rmp.rakuten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.1.21 (San Francisco, United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.31.94.141 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-94-141.deploy.static.akamaitechnologies.com

static.ordergroove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:11::215:14d5 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

websdk.appsflyer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f14.1e100.net

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.244.18.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-18-53.fra56.r.cloudfront.net

t.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.21 (San Francisco, United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.104 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com

ut.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.49.124.132 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 132.124.49.34.bc.googleusercontent.com

sgtm.elfcosmetics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.72.226.63 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-226-63.eu-west-1.compute.amazonaws.com

c.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.98 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.171.23.152 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-23-152.eu-west-1.compute.amazonaws.com

api.cquotient.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:91b7 (United States)

ASN13335 (CLOUDFLARENET, US)

elfcosmetics.a.bigcontent.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.211.148.8 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-148-8.eu-west-1.compute.amazonaws.com

srm.ba.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.244.179.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-179-17.lhr61.r.cloudfront.net

cdn-scripts.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 91.235.133.113 (United States)

ASN30286 (THM, US)

imgs.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.132.130 (United States)

ASN30286 (THM, US)
PTR: h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:f3:0:14:b401:8ee8:4321:ad82 (United States)

ASN30286 (THM, US)

h64.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.134.131 (United States)

ASN30286 (THM, US)

w2txo5aahbbqdf77b2jsvwmmaykvme4d4gwgynur9ee414eb1af926b2am1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	elfcosmetics.com 1 redirects www.elfcosmetics.com — Cisco Umbrella Rank: 103291 sgtm.elfcosmetics.com — Cisco Umbrella Rank: 250639	311 KB
16	amplience.net 5 redirects cdn.media.amplience.net — Cisco Umbrella Rank: 15878 cdn.static.amplience.net — Cisco Umbrella Rank: 46119	9 MB
15	signifyd.com cdn-scripts.signifyd.com — Cisco Umbrella Rank: 8738 imgs.signifyd.com — Cisco Umbrella Rank: 7238	73 KB
12	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 378	170 KB
11	dynamicyield.com cdn.dynamicyield.com — Cisco Umbrella Rank: 9513 st.dynamicyield.com — Cisco Umbrella Rank: 8959 async-px.dynamicyield.com — Cisco Umbrella Rank: 9234	266 KB
7	paypal.com www.paypal.com — Cisco Umbrella Rank: 3110 t.paypal.com — Cisco Umbrella Rank: 3894	126 KB
7	braze.com sdk.iad-05.braze.com — Cisco Umbrella Rank: 2837	1 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 81	490 KB
5	youtube.com www.youtube.com — Cisco Umbrella Rank: 96	13 KB
4	googlesyndication.com 2 redirects ade.googlesyndication.com — Cisco Umbrella Rank: 335	1 KB
4	contentsquare.net t.contentsquare.net — Cisco Umbrella Rank: 3715 c.contentsquare.net — Cisco Umbrella Rank: 4692 srm.ba.contentsquare.net — Cisco Umbrella Rank: 21163	81 KB
4	yottaa.net cdn-fsly.yottaa.net — Cisco Umbrella Rank: 26578 Failed qoe-1.yottaa.net — Cisco Umbrella Rank: 12022	1 MB
3	online-metrix.net h.online-metrix.net — Cisco Umbrella Rank: 2940 h64.online-metrix.net — Cisco Umbrella Rank: 2088 w2txo5aahbbqdf77b2jsvwmmaykvme4d4gwgynur9ee414eb1af926b2am1.e.aa.online-metrix.net	795 B
3	bigcontent.io elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 230074	8 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 71 region1.google-analytics.com — Cisco Umbrella Rank: 2355	21 KB
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2807	16 KB
2	cquotient.com api.cquotient.com — Cisco Umbrella Rank: 41751	518 B
2	ipify.org api.ipify.org — Cisco Umbrella Rank: 2418	224 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 495	99 B
1	linksynergy.com ut.rd.linksynergy.com — Cisco Umbrella Rank: 9655	406 B
1	appsflyer.com websdk.appsflyer.com — Cisco Umbrella Rank: 5461	12 KB
1	ordergroove.com static.ordergroove.com — Cisco Umbrella Rank: 33195	43 KB
1	rakuten.com tag.rmp.rakuten.com — Cisco Umbrella Rank: 8585	15 KB
1	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 70	65 B
1	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 5	24 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 653	307 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 816	24 KB
1	cosmeticcrimal.com 1 redirects cosmeticcrimal.com	329 B
125	28

	Domain	Requested by
15	www.elfcosmetics.com	1 redirects www.elfcosmetics.com cdn-fsly.yottaa.net t.contentsquare.net
13	imgs.signifyd.com	www.elfcosmetics.com imgs.signifyd.com
12	cdn.cookielaw.org	cdn-fsly.yottaa.net cdn.cookielaw.org www.elfcosmetics.com
11	cdn.media.amplience.net	5 redirects www.elfcosmetics.com
7	async-px.dynamicyield.com	cdn.dynamicyield.com
7	sdk.iad-05.braze.com	cdn-fsly.yottaa.net t.contentsquare.net
5	www.paypal.com	www.elfcosmetics.com www.paypal.com
5	www.googletagmanager.com	www.elfcosmetics.com
5	cdn.static.amplience.net	www.elfcosmetics.com
5	www.youtube.com	www.elfcosmetics.com
4	ade.googlesyndication.com	2 redirects
3	elfcosmetics.a.bigcontent.io
3	sgtm.elfcosmetics.com	www.googletagmanager.com
3	cdn.dynamicyield.com	www.elfcosmetics.com
3	cdn-fsly.yottaa.net	www.elfcosmetics.com
2	cdn-scripts.signifyd.com	www.elfcosmetics.com
2	www.paypalobjects.com	www.elfcosmetics.com
2	api.cquotient.com	t.contentsquare.net
2	c.contentsquare.net
2	t.paypal.com
2	www.google-analytics.com	www.elfcosmetics.com www.google-analytics.com
2	api.ipify.org	cdn-fsly.yottaa.net
1	w2txo5aahbbqdf77b2jsvwmmaykvme4d4gwgynur9ee414eb1af926b2am1.e.aa.online-metrix.net
1	h64.online-metrix.net	imgs.signifyd.com
1	h.online-metrix.net	imgs.signifyd.com
1	idsync.rlcdn.com
1	srm.ba.contentsquare.net	t.contentsquare.net
1	ut.rd.linksynergy.com	www.elfcosmetics.com
1	region1.google-analytics.com	www.googletagmanager.com
1	t.contentsquare.net	www.elfcosmetics.com
1	websdk.appsflyer.com	www.elfcosmetics.com
1	static.ordergroove.com	www.elfcosmetics.com
1	tag.rmp.rakuten.com	www.elfcosmetics.com
1	qoe-1.yottaa.net	www.elfcosmetics.com
1	googleads.g.doubleclick.net	www.elfcosmetics.com
1	www.google.com	1 redirects
1	st.dynamicyield.com	www.elfcosmetics.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	code.jquery.com	www.elfcosmetics.com
1	cosmeticcrimal.com	1 redirects
125	40

This site contains links to these domains. Also see Links.

Domain
cdn.dynamicyield.com
st.dynamicyield.com
rcom.dynamicyield.com
www.tiktok.com
www.instagram.com
www.pinterest.com
www.facebook.com
www.youtube.com
twitter.com
www.snapchat.com
www.linkedin.com
www.elfbeauty.com
elfcosmetics.onelink.me
preferences.elfcosmetics.com
www.onetrust.com

Subject Issuer	Validity	Valid
*.elfcosmetics.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-25` - `2024-10-25`	a year	crt.sh
*.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
dm.amplience.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-20` - `2024-08-14`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.yottaa.net GlobalSign RSA OV SSL CA 2018	`2023-09-13` - `2024-10-14`	a year	crt.sh
sdk.iad-05.braze.com WE1	`2024-06-17` - `2024-09-15`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
*.google-analytics.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.dynamicyield.com Amazon RSA 2048 M02	`2023-09-03` - `2024-10-01`	a year	crt.sh
ipify.org GTS CA 1P5	`2024-05-19` - `2024-08-17`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
tag.rmp.rakuten.com WR3	`2024-05-29` - `2024-08-27`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2024-02-08` - `2025-02-08`	a year	crt.sh
*.ordergroove.com Go Daddy Secure Certificate Authority - G2	`2023-08-04` - `2024-08-17`	a year	crt.sh
*.appsflyer.com DigiCert TLS RSA SHA256 2020 CA1	`2023-07-27` - `2024-07-27`	a year	crt.sh
t.contentsquare.net Amazon RSA 2048 M01	`2023-09-13` - `2024-10-11`	a year	crt.sh
*.rd.linksynergy.com ZeroSSL RSA Domain Secure Site CA	`2024-01-23` - `2025-01-22`	a year	crt.sh
sgtm.elfcosmetics.com WR3	`2024-05-14` - `2024-08-13`	3 months	crt.sh
dep.ba.contentsquare.net Amazon RSA 2048 M03	`2024-02-18` - `2025-03-19`	a year	crt.sh
*.cquotient.com Amazon RSA 2048 M02	`2024-03-05` - `2025-04-03`	a year	crt.sh
*.bigcontent.io GeoTrust TLS RSA CA G1	`2024-04-02` - `2025-05-03`	a year	crt.sh
srm.ba.contentsquare.net Amazon RSA 2048 M02	`2023-11-07` - `2024-12-06`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-06` - `2025-03-05`	a year	crt.sh
cdn-scripts.signifyd.com Amazon RSA 2048 M02	`2024-06-02` - `2025-06-30`	a year	crt.sh
imgs.signifyd.com Go Daddy Secure Certificate Authority - G2	`2023-10-20` - `2024-11-20`	a year	crt.sh
online-metrix.net Viking Cloud Organization Validation CA, Level 1	`2024-03-20` - `2024-10-21`	7 months	crt.sh
*.aa.online-metrix.net Viking Cloud Organization Validation CA, Level 1	`2024-03-20` - `2024-10-21`	7 months	crt.sh

This page contains 9 frames:

Primary Page: https://www.elfcosmetics.com/elf-cosmetic-criminals
Frame ID: 88A270BF2A8AD345CDDCE898382FF3FE
Requests: 104 HTTP requests in this frame

Frame: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Frame ID: CA4561C9139CAD06DABDDE1E6A9C1A0E
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: 715A16911B33291EC674F2B655D44A66
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.64.8&integrationType=SDK
Frame ID: 4D25A97B155BDFAC228353503D6E01A8
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: DBBC868236882783207B9E6C0AE6AA43
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/DJYkTecxc0MW6-f0?227bdf11eef13909=AdJ3YzHis8BVLFJEQvLs_W67LYIn1h0xdqSy97013SkdbeqsMROdQilDISDAkt0sWRHJ-1Ifu6RJqBK2l6JFww0S0uaQPEX5wSzVDZLvtipLdsFQtOroMMAIPvRHQCXAyiAXgrQwyXl5mkewJDqryUuL_PW2Le9quXAPGD7XMwSdUC0wSqIYsE6rGNswrRtSor4_om7g033FWmK6&jb=3d332e2662716f7d375761666c6d7d792e687b67375563646c6d7d792d3238393b266a736a7f354360706f656f26627b6a3f49627a6d656d2f303a3b3a34
Frame ID: 49D4BD364581EF05D86BA57A0227DD38
Requests: 12 HTTP requests in this frame

Frame: https://imgs.signifyd.com/dsFtkAbMgHn2xvXv?228314b37b81e029=SgMdUfqIKDBmrsi5hDGoBXuMMelj4HGf76lxYDcDyzepL8uCRHthACZUvZMRsg4HY-gAxB7JfzG070yNHsCSLRcQ1uKYFPPF4aWXt6Yf3fihJt-MpIV6ddGrI2OIRyFZQn9UJMs4ZbKpmxF-s1fS3za8blmV0BVHZS4y6ycC0xswtVsADCyPkIdNyKdU2GdEvo_xt_jpk3QX0_Codvs
Frame ID: 3A92C6D814934DE99F3E303E4E049FFC
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/7GRj0lWCLFYsFZXM?2201df8e509a63ac=adyz6pUXiicugtCWxliJ6ySISZDT-gKwxLYcXoYsfUT9h-SKVG5uyBjU0JTNSpy5i2BXI76UkKO7y30WYky6pw1AyH00F7NPLXs50ZyBP7H73bR_9nM5h5qVQB5WbV--vhMo3z_ByXC78k1_Ej7kvy8Mr9GiAMTs4EqTPfnklG-8_95mwGbgsJcYEIf_SRaYa2Hqvad4Ts9Nt-DkJ7xN
Frame ID: EEB11199BACC2122F26303C86501FF37
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/FEw_W_hGskcMKh2T?5049126a10c22fbc=W0I5q2ksd8-AHKEJ9gMSoGqlSz4P9H5YE4vue5IB-rqm8J8Qf8iXqbo_qOffFA8Kg14b7c2aZx928TOut_HqFGRr-UIxVrFCMPJNKjRLYqT66LUU09_00Z5QUYL2mlQBg0wJRfji9JkWTxQNwRu_P6QWcHZ_K9cuHBHnFPGTTs9owFasO_ZUwYIIl-f0LftethqEVmjSpnhoOeyT-lpz
Frame ID: CD246F02E50B445F825F109488585614
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cosmetic Criminals | e.l.f. Cosmetics

Page URL History Show full URLs

https://cosmeticcrimal.com/ HTTP 301
https://www.elfcosmetics.com/elf-cosmetic-criminals Page URL

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

Dynamic Yield (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

cdn\.dynamicyield\.\w+/

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Rakuten (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

tag\.rmp\.rakuten\.com

basket.js (JavaScript Libraries) Expand

Overall confidence: 10%
Detected patterns

basket.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

125
Requests

91 %
HTTPS

36 %
IPv6

28
Domains

40
Subdomains

41
IPs

4
Countries

11764 kB
Transfer

19801 kB
Size

44
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://cdn.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://st.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://rcom.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@elfyeah/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/eyeslipsfacedotcom

Search URL Search Domain Scan URL

URL: https://twitter.com/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.snapchat.com/add/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/e-l-f-beauty

Search URL Search Domain Scan URL

URL: https://www.elfbeauty.com/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.elfbeauty.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://elfcosmetics.onelink.me/wTtZ/AcrossSiteCosmetics

Search URL Search Domain Scan URL

URL: https://preferences.elfcosmetics.com/dont_sell
Title: Do Not Sell My Personal Info/Opt Out of Targeted Ads

Search URL Search Domain Scan URL

URL: https://preferences.elfcosmetics.com/privacy
Title: Privacy Rights Request Form

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cosmeticcrimal.com/ HTTP 301
https://www.elfcosmetics.com/elf-cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4

Request Chain 12

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4

Request Chain 13

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4

Request Chain 14

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4

Request Chain 15

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4

Request Chain 30

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=b5-pPXy0NQBd2WLZ_nBDhYJUVHCijuazb4RXqf_vN3s HTTP 303
https://www.elfcosmetics.com/callback?usid=e228abe5-859f-410d-88dd-bfefc9d26ab8&code=EvDok4Zy6TKy6TCu3zdNVv6PCgqZIJVhlScGjRdIlCc

Request Chain 34

https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t2t5&tag_exp=0&rnd=876396582.1719488625&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=sypham&dma=1&npa=0&gtm=45He46q0n81WL3STMXv896608294za200&auid=1190893908.1719488625 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t2t5&tag_exp=0&rnd=876396582.1719488625&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=sypham&dma=1&npa=0&gtm=45He46q0n81WL3STMXv896608294za200&auid=1190893908.1719488625

Request Chain 84

https://ade.googlesyndication.com/ddm/activity/src=9231397;type=retarget;cat=globa0;ord=7305871724993;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe46q0v9181619921z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5;dma_cps=-;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals HTTP 302
https://ade.googlesyndication.com/ddm/activity/src=9231397;dc_pre=CNvNvqba-4YDFYbh_QUdrUQKfw;type=retarget;cat=globa0;ord=7305871724993;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe46q0v9181619921z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5;dma_cps=-;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals

Request Chain 85

https://ade.googlesyndication.com/ddm/activity/src=10742279;type=elf8j0;cat=glo_flap;ord=3188300379882;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe46q0v9181663336z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5;dma_cps=-;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals HTTP 302
https://ade.googlesyndication.com/ddm/activity/src=10742279;dc_pre=CO3Rvqba-4YDFQHM_QUd_F8IRA;type=elf8j0;cat=glo_flap;ord=3188300379882;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe46q0v9181663336z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5;dma_cps=-;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals

125 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request elf-cosmetic-criminals Show response
www.elfcosmetics.com/
Redirect Chain

https://cosmeticcrimal.com/
https://www.elfcosmetics.com/elf-cosmetic-criminals

1 MB
255 KB

2947ms
2453ms

Document
text/html

204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

5f4f96cdc90d63d3a7ae56aaaeb404ecb5bfb29c9c987550c8d4db5ee9af8855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 0
alt-svc: h3=":443"; ma=86400
cache-control: public, must-revalidate, s-maxage=900
content-encoding: gzip
content-length: 259717
content-type: text/html; charset=utf-8
date: Thu, 27 Jun 2024 11:43:40 GMT
etag: W/"f7cf2-JF72n1lSaNVi8WGKKHto/JfA5BY"
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 671f1f27279c7644e32ce35df9d281aa.cloudfront.net (CloudFront)
x-amz-apigw-id: aBmAwGzUiYcEV6g=
x-amz-cf-id: nL5q5cfq4dOIJCydV0rzAmZx-e0nxMliUMpOMt50EO34pycuL7Yrfg==
x-amz-cf-pop: SFO53-P2
x-amzn-remapped-connection: close
x-amzn-remapped-content-length: 1015026
x-amzn-remapped-date: Thu, 27 Jun 2024 11:43:40 GMT
x-amzn-requestid: 865fc862-038f-4148-bd22-9953bc310a27
x-amzn-trace-id: Root=1-667d506a-404201c034df34a33909e4b6;Parent=330f8314e3a634fc;Sampled=0;lineage=2b75b0e9:0
x-cache: Miss from cloudfront
x-yottaa-metrics: 2521cc02850f/[2089,2034,-] 25D1cc0285aa/[-,2145.000]
x-yottaa-optimizations: ob/1000000100001000 si/25D1cc0285aa-1719430891-5793242135 tts/1719340523228 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os: 200

Redirect headers

age: 0
content-length: 1196
content-type: text/html; charset=utf-8
date: Thu, 27 Jun 2024 11:43:37 GMT
location: https://www.elfcosmetics.com/elf-cosmetic-criminals
vary: User-Agent
x-yottaa-fw: fb/100000 tid/658dc369d93140973bd47dff rid/658dc848d93140973bd496fa stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics: 26D1cc8d584a/[-,0.339]
x-yottaa-optimizations: ob/0 si/26D1cc8d584a-1719430891-6752813183 tts/1719488617117 ti/0 ai/658dc369d93140973bd47dff

GET /
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/ 0
0

GET
H2 200 bxGKZ6lfJ7A
www.youtube.com/embed/ Frame CA45 0
0 246ms
85ms Document
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /cspreport
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Thu, 27 Jun 2024 11:43:41 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 630 KB
630 KB 263ms
98ms Image
image/jpeg 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:41 GMT
x-content-type-options: nosniff
x-amp-srv: A
cache-tag: yRJzBKeIO,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-req-id: Ao3z_kyC0o
content-length: 644728
x-xss-protection: 1; mode=block
x-amp-source-height: 1249
server: Unknown
x-frame-options: DENY
x-amp-source-width: 3199
access-control-allow-origin: *
content-type: image/jpeg
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
x-amp-published: Wed, 20 Dec 2023 20:47:39 GMT

GET
H2 200 PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 205 KB
205 KB 262ms
98ms Image
image/png 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:41 GMT
x-content-type-options: nosniff
x-amp-srv: A
cache-tag: _R3cYz5Nh,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-req-id: ZG8upNM2Z5
content-length: 209440
x-xss-protection: 1; mode=block
x-amp-source-height: 340
server: Unknown
x-frame-options: DENY
x-amp-source-width: 800
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
x-amp-published: Wed, 20 Dec 2023 20:47:39 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 2 MB
2 MB 515ms
351ms Image
image/png 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:41 GMT
x-content-type-options: nosniff
x-amp-srv: A
cache-tag: u0sanIQHe,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-req-id: Kl3typ3U6T
content-length: 2085695
x-xss-protection: 1; mode=block
x-amp-source-height: 1484
server: Unknown
x-frame-options: DENY
x-amp-source-width: 3080
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
x-amp-published: Wed, 03 Jan 2024 21:02:28 GMT

GET
H2 200 PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 330 KB
331 KB 514ms
350ms Image
image/jpeg 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:41 GMT
x-content-type-options: nosniff
x-amp-srv: A
cache-tag: GBo1upS8Q,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-req-id: E1KwxdNlRN
content-length: 338113
x-xss-protection: 1; mode=block
x-amp-source-height: 1062
server: Unknown
x-frame-options: DENY
x-amp-source-width: 2806
access-control-allow-origin: *
content-type: image/jpeg
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
x-amp-published: Wed, 27 Dec 2023 17:21:33 GMT

GET
H2 200 PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 180 KB
180 KB 202ms
39ms Image
image/jpeg 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:41 GMT
x-content-type-options: nosniff
x-amp-srv: A
cache-tag: 8EcFIxoPh,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-req-id: VY5Q5jI_rr
content-length: 184181
x-xss-protection: 1; mode=block
x-amp-source-height: 1108
server: Unknown
x-frame-options: DENY
x-amp-source-width: 1952
access-control-allow-origin: *
content-type: image/jpeg
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
x-amp-published: Fri, 29 Dec 2023 07:51:47 GMT

GET
H2 200 PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 614 KB
614 KB 504ms
351ms Image
image/png 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:41 GMT
x-content-type-options: nosniff
x-amp-srv: A
cache-tag: nmP4-b1_3,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-req-id: x4kpyNmBMy
content-length: 628288
x-xss-protection: 1; mode=block
x-amp-source-height: 525
server: Unknown
x-frame-options: DENY
x-amp-source-width: 3200
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
x-amp-published: Thu, 28 Dec 2023 16:15:28 GMT

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d

Request headers

Referer
Origin: https://www.elfcosmetics.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac

Request headers

Referer
Origin: https://www.elfcosmetics.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H2

206

8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4

1 MB
1 MB

603ms
327ms

Media
video/mp4

2a02:26f0:3100::1735:2b28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Server: 2a02:26f0:3100::1735:2b28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 27 Jun 2024 11:43:42 GMT
last-modified: Fri, 22 Dec 2023 15:50:27 GMT
etag: "dd3676819bd88a250c875a11e38c307d"
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-1060947/1060948
x-amp-srv: A
accept-ranges: bytes
x-amp-route: ak-s1
Content-Length: 1060948

Redirect headers

date: Thu, 27 Jun 2024 11:43:41 GMT
x-content-type-options: nosniff
server: Unknown
x-frame-options: DENY
x-amp-srv: A
cache-tag: cwqJ5_ux1,l4p5bDg2e,bgWw7nQ29
access-control-allow-origin: *
location: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
content-type: text/html; charset=UTF-8
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
content-length: 0
x-xss-protection: 1; mode=block

GET
H2

206

c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4

1 MB
1 MB

381ms
106ms

Media
video/mp4

2a02:26f0:3100::1735:2b28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Server: 2a02:26f0:3100::1735:2b28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 27 Jun 2024 11:43:42 GMT
last-modified: Fri, 22 Dec 2023 17:43:50 GMT
etag: "91a2cbc7ca143aac79d0312d84bb77fb"
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-1262366/1262367
x-amp-srv: A
accept-ranges: bytes
x-amp-route: ak-s1
Content-Length: 1262367

Redirect headers

date: Thu, 27 Jun 2024 11:43:41 GMT
x-content-type-options: nosniff
server: Unknown
x-frame-options: DENY
x-amp-srv: A
cache-tag: MXIqwDdh-,l4p5bDg2e,fH6Lo3_5e
access-control-allow-origin: *
location: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
content-type: text/html; charset=UTF-8
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
content-length: 0
x-xss-protection: 1; mode=block

GET
H2

206

4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4

952 KB
953 KB

300ms
24ms

Media
video/mp4

2a02:26f0:3100::1735:2b28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Server: 2a02:26f0:3100::1735:2b28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: a92babe0280635e6b8a8cd8b631230f248bfa16bfb2ae7a7e04d404df5518ccb

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 27 Jun 2024 11:43:42 GMT
last-modified: Fri, 29 Dec 2023 07:23:44 GMT
etag: "d7fdef501f28cd925baedd782b4e6464"
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-975135/975136
x-amp-srv: A
accept-ranges: bytes
x-amp-route: ak-s1
Content-Length: 975136

Redirect headers

date: Thu, 27 Jun 2024 11:43:41 GMT
x-content-type-options: nosniff
server: Unknown
x-frame-options: DENY
x-amp-srv: A
cache-tag: SptWAY3I6,l4p5bDg2e,6oVxns4D8
access-control-allow-origin: *
location: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
content-type: text/html; charset=UTF-8
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
content-length: 0
x-xss-protection: 1; mode=block

GET
H2

206

45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4

850 KB
850 KB

639ms
364ms

Media
video/mp4

2a02:26f0:3100::1735:2b28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Server: 2a02:26f0:3100::1735:2b28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 7b78b9170d1e1da68dd52e57d79c9e906137b28f87eca1f17b2c350f73d1f3ba

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 27 Jun 2024 11:43:42 GMT
last-modified: Tue, 02 Jan 2024 17:30:06 GMT
etag: "f6c9e900cbfcff8b9f465043b51061d1"
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-869943/869944
x-amp-srv: A
accept-ranges: bytes
x-amp-route: ak-s1
Content-Length: 869944

Redirect headers

date: Thu, 27 Jun 2024 11:43:41 GMT
x-content-type-options: nosniff
server: Unknown
x-frame-options: DENY
x-amp-srv: A
cache-tag: nDRktYznz,l4p5bDg2e,tO41Cj3M_
access-control-allow-origin: *
location: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
content-type: text/html; charset=UTF-8
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
content-length: 0
x-xss-protection: 1; mode=block

GET
H2

206

9c45925d-0761-4101-9a41-aec1046b0de8.mp4
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4

865 KB
866 KB

381ms
107ms

Media
video/mp4

2a02:26f0:3100::1735:2b28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Server: 2a02:26f0:3100::1735:2b28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ea7c1612005824699aa4574b764875370605733abc4d06f0650d309772423239

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 27 Jun 2024 11:43:42 GMT
last-modified: Tue, 02 Jan 2024 17:20:49 GMT
etag: "78a50c5b4ac482dcd7b7323f59feb0b9"
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-885663/885664
x-amp-srv: A
accept-ranges: bytes
x-amp-route: ak-s1
Content-Length: 885664

Redirect headers

date: Thu, 27 Jun 2024 11:43:41 GMT
x-content-type-options: nosniff
server: Unknown
x-frame-options: DENY
x-amp-srv: A
cache-tag: Fj3YYR7EV,l4p5bDg2e,nvYvyivv1
access-control-allow-origin: *
location: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4
content-type: text/html; charset=UTF-8
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 200 rZPCKoUReO0
www.youtube.com/embed/ Frame 715A 0
0 161ms
111ms Document
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Thu, 27 Jun 2024 11:43:41 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 jquery-3.7.1.slim.min.js Show response
code.jquery.com/ 69 KB
24 KB 62ms
10ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:41 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 3640017
x-cache: HIT, HIT
content-length: 24036
x-served-by: cache-lga21942-LGA, cache-fra-eddf8230054-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1719488622.894209,VS0,VE0
etag: W/"28feccc0-11278"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 10574, 15966

GET
H2 200 player_api Show response
www.youtube.com/ 993 B
2 KB 60ms
14ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/player_api

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dae9b41d89e2f4c730c24f101106c03ac157d2f3efc24d526a40279f9576dafa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:41 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Thu, 27 Jun 2024 11:43:41 GMT

GET
H2 200 vendor.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/ 2 MB
627 KB 131ms
58ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 476b949e750bc9bc1e1179523a977db991107d95f9e6ddf9c05212ca6a2b8fb9

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:42 GMT
via: 1.1 fa87f2173bfe5d35fd73cec71ab12a32.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
x-amz-cf-pop: FRA56-P7
age: 59644
x-yottaa-optimizations: ob/1101 si/36118cae0e23-1706737520-747977690 tts/1719340523228 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 788634
content-length: 641173
x-amz-meta-bundle: 11486
x-served-by: cache-fra-etou8220038-FRA
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1719488622.159141,VS0,VE3
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 36218cae0e38/[16,-,1719428971518] 36118cae0e23/[hit]
accept-ranges: bytes
x-amz-cf-id: CILnxpYqPGfRDUkHrECjytU6dwiv2HX595El3aRP54U66exsZmBPaw==
x-cache-hits: 1

GET
H2 200 main.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/ 2 MB
495 KB 86ms
13ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/main.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b592ffae3e4db32ca59f44351815755d85f43b1b03b5f6b75adf0c727ac702c1

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:42 GMT
via: 1.1 85310f8b6878a9cfaa0218e021ae364e.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
x-amz-cf-pop: FRA56-P7
age: 59602
x-yottaa-optimizations: ob/1100 si/36118cae0e25-1706737522-2174680954 tts/1719340523228 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 788634
content-length: 506592
x-amz-meta-bundle: 11486
x-served-by: cache-fra-etou8220038-FRA
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1719488622.158626,VS0,VE2
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 36218cae0e2f/[13,-,1719428971469] 36118cae0e25/[-,106.032]
accept-ranges: bytes
x-amz-cf-id: 97dk_9JFqm4n7ZaCbYZRwHaKZL3bz7D5i6wgAtMkvYYPysj_6xBnSw==
x-cache-hits: 1

GET
H2 200 pages-product-list-product-list-page.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/ 42 KB
12 KB 78ms
5ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/pages-product-list-product-list-page.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad3ed177f053d775094fa0ad440fd4f6baf970be9af3b38b62e734dd4ab99ecd

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:42 GMT
via: 1.1 93efd892a8e99dc59164afbee331cd56.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
x-amz-cf-pop: FRA56-P7
age: 59634
x-yottaa-optimizations: ob/1101 si/36118cae0e25-1706737522-2174680004 tts/1719340523228 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 788634
content-length: 12021
x-amz-meta-bundle: 11486
x-served-by: cache-fra-etou8220038-FRA
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1719488622.158640,VS0,VE0
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 36218cae0e43/[3,-,1719428978125] 36118cae0e25/[hit]
accept-ranges: bytes
x-amz-cf-id: pLvhMDiUxc0jiGJr6yKAXFNNW7Iw3b80hIoZKLJHkwXUSDN22lq43Q==
x-cache-hits: 3

OPTIONS
H2 200 /
sdk.iad-05.braze.com/api/v3/data/ Frame 0
0 360ms
316ms Preflight 2606:4700:4400::6812:25a1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:25a1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 89a52e60ab2b365b-FRA
content-encoding: gzip
date: Thu, 27 Jun 2024 11:43:45 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 50ms
26ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/main.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

022e2f39deba7f332eabe69b27b31d98d4d5f2535116745957a691d1b1ec4cc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 27 Jun 2024 11:43:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ceCldLDyZN6bSQL6yyKLMg==
age: 54204
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Wed, 26 Jun 2024 02:35:07 GMT
server: cloudflare
etag: 0x8DC958897BC2143
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 9433140d-401e-0088-31e3-c72b53000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89a52e5f1ded91fb-FRA
expires: Thu, 27 Jun 2024 20:40:20 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 530 KB
140 KB 107ms
67ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2acb2fc6f4d918481b376cd94563df7ebb4346e08c9b47607376a78454ca01a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 143158
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 27 Jun 2024 11:43:44 GMT

GET
H2 200 api_dynamic.js Show response
cdn.dynamicyield.com/api/8772046/ 763 KB
73 KB 77ms
23ms Script
application/javascript 2600:9000:275d:ae00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275d:ae00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 8d1d78ad2d3f54f4ab2c46e6272ea193088dcdaaf53518471d0cd9f42ea75242

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:44 GMT
content-encoding: gzip
via: 1.1 1f5c750c03b26301631398b45f61e262.cloudfront.net (CloudFront)
last-modified: Wed, 26 Jun 2024 16:33:50 GMT
server: DYCDN
age: 9
x-amz-cf-pop: FRA56-P11
x-amz-server-side-encryption: AES256
etag: W/"415baf36a381a3dce97fae1c4b148307"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=30
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: eYDML8nSCqo0FZNgMe0f6VGwz-7F1w9ZqtDC7RdIV2RnGSgpkhBraA==

GET
H2 200 api_static.js Show response
cdn.dynamicyield.com/api/8772046/ 388 KB
114 KB 62ms
9ms Script
application/javascript 2600:9000:275d:ae00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275d:ae00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 498ea43ee2b31ee61f58f43b798dfaec6eb59b63fefdfaa7c01bba897ba57a33

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 26 Jun 2024 15:47:15 GMT
content-encoding: gzip
via: 1.1 1f5c750c03b26301631398b45f61e262.cloudfront.net (CloudFront)
last-modified: Wed, 26 Jun 2024 15:41:42 GMT
server: DYCDN
age: 71790
x-amz-cf-pop: FRA56-P11
etag: W/"64e0187feba0c97d38f8aabb6e6d66cd"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: l1r_avJYb_nOlmzepX012Bw_bwAF6d39P98CEM_Xnv1P2hRrFJ06TQ==

GET
H2 200 / Show response
api.ipify.org/ 19 B
153 B 140ms
101ms XHR
application/json 104.26.13.205
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24208bfb79737c1fd3c59ec6978d9b0606a2778becdb2ab7172627f6da5ca18e

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: application/json
access-control-allow-origin: *
cf-ray: 89a52e5f886abb5c-FRA
content-length: 19

GET
H2 200 / Show response
api.ipify.org/ 19 B
71 B 247ms
106ms XHR
application/json 104.26.13.205
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24208bfb79737c1fd3c59ec6978d9b0606a2778becdb2ab7172627f6da5ca18e

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: application/json
access-control-allow-origin: *
cf-ray: 89a52e603922bb5c-FRA
content-length: 19

POST
H2 201 / Show response
sdk.iad-05.braze.com/api/v3/data/ 612 B
646 B 401ms
401ms XHR
application/json 2606:4700:4400::6812:25a1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:25a1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11cf11bff7a54cf595f54c5211fd0089934416de1bc7d951f532f967c0ff0d2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest: true
X-Braze-DataRequest: true
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/json
X-Braze-Last-Req-Ms-Ago: 7200000
Referer: https://www.elfcosmetics.com/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9;q=0.9
X-Braze-Req-Attempt: 1
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:45 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: d05ef398-6e27-46f0-bc6d-cf8b51837b42
x-runtime: 0.157221
server: cloudflare
etag: W/"11cf11bff7a54cf595f54c5211fd0089"
vary: Origin,Accept-Encoding
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1719488628
access-control-max-age: 7200
x-ratelimit-limit: 500.0
cf-ray: 89a52e62ae37365b-FRA
x-ratelimit-remaining: 499.0

GET
H2

200

callback
www.elfcosmetics.com/
Redirect Chain

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
https://www.elfcosmetics.com/callback?usid=e228abe5-859f-410d-88dd-bfefc9d26ab8&code=EvDok4Zy6TKy6TCu3zdNVv6PCgqZIJVhlScGjRdIlCc

0
0

593ms
593ms

Fetch
application/json

204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/callback?usid=e228abe5-859f-410d-88dd-bfefc9d26ab8&code=EvDok4Zy6TKy6TCu3zdNVv6PCgqZIJVhlScGjRdIlCc

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 27 Jun 2024 11:43:46 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 68a8bf1c51ac47222204adb56c4024ac.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 0
x-amz-cf-pop: SFO53-P2
age: 0
x-amzn-remapped-connection: close
x-amzn-requestid: f91e1c26-9a0f-45b0-ad6a-50d1a1bb7d4d
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1719430891-5793242163 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
x-amz-apigw-id: aBmB3GRqiYcEqWQ=
content-length: 0
alt-svc: h3=":443"; ma=86400
x-yottaa-forcecache: true
x-amzn-trace-id: Root=1-667d5071-2630d4e466f1f8cd0ccf5f2f;Parent=6572fc85983804c2;Sampled=0;lineage=2b75b0e9:0
content-type: application/json
cache-control: public, max-age=604800
x-yottaa-os: 200
x-yottaa-metrics: 2521cc028a80/[255,253,-] 25D1cc0285aa/[-,256.714]
x-amzn-remapped-date: Thu, 27 Jun 2024 11:43:46 GMT
x-amz-cf-id: ZsWzIdLWTbiYHUXoxOs1RGAzaqYHou6WN9GjTMBSvauc-Bz0w16_-g==

Redirect headers

date: Thu, 27 Jun 2024 11:43:45 GMT
x-correlation-id: 89a52e661f727688
via: 1.1 052960a51348e5c17ce749c03a1fac58.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SFO53-P2
age: 0
x-yottaa-optimizations: ob/0 si/25D1cc0285aa-1719430891-5793242162 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
x-ratelimit-1m-remaining: 23154, 1946706
x-ratelimit-1m-reset: 14335, 14334
x-ratelimit-1m-limit: 24000, 2000000
vary: Accept-Encoding
location: https://www.elfcosmetics.com/callback?usid=e228abe5-859f-410d-88dd-bfefc9d26ab8&code=EvDok4Zy6TKy6TCu3zdNVv6PCgqZIJVhlScGjRdIlCc
cache-control: no-store
x-yottaa-os: 303
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=b5-pPXy0NQBd2WLZ_nBDhYJUVHCijuazb4RXqf_vN3s
x-yottaa-metrics: 2521cc028a7f/[191,189,-] 25D1cc0285aa/[-,192.726]
cf-ray: 89a52e661f727688-SEA
x-amz-cf-id: ORbjioLngAElTkfWdhKZmzwVvh3a7t4CmjOINqPQILbaIJp-dhPc3g==

GET
H2 200 6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json Show response
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 6 KB
2 KB 86ms
47ms XHR
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55baa715ccc8c2512bceb1c949c1d0927944ca327e7edd2d5fc312d2a41986e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 27 Jun 2024 11:43:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 25413
content-md5: j7e7fSdncC8T3SCV/IpUig==
content-length: 1740
x-ms-lease-status: unlocked
last-modified: Mon, 08 Apr 2024 18:41:03 GMT
server: cloudflare
etag: 0x8DC57FB71838BE4
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: c3fb1654-801e-0031-68e4-89d890000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89a52e6289fd35fc-FRA
expires: Fri, 28 Jun 2024 11:43:45 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 68 B
307 B 55ms
33ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9433f83f20500145850d5aabddced402dcfc94e310072e9a3f545df0bdb9f96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
accept: application/json
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 89a52e633ae73723-FRA
access-control-allow-headers: Content-Type

GET
H2 200 st Show response
st.dynamicyield.com/ 151 KB
13 KB 152ms
114ms Script
text/javascript 2600:9000:2250:a200:15:ad21:c740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=k0bbu8kn2gn42q5f9qnr9ldyt5chts4m&ref=&scriptVersion=2.32.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-US%22%2C%22data%22%3A%5B%5D%7D
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:a200:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: d6a4bc8e1c19c0c091dcd58b46827d49c184b5c7f39599075af165c28ab021ef

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:45 GMT
content-encoding: gzip
via: 1.1 375431e28d82888f474ac3665a4ceb66.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P2
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control: no-cache
x-amz-cf-id: 7gJ9i7B0sp9BHQcyvjXiCjROxAUbYyup_WM-ZX5A8q-4lSi2h21sXw==
expires: Thu, 27 Jun 2024 11:43:44 GMT

GET
H3

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t2t5&tag_exp=0&rnd=876396582.1719488625&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=sypham&dma=1&npa=0&gtm=45He4...
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t2t5&tag_exp=0&rnd=876396582.1719488625&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=sypham&dma=1&np...

42 B
65 B

76ms
56ms

Ping
image/gif

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t2t5&tag_exp=0&rnd=876396582.1719488625&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=sypham&dma=1&npa=0&gtm=45He46q0n81WL3STMXv896608294za200&auid=1190893908.1719488625

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t2t5&tag_exp=0&rnd=876396582.1719488625&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=sypham&dma=1&npa=0&gtm=45He46q0n81WL3STMXv896608294za200&auid=1190893908.1719488625
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 42ms
13ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 27 Jun 2024 10:29:07 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 4478
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 27 Jun 2024 12:29:07 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/ 404 KB
98 KB 32ms
30ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 27 Jun 2024 11:43:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: XJk1ZZTljtwHFT3qcIJg+w==
age: 56821
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 99599
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:36 GMT
server: cloudflare
etag: 0x8DB82A15D413626
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 80bad15d-801e-006c-2fda-12d214000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89a52e657b8a91fb-FRA

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 0
0 199ms
199ms Preflight 2606:4700:4400::6812:25a1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:25a1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 89a52e659a6e365b-FRA
content-encoding: gzip
date: Thu, 27 Jun 2024 11:43:45 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 85 B
222 B 253ms
253ms XHR
application/json 2606:4700:4400::6812:25a1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:25a1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

624a13034774c4cbb393576c313fa1e1b3ded817861ee7dbec12c92f0f866980

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-Braze-Req-Tokens-Remaining: 29
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest: true
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/json
X-Braze-Last-Req-Ms-Ago: 7200000
BRAZE-SYNC-RETRY-COUNT: 0
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
X-Braze-Req-Attempt: 1
X-Braze-ContentCardsRequest: true
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:45 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: e0ecd648-eddc-4573-bf9d-2204aa6d7e7d
x-runtime: 0.042675
server: cloudflare
etag: W/"624a13034774c4cbb393576c313fa1e1"
vary: Origin,Accept-Encoding
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1719488628
access-control-max-age: 7200
x-ratelimit-limit: 500.0
cf-ray: 89a52e66dc29365b-FRA
x-ratelimit-remaining: 496.0

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/feature_flags/ 20 B
179 B 256ms
256ms XHR
application/json 2606:4700:4400::6812:25a1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/feature_flags/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:25a1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-Braze-Req-Tokens-Remaining: 28
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest: true
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/json
X-Braze-Last-Req-Ms-Ago: 7200000
Referer: https://www.elfcosmetics.com/
X-Requested-With: XMLHttpRequest
X-Braze-FeatureFlagsRequest: true
Accept-Language: de-DE,de;q=0.9;q=0.9
X-Braze-Req-Attempt: 1
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:45 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: c64a8048-42a9-40e2-be8c-ec4e052e3820
x-runtime: 0.048377
server: cloudflare
etag: W/"e92f434a50c76d6e52d0d3cc91cdf185"
vary: Origin,Accept-Encoding
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1719488628
access-control-max-age: 7200
x-ratelimit-limit: 500.0
cf-ray: 89a52e66dc1e365b-FRA
x-ratelimit-remaining: 496.0

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/feature_flags/ Frame 0
0 193ms
192ms Preflight 2606:4700:4400::6812:25a1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/feature_flags/sync

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:25a1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 89a52e659a73365b-FRA
content-encoding: gzip
date: Thu, 27 Jun 2024 11:43:45 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
212 B 16ms
15ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=582136103&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dp=%2Felf-cosmetic-criminals&ul=de-de&de=UTF-8&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgAI~&jid=771964385&gjid=161876234&cid=1093982579.1719488626&tid=UA-432816-1&_gid=1885759267.1719488626&_r=1&_slc=1&gtm=45He46q0n81WL3STMXv896608294za200&gcs=G111&gcd=13t3t3t2t5&dma_cps=sypham&dma=1&tag_exp=0&z=77485369

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/018ebeca-e8af-7f81-b182-0c90ba9664dd/ 158 KB
34 KB 35ms
35ms Fetch
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/018ebeca-e8af-7f81-b182-0c90ba9664dd/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5a9baac0b53c708a5279b1ddfe54ec7f0a40699210e0caf05419d0aa1b330d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 27 Jun 2024 11:43:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 33287
content-md5: 9wsMlq8mrfV+OngAz8tXzg==
content-length: 34664
x-ms-lease-status: unlocked
last-modified: Mon, 08 Apr 2024 18:41:16 GMT
server: cloudflare
etag: 0x8DC57FB7975EDF7
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: d7d31a7a-c01e-0030-49e4-89874c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89a52e65de0135fc-FRA
expires: Fri, 28 Jun 2024 11:43:45 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 13 KB
3 KB 31ms
30ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 27 Jun 2024 11:43:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 5mNZducabMgxSDzBo+ZI8w==
age: 59127
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3017
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:30 GMT
server: cloudflare
etag: 0x8DB82A159AF8EA6
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 0c718e4e-201e-0081-6f27-129959000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89a52e664e8235fc-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/ 61 KB
12 KB 32ms
31ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 27 Jun 2024 11:43:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: sXFDxCJwbPEMIT/8f5Prwg==
age: 51944
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12544
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:33 GMT
server: cloudflare
etag: 0x8DB82A15AFF8646
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f78e9e1f-701e-008c-7c4e-79518d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89a52e664e8b35fc-FRA

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 5 KB
2 KB 30ms
29ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 27 Jun 2024 11:43:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: v0pzgeeelPwcAOki15i3HA==
age: 58663
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1766
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:32 GMT
server: cloudflare
etag: 0x8DB82A15AB9FB83
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: cd67b2fb-901e-0094-1c03-248eea000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89a52e664e8f35fc-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 21 KB
4 KB 38ms
37ms Fetch
text/css 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 27 Jun 2024 11:43:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: oWkBTLgDDXvrUsd93y/Zxg==
age: 57070
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:41 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 7ebeb764-601e-001b-3c34-ac6ffb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89a52e664e9335fc-FRA

GET
H2 200 dy-coll-min.js Show response
cdn.dynamicyield.com/scripts/2.32.0/ 196 KB
65 KB 13ms
12ms Script
text/javascript 2600:9000:275d:ae00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275d:ae00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 42997132bd0142564014ac4a809356dc0ceb9b7a90eede2b5b48019f1700cc58

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 21:44:25 GMT
content-encoding: gzip
via: 1.1 1f5c750c03b26301631398b45f61e262.cloudfront.net (CloudFront)
last-modified: Tue, 02 Apr 2024 09:13:12 GMT
server: DYCDN
age: 2555961
x-amz-cf-pop: FRA56-P11
etag: W/"65b3e284856fb8d657d1f6a3423618c7"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=31536000
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: LaDxNgF6YK9d66NyugkRL-3eu2SqBZMjWz7OXIuEDpXMuhtQFIFpuQ==

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
600 B 26ms
26ms Image
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 27 Jun 2024 11:43:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 61742
x-ms-lease-status: unlocked
last-modified: Wed, 26 Jun 2024 02:35:09 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 35413ccb-c01e-00b0-6f78-c76a0a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89a52e66ac6891fb-FRA

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
539 B 35ms
35ms Fetch
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 27 Jun 2024 11:43:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 67643
x-ms-lease-status: unlocked
last-modified: Wed, 26 Jun 2024 02:35:08 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: c758f3a7-e01e-00ca-60d1-c70047000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89a52e66bf1035fc-FRA

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 23ms
22ms Image
image/png 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 27 Jun 2024 11:43:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 72547
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Tue, 25 Jun 2024 02:35:43 GMT
server: cloudflare
etag: 0x8DC94BF82EDB9F2
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: cc197c3a-501e-0036-1b68-c73ed8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89a52e66eca291fb-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 28ms
28ms Image
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 27 Jun 2024 11:43:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 41107
x-ms-lease-status: unlocked
last-modified: Wed, 26 Jun 2024 16:45:49 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 83efd24d-b01e-003c-7cfc-c72751000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89a52e66eca391fb-FRA

POST
H2 200 uia Show response
async-px.dynamicyield.com/ 0
385 B 142ms
103ms XHR
text/plain 13.35.58.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/uia?cnst=1&_=1719488625858
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-109.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:45 GMT
via: 1.1 ea1aadbeedf1001a86f79fc729fb39e0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P10
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: pkWATYC36DVAXyWSVBZ8u4y8fh0wgkZWK0Hr-lUxlMVrmYlvhznKfA==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 103ms
102ms Fetch 13.35.58.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=193290&uid=6458162120771850353&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=eccbfda94f182e50ee5588fdbcd3e31b&expSes=1753&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1232212.1426804.1443347.1182144.799438.799440&expVisitId=-3302085425896092624&cgtgDecisionId=-3302085428141907161&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1719488625974&rri=9772719
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-109.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:46 GMT
via: 1.1 ea1aadbeedf1001a86f79fc729fb39e0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P10
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: NNy0_OnSC2_NDorG2qGgNai-9vsHvHYjQ88hg2gBMHnMI7j3LdlJNg==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 102ms
102ms Fetch 13.35.58.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=249379&uid=6458162120771850353&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=eccbfda94f182e50ee5588fdbcd3e31b&expSes=1753&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1232212.1426804.1443347.1182144.799438.799440&expVisitId=-3302085427618673071&cgtgDecisionId=-3302085427149904866&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1719488625977&rri=9031888
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-109.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:46 GMT
via: 1.1 ea1aadbeedf1001a86f79fc729fb39e0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P10
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: 0tmpqHO-8-My71YPjOLBcKcQhhZzD5ZWnSSiDGHQCSH-WypL7p76lw==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 101ms
101ms Fetch 13.35.58.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=743764&uid=6458162120771850353&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=eccbfda94f182e50ee5588fdbcd3e31b&expSes=1753&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1232212.1426804.1443347.1182144.799438.799440&expVisitId=-3302085427532840648&cgtgDecisionId=-3302085429319722658&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1719488625979&rri=3254481
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-109.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:46 GMT
via: 1.1 ea1aadbeedf1001a86f79fc729fb39e0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P10
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: sc79DR5VqgGqCGa0day5Ur38NmyJOavtYAtE9eHT6U8e7P2oFycKGw==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 106ms
105ms Fetch 13.35.58.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=22060&uid=6458162120771850353&sec=8772046&t=ri&e=1575901&p=1&ve=12991774&va=%5B28646951%5D&ses=eccbfda94f182e50ee5588fdbcd3e31b&expSes=1753&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1232212.1426804.1443347.1182144.799438.799440&expVisitId=-3302085428994493438&cgtgDecisionId=-3302085427564682110&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1719488625981&rri=3753654
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-109.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:46 GMT
via: 1.1 ea1aadbeedf1001a86f79fc729fb39e0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P10
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: iHk87YxJoM0FhK4b6X0gW0dXbrXV2PDyH0YfheKFjSigl-BVF9ureQ==
expires: 0

GET
H2 200 favicon.ico
www.elfcosmetics.com/ 34 KB
34 KB 467ms
465ms Other
image/x-icon 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:46 GMT
via: 1.1 922f380ce54182257be92d6c0111acb4.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 34494
x-amz-cf-pop: SFO53-P2
age: 521, 521
x-amzn-remapped-connection: close
x-amzn-requestid: 49316fa6-c97a-457a-b32a-8d0a373ccdef
x-yottaa-optimizations: ob/100 si/25D1cc0285aa-1719430891-5793242164 tts/1719340523228 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront
x-amz-apigw-id: Z_UcXEKDiYcEmiw=
content-length: 34494
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 26 Jun 2024 19:09:06 GMT
x-amzn-trace-id: Root=1-667c6782-1103910453b8efd6151a579f;Parent=03ec22e552826ecf;Sampled=0;lineage=2b75b0e9:0
etag: W/"86be-19055f39850"
vary: Accept-Encoding
content-type: image/x-icon
cache-control: max-age=600, s-maxage=600
x-yottaa-metrics: 2521cc028a81/[3,-,1719488500947] 25D1cc0285aa/[-,4.147]
accept-ranges: bytes
x-amzn-remapped-date: Wed, 26 Jun 2024 19:09:54 GMT
x-amz-cf-id: mH1r5ERzVsMI4IbtexmGOsrf14ZfSRYDPSt2L1HE1m8cpPmW3x9gWA==

POST
H2 200 batch
async-px.dynamicyield.com/ 0
385 B 121ms
104ms Ping
text/plain 13.35.58.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/batch?cnst=1&_=1719488625987_735510
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-109.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:46 GMT
via: 1.1 f1b6636265d2ca44d8a0ca5488a5ec0c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P10
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: kQ6RDZAcc9yF6LifVupRXtkqSf_mhEkE_V_YXQBihL9rfadOYf1QdA==
expires: 0

POST
H2 200 event
qoe-1.yottaa.net/log-nt/ 3 B
192 B 105ms
47ms Ping
text/json 165.254.56.40
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://qoe-1.yottaa.net/log-nt/event
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.254.56.40 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 27 Jun 2024 11:43:46 GMT
access-control-expose-headers: X-Results-Data-Source
access-control-allow-credentials: true
cache-control: no-cache
timing-allow-origin: *
content-type: text/json

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/a95aa57a/www-widgetapi.vflset/ 31 KB
11 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/a95aa57a/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56c989ad68e2d657ec33446633534c0d2b3ee0aeaa1cbe4ef8a21a1e9a5c3b99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 26 Jun 2024 22:26:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47812
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10459
x-xss-protection: 0
last-modified: Tue, 25 Jun 2024 04:17:26 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 26 Jun 2025 22:26:54 GMT

POST
H2 200 batch
async-px.dynamicyield.com/ 0
385 B 102ms
102ms Ping
text/plain 13.35.58.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/batch?cnst=1&_=1719488626103_757776
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-109.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:46 GMT
via: 1.1 f1b6636265d2ca44d8a0ca5488a5ec0c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P10
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: aVdSUN0YyUalyuyiww77zYP9trCUBSmYNwhZxWqpY2bdrASJ0PTAAw==
expires: 0

GET
H2 200 110221.ct.js Show response
tag.rmp.rakuten.com/ 47 KB
15 KB 60ms
26ms Script
text/javascript 34.102.147.248
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.rmp.rakuten.com/110221.ct.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

248.147.102.34.bc.googleusercontent.com

Software

Resource Hash

305fe9a5f5590087ad5d80aa44c7a7f1416966806e955ce7a42ab086ec14e38c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:46 GMT
content-encoding: gzip
via: 1.1 google
strict-transport-security: max-age=31536000
last-modified: Thu, 27 Jun 2024 11:43:46 GMT
x-cache: hit
x-samesite: secure
content-type: text/javascript
cache-control: max-age=86400
x-dyn: 0
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 js Show response
www.paypal.com/sdk/ 424 KB
119 KB 50ms
13ms Script
application/javascript 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

232d958be1f93d665a6f81f43f1beaa4a1c948166e299c40eef27cd947e5460b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-R9MFUGoCHHjiERFcmbsyBtnzcibJukeAhKryjMiQ1CZjP08+' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-R9MFUGoCHHjiERFcmbsyBtnzcibJukeAhKryjMiQ1CZjP08+' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-R9MFUGoCHHjiERFcmbsyBtnzcibJukeAhKryjMiQ1CZjP08+' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-R9MFUGoCHHjiERFcmbsyBtnzcibJukeAhKryjMiQ1CZjP08+' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
disable-set-cookie: true
via: 1.1 varnish, 1.1 varnish
date: Thu, 27 Jun 2024 11:43:46 GMT
age: 3233
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT, MISS
p3p: true
paypal-debug-id: f82144584d431
server-timing: "traceparent;desc="00-0000000000000000000f82144584d431-b750b36cc2f97a4f-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 119476
x-xss-protection: 1; mode=block
x-served-by: cache-fra-etou8220142-FRA, cache-fra-etou8220142-FRA
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f82144584d431-d2e7414dcb912941-01
x-timer: S1719488626.145781,VS0,VE6
etag: W/"1d2b4-UENgwWFdn561sjp6wJfXtwcRDK8"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H/1.1 200
OK main.js Show response
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 146 KB
43 KB 60ms
10ms Script
application/javascript 184.31.94.141
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.31.94.141 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-31-94-141.deploy.static.akamaitechnologies.com

Software

nginx / Express

Resource Hash

2e8fd8d487b4259dbdc6c529f742806377fae205c8dc7d0f35ac8797bafe5b3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=15768000
Content-Encoding: gzip
Date: Thu, 27 Jun 2024 11:43:46 GMT
Server: nginx
X-Powered-By: Express
ETag: W/"f3bc9cdcf9c97d0ec2f18fd72203201caef8fea5-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: must-revalidate, max-age=900
Connection: keep-alive
Content-Length: 43327
Expires: Thu, 27 Jun 2024 11:58:46 GMT

GET
H/1.1 200
OK / Show response
websdk.appsflyer.com/ 38 KB
12 KB 66ms
10ms Script
application/javascript 2a02:26f0:3500:11::215:14d5
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://websdk.appsflyer.com/?st=banners&
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:11::215:14d5 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 27 Jun 2024 11:43:46 GMT
Content-Encoding: gzip
x-amz-request-id: 2YBFDHXY2BG0X743
x-amz-server-side-encryption: AES256
Connection: keep-alive
Content-Length: 11792
x-amz-id-2: X0mLy+zhQfGcMJeE6Lu48tPmxFSWqOpnSxdZQBh4ixekSso906hm/iT5X8JInwPSkeLM9fgFwoQ=
Last-Modified: Wed, 14 Jun 2023 06:58:45 GMT
Server: AmazonS3
ETag: "5a676288bcea03bd05e483bc4ce066ae"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=1652
Accept-Ranges: bytes
X-DataStream-Cache-Status: 1
Expires: Thu, 27 Jun 2024 12:11:18 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 327 KB
107 KB 40ms
39ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f3ea62799cc1271782ea8650517f7388be4c6ddcc64f82c1fd011ea999bb64b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 109192
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 27 Jun 2024 11:43:46 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 260 KB
90 KB 57ms
56ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5a080fab7534ee293b43bae9df0e4d49cec0d2581a4ce61bc30b798fd309f720

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92430
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 27 Jun 2024 11:43:46 GMT

GET
H3 200 iframe_api Show response
www.youtube.com/ 993 B
516 B 24ms
22ms Script
text/javascript 172.217.16.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f14.1e100.net

Software

ESF /

Resource Hash

dae9b41d89e2f4c730c24f101106c03ac157d2f3efc24d526a40279f9576dafa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:46 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Thu, 27 Jun 2024 11:43:46 GMT

GET
H2 200 1a8bfa042c9c5.js Show response
t.contentsquare.net/uxa/ 336 KB
80 KB 263ms
227ms Script
application/javascript 18.244.18.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.18.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-18-53.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d841b6859d2469f63df65c0a91d70da822367d82810d4d08900d79b21bdddc19

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 07:38:59 GMT
content-encoding: br
via: 1.1 1f5c750c03b26301631398b45f61e262.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P11
age: 0
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 81626
last-modified: Wed, 19 Jun 2024 07:37:38 GMT
server: AmazonS3
etag: "833f870d397c05130b52ad5dd9f75837"
vary: Accept-Encoding, Origin
content-type: application/javascript;charset=utf-8
cache-control: max-age=900
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 73B1OIjoATAYR576A4KPFzq6tjJYNS6iWh63cFsC-2yHkYQLl8UPPw==

GET
H2 200 local
www.paypal.com/credit-presentment/experiments/ Frame 4D25 0
0 180ms
14ms Document
text/html 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.64.8&integrationType=SDK

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com https:; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-expose-headers: Server-Timing
age: 52978
cache-control: s-maxage=86400, max-age=0
content-encoding: gzip
content-length: 1523
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type: text/html; charset=utf-8
date: Thu, 27 Jun 2024 11:43:46 GMT
dc: ccg11-origin-www-1.paypal.com
edge-cache-tag: up-treatments-zoid
etag: W/"1479-2jvtf/PYHYgBpFyMxSs3leaJGhs"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f82672448b146
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: "traceparent;desc="00-0000000000000000000f82672448b146-9a9f0ad6f777a9dc-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f82672448b146-47026b3b79c285e1-01
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, MISS
x-cache-hits: 9280, 0
x-served-by: cache-fra-etou8220124-FRA, cache-fra-etou8220124-FRA
x-timer: S1719488626.467857,VS0,VE6
x-xss-protection: 1; mode=block

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 14 KB
6 KB 166ms
166ms Script
application/x-javascript 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.448&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

02cd1507141eed04a56b8706127f7bd8d638d8567d2ae135c3e97cf4196973db

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-YyxrdvadtRIQ8XjuSvzFfl7bQ0uLEs1qSY7NzhEIlCSkye7T' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-YyxrdvadtRIQ8XjuSvzFfl7bQ0uLEs1qSY7NzhEIlCSkye7T' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 27 Jun 2024 11:43:46 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 52789
x-cache: HIT, MISS
paypal-debug-id: f4359917bbec0
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 4797
x-xss-protection: 1; mode=block
x-served-by: cache-fra-etou8220142-FRA, cache-fra-etou8220142-FRA
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f4359917bbec0-d6a33fc85a342997-01
x-timer: S1719488626.447902,VS0,VE7
etag: W/"3691-mmRo2pwxBN2+aLOFrHubu98KXgM"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=3600
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 1, 0

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 213 KB
76 KB 161ms
160ms Script
application/javascript 172.217.23.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

d1810d5f8d8861fd708c12089a12237dbc230d2394b02824b05200c6f01f204e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78204
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 27 Jun 2024 11:43:46 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 213 KB
76 KB 181ms
181ms Script
application/javascript 172.217.23.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

a9ae2bae68641a19dc0182f4e8d1fed88c8901256b9aa3c20bf1118bbc7da547

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78292
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 27 Jun 2024 11:43:46 GMT

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 1003 B
861 B 211ms
210ms XHR
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4da1d1c804a729554839742b67e4aa91d5c78aee12f269749d9934e55d8def06

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
accept: application/json
Referer: https://www.elfcosmetics.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:46 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cache: MISS, MISS
paypal-debug-id: f34133550c619
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-fra-etou8220032-FRA, cache-fra-etou8220032-FRA
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f34133550c619-47f322155ad86ede-01
x-timer: S1719488627.639266,VS0,VE202
etag: W/"3eb-rucOtFhWKxPA2AkksblI7hxyOjQ"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: none
x-cache-hits: 0, 0

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 311ms
170ms Preflight 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 0
date: Thu, 27 Jun 2024 11:43:46 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f169221b30671
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f169221b30671-a7c1aa9e808ee75c-01
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-served-by: cache-fra-etou8220032-FRA, cache-fra-etou8220032-FRA
x-timer: S1719488626.468048,VS0,VE164

POST
H2 200 token Show response
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 2 KB
2 KB 356ms
352ms Fetch
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

2eccc353076e7e00446ced65d89e61fe2cc7a310d94ac828411390e03d5a85d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:46 GMT
content-encoding: gzip
x-correlation-id: 89a52e6c2b889357
cf-cache-status: DYNAMIC
via: 1.1 8effee3aa40a71b9ac0a963e0f02b7e0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SFO53-P2
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1719430891-5793242165 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
pragma: no-cache
x-ratelimit-1m-remaining: 23144, 1945593
x-ratelimit-1m-reset: 13354, 13353
vary: Accept-Encoding, User-Agent
x-ratelimit-1m-limit: 24000, 2000000
content-type: application/json
cache-control: no-store
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics: 2521cc028a82/[198,198,-] 25D1cc0285aa/[-,200.660]
cf-ray: 89a52e6c2b889357-SEA
x-amz-cf-id: TXi6hJqaKxnNtua4aidTs48tPELfhMVwIuYn0VqOlcrJlX2r23qcQg==

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 47ms
16ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je46q0v879088318z8896608294za200zb896608294&gcs=G100&gcd=13u3uPu2u5&npa=1&dma_cps=-&dma=1&tag_exp=0&cid=1914179559.1719488627&ul=de-de&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&_s=1&dt=&sid=1719488626&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&en=page_view&_fv=1&_nsi=1&_ss=2&ep.page_type=content&ep.page_environment=production&ep.page_country=US&ep.page_language=EN&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=US&up.user_loyalty_status=false&tfd=8684&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jsp Show response
ut.rd.linksynergy.com/ 148 B
406 B 57ms
21ms Script
text/plain 34.98.67.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.67.98.34.bc.googleusercontent.com

Software

Resource Hash

32dad17ab0a1e7c691f7533d5cc47cd056774b2f9f8fd7d850898a2e9873f85c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: text/plain; charset=utf-8
date: Thu, 27 Jun 2024 11:43:46 GMT
via: 1.1 google
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 148
x-samesite: secure

GET
H2 200 collect Show response
sgtm.elfcosmetics.com/g/ 65 B
306 B 179ms
152ms XHR
text/plain 34.49.124.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je46q0v9125640115z8896608294za200zb896608294&gcs=G100&gcd=13u3u3u2u5&npa=1&dma_cps=-&dma=1&tag_exp=0&cid=1442884649.1719488627&ecid=1750710247&ul=de-de&sr=1600x1200&_fplc=0&ir=1&ur=DE&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&sst.rnd=876396582.1719488625&sst.gse=1&sst.etld=google.de&sst.gcsub=region1&sst.gcd=13u3u3u2u5&sst.adr=1&sst.ude=0&_s=1&sid=1719488626&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=8744&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.124.49.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:46 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
server: Google Frontend
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering: no

GET
H2 200 collect Show response
sgtm.elfcosmetics.com/g/ 65 B
128 B 372ms
360ms XHR
text/plain 34.49.124.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je46q0v9125640115z8896608294za200zb896608294&gcs=G100&gcd=13u3u3u2u5&npa=1&dma_cps=-&dma=1&tag_exp=0&cid=1442884649.1719488627&ecid=1750710247&ul=de-de&sr=1600x1200&_fplc=0&ir=1&ur=DE&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&sst.rnd=876396582.1719488625&sst.gse=1&sst.etld=google.de&sst.gcsub=region1&sst.gcd=13u3u3u2u5&sst.adr=1&sst.ude=0&_s=2&sid=1719488626&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=pageview&ep.vendor_id=pinterest&ep.email=&ep.event_id=1719489321822_17194891184839&ep.external_id=&_et=3&tfd=8760&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.124.49.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:46 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
server: Google Frontend
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering: no

GET
H2 200 collect Show response
sgtm.elfcosmetics.com/g/ 65 B
128 B 201ms
190ms XHR
text/plain 34.49.124.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je46q0v9125640115z8896608294za200zb896608294&gcs=G100&gcd=13u3u3u2u5&npa=1&dma_cps=-&dma=1&tag_exp=0&cid=1442884649.1719488627&ecid=1750710247&ul=de-de&sr=1600x1200&_fplc=0&ir=1&ur=DE&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&sst.rnd=876396582.1719488625&sst.gse=1&sst.etld=google.de&sst.gcsub=region1&sst.gcd=13u3u3u2u5&sst.adr=1&sst.ude=0&_s=3&dt=&sid=1719488626&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&en=page_view&ep.page_type=content&ep.page_environment=production&ep.page_country=US&ep.page_language=EN&_et=2&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=US&up.user_loyalty_status=false&tfd=8760&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.124.49.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:46 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
server: Google Frontend
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering: no

GET
H2 200 ts
t.paypal.com/ 42 B
530 B 223ms
166ms Image
image/gif 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1719488626651&g=-120&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CFE) /

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
correlation-id: 43b62d2ba1cdf
server: ECAcc (frc/4CFE)
traceparent: 00-000000000000000000043b62d2ba1cdf-9ca34a7269375abc-01
vary: Accept-Encoding
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 43b62d2ba1cdf
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
server-timing: traceparent;desc="00-000000000000000000043b62d2ba1cdf-f1f7afedc4202383-01", content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin: *
expires: Thu, 27 Jun 2024 11:43:46 GMT

GET
H2 204 pageview
c.contentsquare.net/ 0
321 B 315ms
30ms Image
text/plain 54.72.226.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/pageview?ex=&dt=278&pvt=n&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=de-DE&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dr=&dw=1600&dh=7508&ww=1600&wh=1200&sw=1600&sh=1200&uu=4d4342fe-34b8-aa3e-a550-62502c646b23&sn=1&hd=1719488626&v=14.19.1&pid=1926&pn=1&r=306023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.226.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-226-63.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:46 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H2

200

src=9231397;dc_pre=CNvNvqba-4YDFYbh_QUdrUQKfw;type=retarget;cat=globa0;ord=7305871724993;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Not%252FA)Brand...
ade.googlesyndication.com/ddm/activity/
Redirect Chain

https://ade.googlesyndication.com/ddm/activity/src=9231397;type=retarget;cat=globa0;ord=7305871724993;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=No...
https://ade.googlesyndication.com/ddm/activity/src=9231397;dc_pre=CNvNvqba-4YDFYbh_QUdrUQKfw;type=retarget;cat=globa0;ord=7305871724993;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefine...

42 B
108 B

163ms
163ms

Image
image/gif

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/src=9231397;dc_pre=CNvNvqba-4YDFYbh_QUdrUQKfw;type=retarget;cat=globa0;ord=7305871724993;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe46q0v9181619921z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5;dma_cps=-;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:47 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://ade.googlesyndication.com/ddm/activity/src=9231397;dc_pre=CNvNvqba-4YDFYbh_QUdrUQKfw;type=retarget;cat=globa0;ord=7305871724993;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe46q0v9181619921z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5;dma_cps=-;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

src=10742279;dc_pre=CO3Rvqba-4YDFQHM_QUd_F8IRA;type=elf8j0;cat=glo_flap;ord=3188300379882;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3...
ade.googlesyndication.com/ddm/activity/
Redirect Chain

https://ade.googlesyndication.com/ddm/activity/src=10742279;type=elf8j0;cat=glo_flap;ord=3188300379882;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Not%...
https://ade.googlesyndication.com/ddm/activity/src=10742279;dc_pre=CO3Rvqba-4YDFQHM_QUd_F8IRA;type=elf8j0;cat=glo_flap;ord=3188300379882;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-c...

42 B
119 B

165ms
162ms

Image
image/gif

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/src=10742279;dc_pre=CO3Rvqba-4YDFQHM_QUd_F8IRA;type=elf8j0;cat=glo_flap;ord=3188300379882;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe46q0v9181663336z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5;dma_cps=-;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:47 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://ade.googlesyndication.com/ddm/activity/src=10742279;dc_pre=CO3Rvqba-4YDFQHM_QUd_F8IRA;type=elf8j0;cat=glo_flap;ord=3188300379882;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe46q0v9181663336z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5;dma_cps=-;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK e3d4e714-779f-47a5-a8ff-7268027439dc
https://www.elfcosmetics.com/ 7 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.elfcosmetics.com/e3d4e714-779f-47a5-a8ff-7268027439dc
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3dae94126362e2c8b80dfbc73f6b32f15be7805cbdf6739a72cab5ca534c15e0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 7329
Content-Type: application/javascript

GET
H2 204 dvar
c.contentsquare.net/ 0
320 B 168ms
31ms Image
text/plain 54.72.226.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/dvar?v=14.19.1&pid=1926&pn=1&sn=1&uu=4d4342fe-34b8-aa3e-a550-62502c646b23&dv=H4sIAAAAAAAAA6tWcnSKd4mMd8%2FJT0rMUXDOzyspys9RCEktLlGyUnKpzEvMzUxWiMxMzUlRcK0oSC3KTM1LTi1W0oHqQ4gpGAI1hCUWZSaWZObnAXkwJT755QqeeSWpeSATA%2FILSnOAikoqlWoB8S1cunwAAAA%3D&ct=2&r=378045
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.226.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-226-63.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:46 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

POST
H2 204 sessions Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 0
1 KB 321ms
321ms XHR
text/plain 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwODJiMWNmZC03ZDA5LTQwZDctYjc2OC03OTUzZjQyOGIyMjUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmUyMjhhYmU1LTg1OWYtNDEwZC04OGRkLWJmZWZjOWQyNmFiOCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTk0ODg1OTYsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFjeHJnV21lZEd4cnNSbWJzM3hHWVlrcmFJOjpjaGlkOiAiLCJleHAiOjE3MTk0OTA0MjYsImlhdCI6MTcxOTQ4ODYyNiwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMjQwMjQ4NTk5MjQxMTkyNSJ9.Qx0053tT8Xn-yM0hsu6zJmoQzbQx-7CyQXPEc7cUo3XreOPcHLLNa46u44ODRGr-ftxcxgQsb55F5OcFkS24VA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:47 GMT
via: 1.1 77707a2afe90f47f1dd51bc40e910a26.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: SFO53-P2
age: 0
x-yottaa-optimizations: ob/0 si/25D1cc0285aa-1719430891-5793242167 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
pragma: no-cache
allow: OPTIONS,POST
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 2521cc028a84/[170,168,-] 25D1cc0285aa/[-,170.543]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges: bytes
cf-ray: 89a52e6ec9af088d-SEA
x-dw-request-base-id: mf-aDHJQfWYBAAB_
x-amz-cf-id: 8pHREhqVuph93MvpYWSmGfWIveescCnKGfiWANhQVkVAIX78tB9VmA==
x-yottaa-os: 204
expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H2 200 shoppercontext Show response
www.elfcosmetics.com/api/v1/ 114 B
874 B 750ms
750ms XHR
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us

Requested by

Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

6b42a56b231d70ea3691b9f46363b9f8ed6ca35f6b50084718669b8beac1e57d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwODJiMWNmZC03ZDA5LTQwZDctYjc2OC03OTUzZjQyOGIyMjUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmUyMjhhYmU1LTg1OWYtNDEwZC04OGRkLWJmZWZjOWQyNmFiOCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTk0ODg1OTYsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFjeHJnV21lZEd4cnNSbWJzM3hHWVlrcmFJOjpjaGlkOiAiLCJleHAiOjE3MTk0OTA0MjYsImlhdCI6MTcxOTQ4ODYyNiwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMjQwMjQ4NTk5MjQxMTkyNSJ9.Qx0053tT8Xn-yM0hsu6zJmoQzbQx-7CyQXPEc7cUo3XreOPcHLLNa46u44ODRGr-ftxcxgQsb55F5OcFkS24VA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:47 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 7c6913fc3bfae6245d89d874d910fab4.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 114
content-encoding: gzip
x-amz-cf-pop: SFO53-P2
age: 0
x-amzn-remapped-connection: close
x-amzn-requestid: d124c3fe-92c0-4479-9182-f32c9ca7c1c5
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1719430891-5793242168 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
x-amz-apigw-id: aBmCCFgmCYcEcsQ=
content-length: 108
alt-svc: h3=":443"; ma=86400
etag: W/"72-HgdmTgyCF/DQfqnMU3u+4UstAzI"
x-amzn-trace-id: Root=1-667d5073-6a218ac65ed01f37284af7a7;Parent=4de254b8650c10c7;Sampled=0;lineage=2b75b0e9:0
content-type: application/json; charset=utf-8
x-yottaa-os: 200
x-yottaa-metrics: 2521cc028a85/[597,597,-] 25D1cc0285aa/[-,599.504]
x-amzn-remapped-date: Thu, 27 Jun 2024 11:43:47 GMT
x-amz-cf-id: HFqwEaX5zuM2Q_BxbgbfNmIuiWE4mfHb7h85HioZpCAXlRSZFYNOog==

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 85 B
252 B 283ms
283ms XHR
application/json 2606:4700:4400::6812:25a1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:25a1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ffc0b3ca90c0b895e3cff3d03d189b7bd980d1a31d5bcd34db07d60ca20375c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-Braze-Req-Tokens-Remaining: 27
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest: true
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/json
X-Braze-Last-Req-Ms-Ago: 1378
BRAZE-SYNC-RETRY-COUNT: 0
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
X-Braze-Req-Attempt: 1
X-Braze-ContentCardsRequest: true
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:47 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: 678b2d0b-04d3-4203-a7be-e6b133176f59
x-runtime: 0.069812
server: cloudflare
etag: W/"2ffc0b3ca90c0b895e3cff3d03d189b7"
vary: Origin,Accept-Encoding
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1719488628
access-control-max-age: 7200
x-ratelimit-limit: 500.0
cf-ray: 89a52e6e3e7c365b-FRA
x-ratelimit-remaining: 495.0

GET
H2 200 geo-ip Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 193 B
914 B 657ms
656ms XHR
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=81.95.5.36

Requested by

Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

9d46133ea9abdbb744af237afbae487a9d2dbb2333a5136816ac68282d52a349

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:47 GMT
sfdc_customization: HOOK
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
via: 1.1 6ee3eecd683392286f206a7ea6e9ac0c.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P2
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1719430891-5793242169 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
age: 0
alt-svc: h3=":443"; ma=86400
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=81.95.5.36
x-yottaa-metrics: 2521cc028a8f/[502,502,-] 25D1cc0285aa/[-,503.807]
cf-ray: 89a52e6feafcb9a9-SEA
x-dw-request-base-id: KyJtW3NQfWYBAAB_
x-amz-cf-id: maBQgpkKOmIfd4NsVYYSba3N_AGieFm4WETNIRPDcvH0ohx_xq3cVw==

GET
H2 200 geo-ip Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 193 B
905 B 1139ms
481ms XHR
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=81.95.5.36

Requested by

Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

9d46133ea9abdbb744af237afbae487a9d2dbb2333a5136816ac68282d52a349

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:48 GMT
sfdc_customization: HOOK
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
via: 1.1 6dddb00d156bc90e84fe8c9d69f4809e.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P2
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1719430891-5793242172 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
age: 0
alt-svc: h3=":443"; ma=86400
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=81.95.5.36
x-yottaa-metrics: 2521cc028a86/[328,327,-] 25D1cc0285aa/[-,328.894]
cf-ray: 89a52e746f44092f-SEA
x-dw-request-base-id: mf-gDHNQfWYBAAB_
x-amz-cf-id: wlvkeJ8k9vvik6pOMmjfE5lnjAAPmxAqLc17j4Uj5R7anK2UH-d07A==

GET
H2 200 baskets Show response
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/acxrgWmedGxrsRmbs3xGYYkraI/ 11 B
876 B 356ms
355ms Fetch
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/acxrgWmedGxrsRmbs3xGYYkraI/baskets?siteId=elf-us

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwODJiMWNmZC03ZDA5LTQwZDctYjc2OC03OTUzZjQyOGIyMjUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmUyMjhhYmU1LTg1OWYtNDEwZC04OGRkLWJmZWZjOWQyNmFiOCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTk0ODg1OTYsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFjeHJnV21lZEd4cnNSbWJzM3hHWVlrcmFJOjpjaGlkOiAiLCJleHAiOjE3MTk0OTA0MjYsImlhdCI6MTcxOTQ4ODYyNiwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMjQwMjQ4NTk5MjQxMTkyNSJ9.Qx0053tT8Xn-yM0hsu6zJmoQzbQx-7CyQXPEc7cUo3XreOPcHLLNa46u44ODRGr-ftxcxgQsb55F5OcFkS24VA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:47 GMT
sfdc_customization: HOOK
dnt: 0
cf-cache-status: DYNAMIC
x-correlation-id: 89a52e6fcd59b9f2
x-content-type-options: nosniff
via: 1.1 968842023e92f9868a60ec906f146c2c.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P2
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1719430891-5793242170 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding: gzip
x-cache: Miss from cloudfront
age: 0
alt-svc: h3=":443"; ma=86400
content-length: 37
allow: GET,HEAD,OPTIONS
x-ratelimit-remaining: 999
content-type: application/json;charset=UTF-8
vary: Accept-Encoding
sfdc_load: 2
cache-control: max-age=0,no-cache,no-store
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/acxrgWmedGxrsRmbs3xGYYkraI/baskets?siteId=elf-us
x-ratelimit-limit: 99999
accept-ranges: bytes
cf-ray: 89a52e6fcd59b9f2-SEA
x-amz-cf-id: 8f_Egg6JvQ2fKcEIYplIdcbQFUeesvpElpAwxuGNUPL3Qs8WWvBdLA==
x-yottaa-metrics: 2521cc028516/[204,203,-] 25D1cc0285aa/[-,205.070]

POST
H2 200 viewPage Show response
api.cquotient.com/v3/activities/bbxc-elf-us/ 98 B
518 B 38ms
37ms Fetch
application/json 54.171.23.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage

Requested by

Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.23.152 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-23-152.eu-west-1.compute.amazonaws.com

Software

envoy /

Resource Hash

b31692fb3861cb7563104ba8d2c932e2d771912e2f5f3611daf99a826ad7ba94

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
x-cq-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.elfcosmetics.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:47 GMT
strict-transport-security: max-age=15552000; includeSubdomains
server: envoy
etag: W/"62-yJAraqlekHeWdhcNYfs1/yXXG40"
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 5
content-length: 98

OPTIONS
H2 200 viewPage
api.cquotient.com/v3/activities/bbxc-elf-us/ Frame 0
0 157ms
32ms Preflight 54.171.23.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.23.152 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-23-152.eu-west-1.compute.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-cq-client-id
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization, content-type, x-cq-tenant, x-cq-client-id
access-control-allow-methods: POST
access-control-allow-origin: https://www.elfcosmetics.com
content-length: 0
date: Thu, 27 Jun 2024 11:43:47 GMT
server: envoy
strict-transport-security: max-age=15552000; includeSubdomains
x-envoy-upstream-service-time: 0

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ 55 KB
16 KB 24ms
7ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CA9) /

Resource Hash

20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 5c12f466c10e1
dc: ccg11-origin-www-1.paypal.com
content-length: 16355
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
server: ECAcc (frc/4CA9)
traceparent: 00-00000000000000000005c12f466c10e1-b891be5988a41550-01
etag: "64f25363-daa8+gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Thu, 27 Jun 2024 12:43:47 GMT

GET
H2 200 index.html
www.paypalobjects.com/muse/analytics/ Frame DBBC 0
0 43ms
17ms Document
text/html 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CBF) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-length: 16754
content-type: text/html
date: Thu, 27 Jun 2024 11:43:47 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "64f25363-dacc+gzip"
expires: Thu, 27 Jun 2024 12:43:47 GMT
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id: f46860ce27848
server: ECAcc (frc/4CBF)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000f46860ce27848-6a9190e12a877e4b-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff

POST
H2 200 baskets Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 3 KB
2 KB 668ms
668ms XHR
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets

Requested by

Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

6d65e8c2f1d980ad0996b9ea115a0787a1fd93c3afcf0f71f423f34e1ed87d3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwODJiMWNmZC03ZDA5LTQwZDctYjc2OC03OTUzZjQyOGIyMjUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmUyMjhhYmU1LTg1OWYtNDEwZC04OGRkLWJmZWZjOWQyNmFiOCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTk0ODg1OTYsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFjeHJnV21lZEd4cnNSbWJzM3hHWVlrcmFJOjpjaGlkOiAiLCJleHAiOjE3MTk0OTA0MjYsImlhdCI6MTcxOTQ4ODYyNiwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMjQwMjQ4NTk5MjQxMTkyNSJ9.Qx0053tT8Xn-yM0hsu6zJmoQzbQx-7CyQXPEc7cUo3XreOPcHLLNa46u44ODRGr-ftxcxgQsb55F5OcFkS24VA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:48 GMT
sfdc_customization: HOOK
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 68a8bf1c51ac47222204adb56c4024ac.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P2
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1719430891-5793242171 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding: gzip
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 1101
pragma: no-cache
etag: 36a21d6bba653010e341197628fdec0a69a05df74fc4ce8f3381344ba7f989e7
allow: OPTIONS,POST
content-type: application/json;charset=UTF-8
x-dw-resource-state: 36a21d6bba653010e341197628fdec0a69a05df74fc4ce8f3381344ba7f989e7
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 2521cc028523/[515,514,-] 25D1cc0285aa/[-,517.143]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges: bytes
cf-ray: 89a52e72bed4a3c5-SEA
x-dw-request-base-id: 8zPrWnNQfWYBAAB_
x-amz-cf-id: NBs5bRFKWH_AUOQabWz771g1KOxganmOqcc24SShOYK_CHGJ23ePzQ==
x-yottaa-os: 200
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 ts
t.paypal.com/ 42 B
232 B 168ms
167ms Image
image/gif 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1719488627613&g=-120&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CE0) /

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 11:43:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
correlation-id: 3bc2dbe0c67f3
server: ECAcc (frc/4CE0)
traceparent: 00-00000000000000000003bc2dbe0c67f3-a65e07b4c1edacb2-01
vary: Accept-Encoding
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 3bc2dbe0c67f3
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
server-timing: traceparent;desc="00-00000000000000000003bc2dbe0c67f3-8e7e151ffd8f2eb1-01", content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin: *
expires: Thu, 27 Jun 2024 11:43:47 GMT

GET
H2 200 NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 5 KB
6 KB 149ms
32ms Image
image/png 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:48 GMT
x-amz-version-id: null
cf-cache-status: HIT
age: 57531
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 5378
last-modified: Wed, 26 Jun 2024 19:44:57 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 89a52e74fe9dbb59-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 2 KB
1 KB 165ms
48ms Image
image/svg+xml 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:48 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
age: 12164
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 27 Jun 2024 08:21:04 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 89a52e74fea6bb59-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 icon-noun-drop-1235517%201
elfcosmetics.a.bigcontent.io/v1/static/ 2 KB
948 B 152ms
35ms Image
image/svg+xml 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%203x
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f366287eaa5627dc7ee48d1fcb79d20bceae8238ee2f1dd772f059685fe9c799

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:48 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
age: 54742
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 26 Jun 2024 20:31:26 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 89a52e74fea5bb59-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 300240 Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/products/ 51 KB
6 KB 435ms
434ms XHR
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/products/300240?siteId=elf-us&locale=en-US&currency=USD&expand=availability%2Cbundled_products%2Clinks%2Cpromotions%2Coptions%2Cimages%2Cprices%2Cvariations%2Cset_products%2Crecommendations&all_images=true&perPricebook=true

Requested by

Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

c22de6ecb0809ea7db523c6faae26212d6b0832812229d1377cc961cd8fabce8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
c_x-pwa-request: true
cache-control: no-cache
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:48 GMT
sfdc_customization: HOOK
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: gzip
via: 1.1 2063124c232c5b97b617efefe26d1e72.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P2
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1719430891-5793242173 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
age: 0
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 27 Jun 2024 11:43:48 GMT
allow: GET,HEAD,OPTIONS
vary: accept-encoding
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/products/300240?siteId=elf-us&locale=en-US&currency=USD&expand=availability%2Cbundled_products%2Clinks%2Cpromotions%2Coptions%2Cimages%2Cprices%2Cvariations%2Cset_products%2Crecommendations&all_images=true&perPricebook=true
x-yottaa-metrics: 2521cc028a87/[280,279,-] 25D1cc0285aa/[-,281.720]
cf-ray: 89a52e750aedb9b6-SEA
x-dw-request-base-id: 8zPyWnNQfWYBAAB_
x-amz-cf-id: bdjQrYYIAFMebz7s0G2ednU0Z3HHJoqocQM3ZH1VE5B82kvoc6WNDg==

POST
H2 200 exist Show response
srm.ba.contentsquare.net/ 2 B
95 B 117ms
33ms Fetch
application/json 52.211.148.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://srm.ba.contentsquare.net/exist?v=14.19.1&pid=1926&pn=1&sn=1&uu=4d4342fe-34b8-aa3e-a550-62502c646b23
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.211.148.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-148-8.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 27 Jun 2024 11:43:47 GMT
content-length: 2
content-type: application/json

GET
H2 200 us.svg
www.elfcosmetics.com/mobify/bundle/11486/static/img/flag-icons/ 9 KB
1 KB 152ms
152ms Image
image/svg+xml 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elfcosmetics.com/mobify/bundle/11486/static/img/flag-icons/us.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:48 GMT
via: 1.1 6dddb00d156bc90e84fe8c9d69f4809e.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: SFO53-P2
age: 59372
x-yottaa-optimizations: ob/1101 si/25D1cc0285aa-1719397857-8184655132 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Hit from cloudfront
x-amz-meta-deploy: 788634
alt-svc: h3=":443"; ma=86400
content-length: 676
x-amz-meta-bundle: 11486
x-yottaa-forcecache: true
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31104000
x-yottaa-metrics: 2521cc028a82/[3,-,1719429008794] 25D1cc0285aa/[hit]
x-amz-cf-id: T5Tx-ET4mxdqdGtn7f-_YtCvunHt8vkEwvu7M0ZrKwdSj2dr0f92Pw==

GET
H2 200 PWA-UpdateSession Show response
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/ 56 B
1 KB 465ms
464ms XHR
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6

Request headers

c_x-pwa-request: true
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:48 GMT
content-encoding: gzip
via: 1.1 700aa70ccd1c08dc97b84e1db700ae96.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: SFO53-P2
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1719430891-5793242176 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
pragma: no-cache
content-type: application/json
cache-control: no-cache, no-store, must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
x-yottaa-metrics: 2521cc028a8b/[311,310,-] 25D1cc0285aa/[-,313.167]
cf-ray: 89a52e770e0d76e8-SEA
x-dw-request-base-id: 8zP8WnRQfWYBAAB_
x-amz-cf-id: wtZR5ROiGkjfRPH2UDtRXwZBwe2W7RyAD4VzqoRS-9PcVK7qjb95XQ==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 promotions Show response
www.elfcosmetics.com/mobify/proxy/api/pricing/shopper-promotions/v1/organizations/f_ecom_bbxc_prd/ 3 KB
2 KB 368ms
367ms Fetch
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/pricing/shopper-promotions/v1/organizations/f_ecom_bbxc_prd/promotions?siteId=elf-us&ids=2024-06-gwp-%2435%2C2024-06-pride-flash-tattoo-gwp&locale=en-US

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

be19bf8510f48064791d3e68f67d26e1310c52d2f59c4f484139020eabaefb35

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwODJiMWNmZC03ZDA5LTQwZDctYjc2OC03OTUzZjQyOGIyMjUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmUyMjhhYmU1LTg1OWYtNDEwZC04OGRkLWJmZWZjOWQyNmFiOCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTk0ODg1OTYsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFjeHJnV21lZEd4cnNSbWJzM3hHWVlrcmFJOjpjaGlkOiAiLCJleHAiOjE3MTk0OTA0MjYsImlhdCI6MTcxOTQ4ODYyNiwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMjQwMjQ4NTk5MjQxMTkyNSJ9.Qx0053tT8Xn-yM0hsu6zJmoQzbQx-7CyQXPEc7cUo3XreOPcHLLNa46u44ODRGr-ftxcxgQsb55F5OcFkS24VA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:48 GMT
content-encoding: gzip
dnt: 0
cf-cache-status: DYNAMIC
x-correlation-id: 89a52e77bb697534
x-content-type-options: nosniff
via: 1.1 68a8bf1c51ac47222204adb56c4024ac.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P2
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1719430891-5793242177 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
age: 0
alt-svc: h3=":443"; ma=86400
allow: GET,HEAD,OPTIONS
vary: accept-encoding
content-type: application/json;charset=UTF-8
x-ratelimit-remaining: 999
sfdc_load: 2
cache-control: private,max-age=27
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/pricing/shopper-promotions/v1/organizations/f_ecom_bbxc_prd/promotions?siteId=elf-us&ids=2024-06-gwp-%2435%2C2024-06-pride-flash-tattoo-gwp&locale=en-US
x-ratelimit-limit: 99999
accept-ranges: bytes
cf-ray: 89a52e77bb697534-SEA
x-amz-cf-id: QqryArrXICzhBvKMoYUCfHgJU3F-3wThwM4GVzJUhNepiUvv1-3HEg==
x-yottaa-metrics: 2521cc028a8c/[216,215,-] 25D1cc0285aa/[-,217.497]

GET
H2 451 458359.gif
idsync.rlcdn.com/ 0
99 B 42ms
17ms Image
text/plain 35.244.174.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/458359.gif?partner_uid=50551e37-45ab-4cb0-9570-b68b897be9f4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:43:48 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 script-tag.js Show response
cdn-scripts.signifyd.com/api/ 10 KB
4 KB 92ms
17ms Script
application/javascript 18.244.179.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.179.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-179-17.lhr61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:39:37 GMT
content-encoding: gzip
via: 1.1 2e75670221718348a2e40df9100a13ea.cloudfront.net (CloudFront)
last-modified: Tue, 23 Apr 2024 14:51:40 GMT
server: AmazonS3
x-amz-cf-pop: LHR61-P7
age: 259
x-amz-server-side-encryption: AES256
etag: W/"73ca6f23f3e08738233832c7a7a0c30c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1800
x-amz-cf-id: UeSXbNumkFkkLBkj_L96xG_4jT2cCcpDowIQNA5cT2E2ILSvfB2OgA==

GET
H2 200 company_toolkit.js Show response
cdn-scripts.signifyd.com/api/ 4 KB
2 KB 17ms
17ms Script
application/javascript 18.244.179.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.179.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-179-17.lhr61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 11:28:57 GMT
content-encoding: gzip
via: 1.1 2e75670221718348a2e40df9100a13ea.cloudfront.net (CloudFront)
last-modified: Tue, 30 May 2023 10:18:44 GMT
server: AmazonS3
x-amz-cf-pop: LHR61-P7
age: 893
x-amz-server-side-encryption: AES256
etag: W/"2c3950f122b3977df61b0e077aaa92c8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1800
x-amz-cf-id: odXdjXxkt_VB1OKzMJLw_Zjyqr3n2gmwDTHwfkTSlr_GkY6JFcLZdw==

GET
H/1.1 200
OK 81nwayxyeiuv77dh.js Show response
imgs.signifyd.com/ 96 KB
14 KB 73ms
16ms Script
text/javascript 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/81nwayxyeiuv77dh.js?pti8q1dgdnzq9mhn=w2txo5aa&cazrg2feu0bxs02x=LzM5MGEyNDhlM2NjM2IxN2JkY2JjYTlhZTA4

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

f0c346f4456dc2a8dab59c19eb39c03137a066ff33080648ce7f79276bc0ffcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 27 Jun 2024 11:43:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: CP=IVAa PSAa
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK DJYkTecxc0MW6-f0 Show response
imgs.signifyd.com/ Frame 49D4 301 KB
51 KB 23ms
23ms Script
text/javascript 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/DJYkTecxc0MW6-f0?227bdf11eef13909=AdJ3YzHis8BVLFJEQvLs_W67LYIn1h0xdqSy97013SkdbeqsMROdQilDISDAkt0sWRHJ-1Ifu6RJqBK2l6JFww0S0uaQPEX5wSzVDZLvtipLdsFQtOroMMAIPvRHQCXAyiAXgrQwyXl5mkewJDqryUuL_PW2Le9quXAPGD7XMwSdUC0wSqIYsE6rGNswrRtSor4_om7g033FWmK6&jb=3d332e2662716f7d375761666c6d7d792e687b67375563646c6d7d792d3238393b266a736a7f354360706f656f26627b6a3f49627a6d656d2f303a3b3a34

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/81nwayxyeiuv77dh.js?pti8q1dgdnzq9mhn=w2txo5aa&cazrg2feu0bxs02x=LzM5MGEyNDhlM2NjM2IxN2JkY2JjYTlhZTA4

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

eac8a758efe45a6b4e3791e64548c0e39457d7c6c81eba68d08b39c89649ea3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 27 Jun 2024 11:43:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
tmx-nonce: 9ee414eb1af926b2
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=99
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK 4vskuYOCy3K-1plm
imgs.signifyd.com/ Frame 49D4 81 B
475 B 38ms
12ms Image
image/png 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/4vskuYOCy3K-1plm?e789028506359285=APpTazMvn2-K_SR3Y2ueQQn65YIamWXHljeqb3lBT-66aUapKipZLJd_E1GuKYskEtJ5rbSz78Vat_RgttcKiXSKT-zi3Py-BnMSSR0s8DpsHr4wKVMAdSLqijc6H5LkirIkyvqs_N76FfjdMHI5RFMlsNxIubJo8sgM0ws

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 27 Jun 2024 11:43:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK aW-uNVhmLxrF2MSg
imgs.signifyd.com/ Frame 49D4 81 B
475 B 38ms
12ms Image
image/png 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/aW-uNVhmLxrF2MSg?3f60d438117261d5=F4FDZ_YgKRCVzbXE_20djpx0oITSDdLli6wkRPfU-1vVCJxU0dNVg0II6kk_27WT5zdiAf4UTLcyyCxd62cWOF2l_dmbsMasfxtzpQghXdKX9NCeAclMfmlECQv04tmdTFGrmB1K6v78WipMvG5bYF2OrPt7jDFY2gsjeKk

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 27 Jun 2024 11:43:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png Show response
imgs.signifyd.com/fp/ Frame 49D4 81 B
536 B 48ms
23ms XHR
image/png 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/clear.png

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/DJYkTecxc0MW6-f0?227bdf11eef13909=AdJ3YzHis8BVLFJEQvLs_W67LYIn1h0xdqSy97013SkdbeqsMROdQilDISDAkt0sWRHJ-1Ifu6RJqBK2l6JFww0S0uaQPEX5wSzVDZLvtipLdsFQtOroMMAIPvRHQCXAyiAXgrQwyXl5mkewJDqryUuL_PW2Le9quXAPGD7XMwSdUC0wSqIYsE6rGNswrRtSor4_om7g033FWmK6&jb=3d332e2662716f7d375761666c6d7d792e687b67375563646c6d7d792d3238393b266a736a7f354360706f656f26627b6a3f49627a6d656d2f303a3b3a34

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: */*, w2txo5aa/9ee414eb1af926b2lzm5mgeyndhlm2njm2ixn2jky2jjytlhzta4
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 27 Jun 2024 11:43:49 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Thu, 27 Jun 2024 11:43:49 GMT
Server: Apache
Etag: baec9833c75e4ab682192607522d7948
Content-Type: image/png
Access-Control-Allow-Origin: https://www.elfcosmetics.com
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Tue, 26 Jun 2029 11:43:49 GMT

GET
H/1.1 200
OK dsFtkAbMgHn2xvXv
imgs.signifyd.com/ Frame 3A92 0
0 41ms
16ms Document
text/html 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/dsFtkAbMgHn2xvXv?228314b37b81e029=SgMdUfqIKDBmrsi5hDGoBXuMMelj4HGf76lxYDcDyzepL8uCRHthACZUvZMRsg4HY-gAxB7JfzG070yNHsCSLRcQ1uKYFPPF4aWXt6Yf3fihJt-MpIV6ddGrI2OIRyFZQn9UJMs4ZbKpmxF-s1fS3za8blmV0BVHZS4y6ycC0xswtVsADCyPkIdNyKdU2GdEvo_xt_jpk3QX0_Codvs

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Thu, 27 Jun 2024 11:43:49 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK lUway15m-ApMKQN7 Show response
imgs.signifyd.com/ Frame 49D4 0
398 B 26ms
25ms Script
text/javascript 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 27 Jun 2024 11:43:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK lN2jPfxi6EsvONYx Show response
imgs.signifyd.com/ Frame 49D4 134 B
654 B 26ms
25ms Script
text/javascript 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/lN2jPfxi6EsvONYx?971abaa911209809=g0SRKG2LttL85qDS3KuLLyZGIlNVwgc1u7rB63Nwzg46WiIOjZn8UhcxXc-oRZdqJLGm2-8ZqUMpnlRTsAQ-xVdf_n8qpmuwVzrQ2zDwf2V4AjrV79zeGPdVT9lU51O_4xb0-ZdjZkc0TfTRUOhpDg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

8b7fe99a43a7bd226804b149311efa10b987838a49c380e667824393d140fd36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 27 Jun 2024 11:43:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK 7GRj0lWCLFYsFZXM
h.online-metrix.net/ Frame EEB1 0
0 61ms
16ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/7GRj0lWCLFYsFZXM?2201df8e509a63ac=adyz6pUXiicugtCWxliJ6ySISZDT-gKwxLYcXoYsfUT9h-SKVG5uyBjU0JTNSpy5i2BXI76UkKO7y30WYky6pw1AyH00F7NPLXs50ZyBP7H73bR_9nM5h5qVQB5WbV--vhMo3z_ByXC78k1_Ej7kvy8Mr9GiAMTs4EqTPfnklG-8_95mwGbgsJcYEIf_SRaYa2Hqvad4Ts9Nt-DkJ7xN

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Thu, 27 Jun 2024 11:43:49 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK FEw_W_hGskcMKh2T
imgs.signifyd.com/ Frame CD24 0
0 43ms
15ms Document
text/html 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/FEw_W_hGskcMKh2T?5049126a10c22fbc=W0I5q2ksd8-AHKEJ9gMSoGqlSz4P9H5YE4vue5IB-rqm8J8Qf8iXqbo_qOffFA8Kg14b7c2aZx928TOut_HqFGRr-UIxVrFCMPJNKjRLYqT66LUU09_00Z5QUYL2mlQBg0wJRfji9JkWTxQNwRu_P6QWcHZ_K9cuHBHnFPGTTs9owFasO_ZUwYIIl-f0LftethqEVmjSpnhoOeyT-lpz

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Thu, 27 Jun 2024 11:43:49 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
No Content HyXNeFi46-mGIPsf Show response
h64.online-metrix.net/ Frame 49D4 0
357 B 485ms
156ms Script
text/plain 2620:f3:0:14:b401:8ee8:4321:ad82
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h64.online-metrix.net/HyXNeFi46-mGIPsf?9cde3f53f1f4666e=MhtreFYLevc3GmNxMEjKC_vOfLy8SuqL49RzIt_Kd3MRJTmGN8b_C54qYuXh9lP2LejK7yFTXyKnXTGxtZxU2x9bfkOmexaJ3yzR5sBdH04fN0BHc9IyJzOI_ITHEa790sJIujknNd-7Kvs6htCqlxiAMwTrZ4Vh

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2620:f3:0:14:b401:8ee8:4321:ad82 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 27 Jun 2024 11:43:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 lUway15m-ApMKQN7 Show response
imgs.signifyd.com/ Frame 49D4 0
218 B 17ms
16ms Script
text/javascript 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/lUway15m-ApMKQN7?35ae349b5c46a3af=wKnQl0lNM-vvB7futkMxWLuFw-K6nP8uyQsHYPEWFNpX73YTwVj63g7y9omZyzbnF6P6dKNJ5Zmfki7oI_V60w73UisUfFAxcFO5LgGeU2IMJAblUozlMOdSVhsLDnwEjBva7Y3hNP-3qmhiXVSGLz6AwT8&ja=3a3a3a312e2463353c302e7235343a2c6e3f393e3a32723b3a323a2c696635393c303078393838302e7178713734393870363b3a2e66787a3733263b3e323a2639323838263136303826393238322c393c30382439303a3a24333e383a2e3b383832263e3930243c3b30266d7c373a376e37316c39313c316d34686c3a32316a3c34686e3b3a3d6838616e3b6934266d66373a267b61643538342e64603f627e7c727b2d39432f384e27384c7f777f266f6c6663677965657c6b637b246367652d304c6f6464256b6571676f7c6b69276b726165636e616c7b2c786c35372678623d6d3038306e6c69373d3d3b3b396c3c67686f3039313b6f62346131333a3938662660623d3b313b646c3d6c606a3f696069323e303d3a3c363b313d6532346e6e383039342662796f355f616c6e657f712d3a3a333b2c627168374b687a6767652532383b3a362e6873677f3d5f616666657d7b24627b68773749607065676d266660693d31322e646c6d353a26666774783538247e706c3f4d7d786d7a6f2d304c486d72646164266d617c627a3d3c32303b6e316b3a6a67693a3a673e6b69373c3a383a386b6c313d3d3e3031666c3e3d38303334396e366d6969303e6e6b3b3c696c606e3d3a313b3939393e692c64723d607e7c707b2733492f324e2d3a447d7d7f2c6d646c61657965677e636b73266b656d25324e6f646625616f7b67657c616b2f6978616f61666b6e792c783f7a667d67616655666c617b622d354d6461647965297864776d63665d7f616466657d7b5d676f6c6969577a6c61796d782d354d6461647965297864776d63665d696c65606f55696178656a617c2d3f45666164796d21786e756f636e57797d6b69617c6b656d2f374f6c696e796f2970647d6d696e5f7b6267636375617e6f253d4d6e6366796d2378647f65636457706f6b64706469736572253d4f6e61647165297a6c7d6f616c557c646157786663736f7a273f4f6e61647b6f21706c7d6d616e5766657e6b6c7e7a2d374f6c696e7b6d2b72667f6f6b64557b766f577c6965776d782d354d6461647965297864776d63665d62697c632f3f4d646b667b652e6f665f633d7f6f6a676455656a4d4c2d3a3833243a2d30382045726f644f4e2f3838455b2d3830322e382f3a304b6a726767697d6521556f684f4e2d3a3a4546594427383a4d532d3a3a312e302d383828477265664d4c2d3a3847592f3a324f44594e2f383847592f3a3039263a2532304b627a6f656b756523576d6a436b7e5d6d6043617e27383a5f67684d4441464f46455f6966797c616661656c55617a7a697b792f3b402d3a3a47525e5760666f66645765636e6d61702f3b422d30304d5254576b646b7a556b6d667c786d662f3b402f383845505c55636f6c677857627d64666d785f60696464556c646d697c2f31482f3a324f525c5f6c6d7a74685f6b66696d7827334a2f32384d5056556c646d697c5560666f66662f394a253a384f58545f6e786967576665787e682d3b4a27383a4d5a5c577a6d66736f6d645567666e7b6f745f63646b65702d31422d38304d505c5d796269666d7a55766f727c77786f576c676c2f3342253a3a4d585c5d746d72747d7a6d5d696565727a6d79716365665d687a7c632d3b482532304d525c5f7c67787c7f726d576b6d677a7a677b7b636d64557a657e692d334a2d383045585c557c657076757a6f5f6e6164766f7857636661796d7e78677263692d334a2d383045585c557c657076757a6f5f65617a706578576164696772557e675d6f6e6f652d3b482532304d525c5f7b50474a2f334a2d3a32454f5b5d6d646f6f6f647c5d63646c6570577f696e742d394a253a324f4d595f6e6a675d786f66666d7a556f637a65637a2f3b422d3a3a4f455357797c616666617a6e5f6c6d7a6b7c6b7c6b7e6d792739482d303a454d53577c6f7874757a6f5766646d617c2f334a2d3a32454f5b5d7c6d72767f786d5d6c6667617c5766696e6569782d334a27323845455b577c67727e7d706d576263666c5764666569742d3b48253230474f5b5f7c67787c7f726d576063666c576464676b765566616c6f6b7a253b4a2f32304f4d5957766d70746d725f697a7a6373556760626d69762f394a27383a5f454a4f465f636f64657a5f6a77666e6f72576e646d6b7e2d314a2d38325d4f4a4546556b6f6578786573736d6e57746d7a747d786557697b76692f3b402d3a3a554f484f4e5569676d787a6f7373656c557c657076757a6f5f6d7c6b2739482d30385f4f404d465761656778726d7b7965645f7c6f70747d7065576f746b392d31482f3a325f4d484546556b6d677a7a657b7b6f645f746d727c757a675f7b39746b2d3b402f3838554d4a4d4e5569676f7a786d737b6d6e5f7465707e7d726d5d733b7e63577b7a65682f3b402d3a3a554f484f4e556e6d627d6f5572656e6c6f7a657a5d69666c6f2d3b4a27383a5f474a4f465d6e6f6a776d557b68696c6f7273253b482d323855454a4d4c576c6d727e6257766d707e77786f2d31482f3a305f4d48474c5f6c7869775760756e6c657a7b2d31482f3a325f4d48454655646d796f576367667e6578742d394a253a32574d484744576577667e615d6c7a6b752f394a27383a5f454a4f465f706f64736f6f665d6d676e65393e2e656655603f303e6c3169323c63323d39623c306f6164383c3c31616c36613f68356b3e383a683269663d3d3b342c7d6f6e7c37416e7c6d6625323041646b2e2e756764783d41667c67662f3a32417a63712f38384d7a6f6647442d3830456e6f6366652e61636c3732&jb=393f382664733d45657a616464632f384e3726382f303a225f6b646e67777b2d38304e542d383831382c302d39422d3a385563643e362d3b4827383a70343e232d3238497a706c655f6f6a4b6176253a4c353b3f26313c2f3a322043425647462d30492f3a30646161652532384d6d63636d292d38304b607a6d676f2d304e393834243a2632243a2d32385b6b666172612f3a463d3137263936

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 27 Jun 2024 11:43:49 GMT
Strict-Transport-Security: max-age=31536000
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK uumfYaj-rCTPJcv9
w2txo5aahbbqdf77b2jsvwmmaykvme4d4gwgynur9ee414eb1af926b2am1.e.aa.online-metrix.net/ Frame 49D4 81 B
438 B 276ms
12ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w2txo5aahbbqdf77b2jsvwmmaykvme4d4gwgynur9ee414eb1af926b2am1.e.aa.online-metrix.net/uumfYaj-rCTPJcv9?c3ee667f8ec92975=HZrObKb4OVsXiQDosSJtEHtk_PxlVntR0WOlH9xMewRTtlZZLFmbEnEX8I0DwCtWTxOEEofUOVuJR4v1nE_Diymkd4_USoTsJxzQk-MtouRRreXC8_C2XqXMe6n7gSUJqmDccJVepFJZeAm7slCam9kKmEIWVtWcDXGn

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.134.131 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 27 Jun 2024 11:43:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 JEggvGv5jiY9BT5A Show response
imgs.signifyd.com/ Frame 49D4 0
218 B 13ms
13ms Script
text/javascript 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/JEggvGv5jiY9BT5A?568dd95ddd1f95df=IunfztjfuiVRlVdGPyCFVZ3aVwnYna-HI0BepYs9kxNW6C9p3iG1PL0dnej2fm_tJ-1JLWevtzKWlGdmFmq2XPkiuhAnx_78RuNLN04ABy64cKvEKJpQj-g5xuBuI5flMsItI7bQuaCVScd2LKmmF2BQXWz8o_To0MuAQx84Yse9Rb5dZ7Pa5uXdTrF4PLo8ZYJR4aJ7pMgwmgLCAEU&jac=1&je=303e2e266567646037283b2d3a413b2f3a413b2d3841696c3d333e683f333c3f3c6666636a396b353b6662303c36313d31606b393b336a6b6963393f3b336b3e6d656c3c683966396d3c38353937663c393739316a6723

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 27 Jun 2024 11:43:49 GMT
Strict-Transport-Security: max-age=31536000
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 204
204 GN5RoGg26jVgBxPy
imgs.signifyd.com/ Frame 49D4 0
400 B 16ms
15ms Image
image/png 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/GN5RoGg26jVgBxPy?8502de958576a6ac=YQvyP8J0rTVIZzC7jfl-DDo0BcSQ0bOXPJ5KXjkdw5duBK7kWMKXP2QD_RruCUhVm_DLQmtU5Sa4AL22k1h9LhJdcCA8Ng7_GzUrVBeaAR0QNtx-W4sw70Dlvdhxxpzo_QLzTtPTs0nv6t-Fo1ZDpsujgoYFhMFdlIU8XsrRtqXhoSzQNifcDrlm6mWj0o7TrTa4lOMC9Pxlg8z4P-U&jf=3c3b3e267b6b6457786e6c357c6678555a4e6f6b524f695a4d47453c5b4f50672c736964576e69746d3f313f3b393c30303438332e71616c5576737a6d3f7d6f6a3a6d6b6e7361267b636c5f6367793539303d313b323b393834383f3863323c3c3a696f3b64383a3a31303638323a613034343069653b6c38313a3b3835383b3e303a3a38363f3a3e383d6b3e3738646a6838353b33303e3e653c3c6c306e3b383238386c313b3a38373c6c6d3869313f6237633e333964393b37383f323d393c64336c6b636b3a6e333d326d673a323e3469303b3634333d3c30333b37373b38663a6d3e3a6e383d343b396931393e3f353f323a64303a38333231396c3e323a30346e3d312e7b616655796165353b3a363f3a3a303a3f6d393d6c336466356b3230623a67346c6f32396d6d613c6e3d346b386b316e3d69373a393f646a3f33306632393f3a376b37653d6963383a38303b3c3f323f3838303b3a38633d3b6e313c6d333634633b3c3d326c37383a68343d6d6967393e3a633b3c6831323b6c663c3f6a633b6a68373434393d6e376c3732383c666e383a30683231247b616c70373a

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 27 Jun 2024 11:43:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=97
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK lUway15m-ApMKQN7 Show response
imgs.signifyd.com/ Frame 49D4 0
398 B 13ms
12ms Script
text/javascript 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 27 Jun 2024 11:43:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=96
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/

Verdicts & Comments Add Verdict or Comment

150 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: x342UWLf2r8
.youtube.com/	1970-01-21 01:57:20	Name: VISITOR_INFO1_LIVE Value: bFEpZM3_Z2k
.youtube.com/	1970-01-21 01:57:20	Name: VISITOR_PRIVACY_METADATA Value: CgJERRIEEgAgQQ%3D%3D
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: initAuthComplete Value: true
.elfcosmetics.com/	1970-01-21 07:14:08	Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57 Value: g%3A4c9034aa-d584-88ed-9e31-a00e0f4d9089%7Ce%3A1719490424550%7Cc%3A1719488624550%7Cl%3A1719488624550
.elfcosmetics.com/	1970-01-21 07:14:08	Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57 Value: g%3A7ef749df-9a50-41d7-a930-7c9b17baf849%7Ce%3Aundefined%7Cc%3A1719488624557%7Cl%3A1719488624557
.elfcosmetics.com/	1970-01-20 22:21:20	Name: _dyjsession Value: k0bbu8kn2gn42q5f9qnr9ldyt5chts4m
.elfcosmetics.com/	1969-12-31 23:59:59	Name: dy_fs_page Value: www.elfcosmetics.com%2Felf-cosmetic-criminals
.elfcosmetics.com/	1970-01-20 22:21:20	Name: _dy_csc_ses Value: k0bbu8kn2gn42q5f9qnr9ldyt5chts4m
.elfcosmetics.com/	1970-01-20 22:21:20	Name: _dy_c_exps Value:
.elfcosmetics.com/	1970-01-20 23:47:44	Name: _gcl_au Value: 1.1.1190893908.1719488625
.elfcosmetics.com/	1970-01-21 07:14:08	Name: _ga Value: GA1.2.1093982579.1719488626
.elfcosmetics.com/	1970-01-20 21:39:35	Name: _gid Value: GA1.2.1885759267.1719488626
.elfcosmetics.com/	1970-01-20 21:38:08	Name: _gat_UA-432816-1 Value: 1
.dynamicyield.com/	1970-01-21 06:23:44	Name: DYID Value: 6458162120771850353
.doubleclick.net/	1970-01-20 21:38:09	Name: test_cookie Value: CheckForPermission
.elfcosmetics.com/	1970-01-20 22:21:20	Name: _dycnst Value: dg
.elfcosmetics.com/	1970-01-21 06:23:44	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Thu+Jun+27+2024+13%3A43%3A45+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=42083946-e48a-463c-a8b4-c24d8db38a6a&interactionCount=0&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0%2C5%3A0
.elfcosmetics.com/	1970-01-20 22:21:20	Name: _dyid Value: 6458162120771850353
.elfcosmetics.com/	1970-01-20 22:21:20	Name: _dycst Value: dk.w.c.ws.fst.
.elfcosmetics.com/	1970-01-20 22:21:20	Name: _dy_geo Value: DE.EU.DE_BY.DE_BY_Erlangen
.elfcosmetics.com/	1970-01-20 22:21:20	Name: _dy_df_geo Value: Germany..Erlangen
.elfcosmetics.com/	1970-01-20 22:21:20	Name: _dy_toffset Value: 0
.elfcosmetics.com/	1970-01-21 06:23:44	Name: _dy_soct Value: 647796.1248068.1719488625.k0bbu8kn2gn42q5f9qnr9ldyt5chts4m836603.1652212.1719488625837245.1654610.1719488625*861617.1750272.1719488625
.elfcosmetics.com/	1970-01-20 22:21:20	Name: rmStore Value: dmid:9097
.linksynergy.com/	1970-01-21 06:23:44	Name: rmuid Value: 50551e37-45ab-4cb0-9570-b68b897be9f4
.elfcosmetics.com/	1970-01-21 07:07:32	Name: _cs_c Value: 0
.elfcosmetics.com/	1970-01-21 07:07:32	Name: _cs_id Value: 4d4342fe-34b8-aa3e-a550-62502c646b23.1719488626.1.1719488626.1719488626.1558384338.1753652626685.1
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: scapi Value: prd:e228abe5-859f-410d-88dd-bfefc9d26ab8:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwODJiMWNmZC03ZDA5LTQwZDctYjc2OC03OTUzZjQyOGIyMjUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmUyMjhhYmU1LTg1OWYtNDEwZC04OGRkLWJmZWZjOWQyNmFiOCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTk0ODg1OTYsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFjeHJnV21lZEd4cnNSbWJzM3hHWVlrcmFJOjpjaGlkOiAiLCJleHAiOjE3MTk0OTA0MjYsImlhdCI6MTcxOTQ4ODYyNiwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMjQwMjQ4NTk5MjQxMTkyNSJ9.Qx0053tT8Xn-yM0hsu6zJmoQzbQx-7CyQXPEc7cUo3XreOPcHLLNa46u44ODRGr-ftxcxgQsb55F5OcFkS24VA
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: dwsid Value: PjucgxzezN9hayoi_KBQMlmRhZ6LKg4SoX5rebPSdNSm8oMyMpZbViwlTIwXGtFMMgxVlUsLnLtlpRE0P-zV7A==
www.elfcosmetics.com/	1970-01-21 01:57:20	Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92 Value: acxrgWmedGxrsRmbs3xGYYkraI
.elfcosmetics.com/	1970-01-20 21:38:10	Name: _cs_s Value: 1.5.0.1719490427635
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.currency Value: USD
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: sid Value: pRrmRwKU-GLsG9uDlNFfNMKw_1qVYDqvLA4
www.elfcosmetics.com/	1970-01-21 06:24:05	Name: _dyid_server Value: 6458162120771850353
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.InternationalUser Value: ""
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.location Value: US
www.elfcosmetics.com/	1970-01-20 21:39:35	Name: currentLocale Value: en_US
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.sessionid Value: acxrgWmedGxrsRmbs3xGYYkraI
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.LanguageIsoCode Value: en_US
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: __cq_dnt Value: 1
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: dw_dnt Value: 1
imgs.signifyd.com/	1970-01-21 07:14:08	Name: thx_guid Value: 768d55c7f74c75e43aa4360a956a20fd
imgs.signifyd.com/	1970-01-21 07:14:08	Name: tmx_guid Value: AAxwqYcVsVlVEI9axRkKaoOAqNN_JGuanijo_hr6P6JuGDzwKsw5pPNrnFSIkvgIo-WDEfg0fT6Gz3hu35OvbXOCL07SMg

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 299) Message: Access to image at 'https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_ Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_(Line 1) Message: Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other	warning	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_(Line 1) Message: Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"
other	warning	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_(Line 1) Message: Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other	warning	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_(Line 1) Message: Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"
other	warning	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_(Line 1) Message: Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other	warning	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_(Line 1) Message: Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"
network	error	URL: https://idsync.rlcdn.com/458359.gif?partner_uid=50551e37-45ab-4cb0-9570-b68b897be9f4 Message: Failed to load resource: the server responded with a status of 451 ()
security	error	URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Message: Refused to execute script from 'https://h64.online-metrix.net/HyXNeFi46-mGIPsf?9cde3f53f1f4666e=MhtreFYLevc3GmNxMEjKC_vOfLy8SuqL49RzIt_Kd3MRJTmGN8b_C54qYuXh9lP2LejK7yFTXyKnXTGxtZxU2x9bfkOmexaJ3yzR5sBdH04fN0BHc9IyJzOI_ITHEa790sJIujknNd-7Kvs6htCqlxiAMwTrZ4Vh' because its MIME type ('') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ade.googlesyndication.com
api.cquotient.com
api.ipify.org
async-px.dynamicyield.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
code.jquery.com
cosmeticcrimal.com
elfcosmetics.a.bigcontent.io
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
h64.online-metrix.net
idsync.rlcdn.com
imgs.signifyd.com
qoe-1.yottaa.net
region1.google-analytics.com
sdk.iad-05.braze.com
sgtm.elfcosmetics.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.ordergroove.com
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
ut.rd.linksynergy.com
w2txo5aahbbqdf77b2jsvwmmaykvme4d4gwgynur9ee414eb1af926b2am1.e.aa.online-metrix.net
websdk.appsflyer.com
www.elfcosmetics.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.paypal.com
www.paypalobjects.com
www.youtube.com
cdn-fsly.yottaa.net
104.26.13.205
13.35.58.109
142.250.185.194
142.250.185.98
142.250.186.164
151.101.1.21
151.101.130.133
151.101.193.21
165.254.56.40
172.217.16.206
172.217.23.104
18.244.179.17
18.244.18.53
184.31.94.141
192.229.221.25
2001:4860:4802:32::36
204.141.88.74
204.2.133.170
2600:9000:2250:a200:15:ad21:c740:93a1
2600:9000:275d:ae00:a:b89d:a6c0:93a1
2606:4700:4400::6812:2089
2606:4700:4400::6812:25a1
2606:4700:4400::ac40:91b7
2606:4700::6813:b134
2620:f3:0:14:b401:8ee8:4321:ad82
2a00:1450:4001:806::200e
2a00:1450:4001:828::200e
2a00:1450:4001:82b::2008
2a02:26f0:3100::1735:2b10
2a02:26f0:3100::1735:2b28
2a02:26f0:3500:11::215:14d5
2a04:4e42:200::649
34.102.147.248
34.49.124.132
34.98.67.3
35.244.174.68
52.211.148.8
54.171.23.152
54.72.226.63
91.235.132.130
91.235.133.113
91.235.134.131
022e2f39deba7f332eabe69b27b31d98d4d5f2535116745957a691d1b1ec4cc5
02cd1507141eed04a56b8706127f7bd8d638d8567d2ae135c3e97cf4196973db
11cf11bff7a54cf595f54c5211fd0089934416de1bc7d951f532f967c0ff0d2b
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
232d958be1f93d665a6f81f43f1beaa4a1c948166e299c40eef27cd947e5460b
24208bfb79737c1fd3c59ec6978d9b0606a2778becdb2ab7172627f6da5ca18e
2acb2fc6f4d918481b376cd94563df7ebb4346e08c9b47607376a78454ca01a9
2e8fd8d487b4259dbdc6c529f742806377fae205c8dc7d0f35ac8797bafe5b3b
2eccc353076e7e00446ced65d89e61fe2cc7a310d94ac828411390e03d5a85d2
2ffc0b3ca90c0b895e3cff3d03d189b7bd980d1a31d5bcd34db07d60ca20375c
305fe9a5f5590087ad5d80aa44c7a7f1416966806e955ce7a42ab086ec14e38c
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
32dad17ab0a1e7c691f7533d5cc47cd056774b2f9f8fd7d850898a2e9873f85c
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
3dae94126362e2c8b80dfbc73f6b32f15be7805cbdf6739a72cab5ca534c15e0
42997132bd0142564014ac4a809356dc0ceb9b7a90eede2b5b48019f1700cc58
476b949e750bc9bc1e1179523a977db991107d95f9e6ddf9c05212ca6a2b8fb9
498ea43ee2b31ee61f58f43b798dfaec6eb59b63fefdfaa7c01bba897ba57a33
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4da1d1c804a729554839742b67e4aa91d5c78aee12f269749d9934e55d8def06
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
55baa715ccc8c2512bceb1c949c1d0927944ca327e7edd2d5fc312d2a41986e4
56c989ad68e2d657ec33446633534c0d2b3ee0aeaa1cbe4ef8a21a1e9a5c3b99
5a080fab7534ee293b43bae9df0e4d49cec0d2581a4ce61bc30b798fd309f720
5f4f96cdc90d63d3a7ae56aaaeb404ecb5bfb29c9c987550c8d4db5ee9af8855
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
624a13034774c4cbb393576c313fa1e1b3ded817861ee7dbec12c92f0f866980
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
6b42a56b231d70ea3691b9f46363b9f8ed6ca35f6b50084718669b8beac1e57d
6d65e8c2f1d980ad0996b9ea115a0787a1fd93c3afcf0f71f423f34e1ed87d3b
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7b78b9170d1e1da68dd52e57d79c9e906137b28f87eca1f17b2c350f73d1f3ba
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d
8b7fe99a43a7bd226804b149311efa10b987838a49c380e667824393d140fd36
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
8d1d78ad2d3f54f4ab2c46e6272ea193088dcdaaf53518471d0cd9f42ea75242
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9d46133ea9abdbb744af237afbae487a9d2dbb2333a5136816ac68282d52a349
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a92babe0280635e6b8a8cd8b631230f248bfa16bfb2ae7a7e04d404df5518ccb
a9ae2bae68641a19dc0182f4e8d1fed88c8901256b9aa3c20bf1118bbc7da547
ad3ed177f053d775094fa0ad440fd4f6baf970be9af3b38b62e734dd4ab99ecd
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22
b31692fb3861cb7563104ba8d2c932e2d771912e2f5f3611daf99a826ad7ba94
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b592ffae3e4db32ca59f44351815755d85f43b1b03b5f6b75adf0c727ac702c1
b5a9baac0b53c708a5279b1ddfe54ec7f0a40699210e0caf05419d0aa1b330d9
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be19bf8510f48064791d3e68f67d26e1310c52d2f59c4f484139020eabaefb35
bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c
c22de6ecb0809ea7db523c6faae26212d6b0832812229d1377cc961cd8fabce8
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d1810d5f8d8861fd708c12089a12237dbc230d2394b02824b05200c6f01f204e
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d6a4bc8e1c19c0c091dcd58b46827d49c184b5c7f39599075af165c28ab021ef
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca
d841b6859d2469f63df65c0a91d70da822367d82810d4d08900d79b21bdddc19
dae9b41d89e2f4c730c24f101106c03ac157d2f3efc24d526a40279f9576dafa
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029
e9433f83f20500145850d5aabddced402dcfc94e310072e9a3f545df0bdb9f96
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ea7c1612005824699aa4574b764875370605733abc4d06f0650d309772423239
eac8a758efe45a6b4e3791e64548c0e39457d7c6c81eba68d08b39c89649ea3d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c346f4456dc2a8dab59c19eb39c03137a066ff33080648ce7f79276bc0ffcf
f366287eaa5627dc7ee48d1fcb79d20bceae8238ee2f1dd772f059685fe9c799
f3ea62799cc1271782ea8650517f7388be4c6ddcc64f82c1fd011ea999bb64b1
f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6

www.elfcosmetics.com Open in urlscan Pro 204.2.133.170 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

125 Requests

91 %HTTPS

36 %IPv6

28 Domains

40 Subdomains

41 IPs

4 Countries

11764 kBTransfer

19801 kBSize

44 Cookies

17 Outgoing links

Page URL History

Redirected requests

125 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.elfcosmetics.com Open in urlscan Pro
204.2.133.170 Public Scan

Screenshot
Live screenshot

Full Image

125
Requests

91 %
HTTPS

36 %
IPv6

28
Domains

40
Subdomains

41
IPs

4
Countries

11764 kB
Transfer

19801 kB
Size

44
Cookies

125 HTTP transactions
3 data transactions