urlscan.io logo urlscan.io
SecurityTrails logo

www.elfcosmetics.com Open in urlscan Pro
165.254.56.168  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cosmeticscriminals.com/
Effective URL: https://www.elfcosmetics.com/cosmetic-criminals
Submission: On January 04 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 67 IPs in 4 countries across 52 domains to perform 252 HTTP transactions. The main IP is 165.254.56.168, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 139937.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.
This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 204.141.89.115 393259 (YOTTAA-AS-1)
1 18 165.254.56.168 393259 (YOTTAA-AS-1)
5 11 2a02:26f0:480... 20940 (AKAMAI-ASN1)
5 2a02:26f0:480... 20940 (AKAMAI-ASN1)
18 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42:600... 54113 (FASTLY)
3 151.101.130.133 54113 (FASTLY)
4 2a00:1450:400... 15169 (GOOGLE)
5 35.190.10.96 15169 (GOOGLE)
13 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
3 2600:9000:225... 16509 (AMAZON-02)
2 104.237.62.212 18450 (WEBNX)
6 151.101.194.133 54113 (FASTLY)
3 8 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
1 7 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:248... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:215... 16509 (AMAZON-02)
1 3.33.220.150 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
10 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
7 18.66.112.91 16509 (AMAZON-02)
1 18.235.151.6 14618 (AMAZON-AES)
1 204.2.49.54 393259 (YOTTAA-AS-1)
2 184.31.94.141 16625 (AKAMAI-AS)
1 34.102.147.248 396982 (GOOGLE-CL...)
15 192.229.221.25 15133 (EDGECAST)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
3 2600:9000:224... 16509 (AMAZON-02)
3 2606:4700:440... 13335 (CLOUDFLAR...)
1 142.250.185.194 15169 (GOOGLE)
1 54.192.87.248 16509 (AMAZON-02)
2 2a04:4e42:8d::84 54113 (FASTLY)
2 2a03:2880:f08... 32934 (FACEBOOK)
2 2a04:4e42:200... 54113 (FASTLY)
5 104.126.37.25 20940 (AKAMAI-ASN1)
2 2600:9000:209... 16509 (AMAZON-02)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
1 13.224.132.25 16509 (AMAZON-02)
1 34.120.253.250 396982 (GOOGLE-CL...)
12 99.80.178.133 16509 (AMAZON-02)
1 34.98.67.3 396982 (GOOGLE-CL...)
1 2001:4860:480... 15169 (GOOGLE)
1 18.196.74.65 16509 (AMAZON-02)
4 35.190.43.134 15169 (GOOGLE)
2 52.211.234.8 16509 (AMAZON-02)
8 34.98.72.95 396982 (GOOGLE-CL...)
1 2a03:2880:f17... 32934 (FACEBOOK)
1 23.53.41.88 20940 (AKAMAI-ASN1)
3 23.206.208.183 16625 (AKAMAI-AS)
2 13.224.103.62 16509 (AMAZON-02)
1 34.117.23.127 396982 (GOOGLE-CL...)
1 35.186.202.199 15169 (GOOGLE)
1 34.117.197.184 396982 (GOOGLE-CL...)
1 54.154.97.89 16509 (AMAZON-02)
12 91.235.133.113 30286 (THM)
6 18.245.60.66 16509 (AMAZON-02)
2 91.235.132.130 30286 (THM)
1 91.235.134.131 30286 (THM)
1 2600:1901:0:5... 15169 (GOOGLE)
1 34.111.8.32 396982 (GOOGLE-CL...)
1 34.102.193.48 396982 (GOOGLE-CL...)
252 67
1    204.141.89.115 (United States)

ASN393259 (YOTTAA-AS-1, US)
cosmeticscriminals.com
18    165.254.56.168 (United States)

ASN393259 (YOTTAA-AS-1, US)
www.elfcosmetics.com
11    2a02:26f0:480:1a::5f65:6f9e (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
cdn.media.amplience.net
5    2a02:26f0:480:1a::5f65:6fab (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
cdn.static.amplience.net
18    2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
1    2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
3    151.101.130.133 (United States)

ASN54113 (FASTLY, US)
cdn-fsly.yottaa.net
4    2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
5    35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com
collector-pxxt4gy2ig.px-cloud.net
13    2606:4700::6812:82ec (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
2    2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2600:9000:2251:7800:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.dynamicyield.com
2    104.237.62.212 (El Segundo, United States)

ASN18450 (WEBNX, US)
PTR: api.ipify.org
api.ipify.org
6    151.101.194.133 (United States)

ASN54113 (FASTLY, US)
sdk.iad-05.braze.com
8    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
static.doubleclick.net
8    2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
jnn-pa.googleapis.com
7    2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:80b::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
i.ytimg.com
1    2600:9000:248c:d200:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)
st.dynamicyield.com
2    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2600:9000:2156:c000:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.cnnx.link
1    3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
insight.adsrvr.org
1    2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
10    2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
www.google.de
2    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
7    18.66.112.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-91.fra56.r.cloudfront.net
async-px.dynamicyield.com
1    18.235.151.6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-151-6.compute-1.amazonaws.com
px.dynamicyield.com
1    204.2.49.54 (United States)

ASN393259 (YOTTAA-AS-1, US)
qoe-1.yottaa.net
2    184.31.94.141 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-94-141.deploy.static.akamaitechnologies.com
static.ordergroove.com
1    34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com
tag.rmp.rakuten.com
15    192.229.221.25 (United States)

ASN15133 (EDGECAST, US)
www.paypal.com
t.paypal.com
www.paypalobjects.com
1    2a02:26f0:3500:11::215:14d5 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
websdk.appsflyer.com
3    2600:9000:2240:a800:13:d6f4:3240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.usehero.com
3    2606:4700:4400::6812:2a49 (United States)

ASN13335 (CLOUDFLARENET, US)
elfcosmetics.a.bigcontent.io
1    142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
www.googleadservices.com
1    54.192.87.248 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-87-248.ams50.r.cloudfront.net
sc-static.net
2    2a04:4e42:8d::84 (United States)

ASN54113 (FASTLY, US)
s.pinimg.com
2    2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a04:4e42:200::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
alb.reddit.com
5    104.126.37.25 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-37-25.deploy.static.akamaitechnologies.com
analytics.tiktok.com
2    2600:9000:2090:3e00:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.jebbit.com
2    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    13.224.132.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-132-25.lhr3.r.cloudfront.net
t.contentsquare.net
1    34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com
tag.wknd.ai
12    99.80.178.133 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-178-133.eu-west-1.compute.amazonaws.com
api.usehero.com
1    34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com
ut.rd.linksynergy.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    18.196.74.65 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-74-65.eu-central-1.compute.amazonaws.com
external-api.jebbit.com
4    35.190.43.134 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com
tr.snapchat.com
tr6.snapchat.com
2    52.211.234.8 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-234-8.eu-west-1.compute.amazonaws.com
c.contentsquare.net
8    34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com
assets.bounceexchange.com
1    2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    23.53.41.88 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-53-41-88.deploy.static.akamaitechnologies.com
analytics.pangle-ads.com
3    23.206.208.183 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-208-183.deploy.static.akamaitechnologies.com
ct.pinterest.com
2    13.224.103.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-103-62.zrh50.r.cloudfront.net
cdn-scripts.signifyd.com
1    34.117.23.127 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 127.23.117.34.bc.googleusercontent.com
data.cdnbasket.net
1    35.186.202.199 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 199.202.186.35.bc.googleusercontent.com
page.cdnbasket.net
1    34.117.197.184 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 184.197.117.34.bc.googleusercontent.com
view.cdnbasket.net
1    54.154.97.89 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-97-89.eu-west-1.compute.amazonaws.com
srm.ba.contentsquare.net
12    91.235.133.113 (United States)

ASN30286 (THM, US)
imgs.signifyd.com
6    18.245.60.66 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-66.fra60.r.cloudfront.net
upload.usehero.com
2    91.235.132.130 (United States)

ASN30286 (THM, US)
PTR: h.online-metrix.net
h.online-metrix.net
1    91.235.134.131 (United States)

ASN30286 (THM, US)
w2txo5aanrqcugspgvcrdwnytdqppjwm7njcmxkdc2646a963e00faeaam1.e.aa.online-metrix.net
1    2600:1901:0:56e0:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
ids.cdnwidget.com
1    34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com
api.bounceexchange.com
1    34.102.193.48 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 48.193.102.34.bc.googleusercontent.com
e.cdnwidget.com
Apex Domain
Subdomains		 Transfer
21 usehero.com
cdn.usehero.com — Cisco Umbrella Rank: 53942
api.usehero.com — Cisco Umbrella Rank: 46106
upload.usehero.com — Cisco Umbrella Rank: 88319
346 KB
18 youtube.com
www.youtube.com — Cisco Umbrella Rank: 79
2 MB
18 elfcosmetics.com
www.elfcosmetics.com — Cisco Umbrella Rank: 139937
319 KB
16 amplience.net
cdn.media.amplience.net — Cisco Umbrella Rank: 13847
cdn.static.amplience.net — Cisco Umbrella Rank: 47248
7 MB
14 signifyd.com
cdn-scripts.signifyd.com — Cisco Umbrella Rank: 10774
imgs.signifyd.com — Cisco Umbrella Rank: 8345
94 KB
13 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 625
323 KB
12 paypal.com
www.paypal.com — Cisco Umbrella Rank: 3050
t.paypal.com — Cisco Umbrella Rank: 3583
239 KB
12 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 68
static.doubleclick.net — Cisco Umbrella Rank: 371
9231397.fls.doubleclick.net Failed
10742279.fls.doubleclick.net Failed
stats.g.doubleclick.net — Cisco Umbrella Rank: 184
6 KB
12 dynamicyield.com
cdn.dynamicyield.com — Cisco Umbrella Rank: 9310
st.dynamicyield.com — Cisco Umbrella Rank: 8286
async-px.dynamicyield.com — Cisco Umbrella Rank: 8253
px.dynamicyield.com — Cisco Umbrella Rank: 39125
232 KB
9 bounceexchange.com
assets.bounceexchange.com — Cisco Umbrella Rank: 3848
api.bounceexchange.com — Cisco Umbrella Rank: 3755
162 KB
8 google.com
www.google.com — Cisco Umbrella Rank: 6
region1.analytics.google.com — Cisco Umbrella Rank: 2014
40 KB
8 googleapis.com
jnn-pa.googleapis.com — Cisco Umbrella Rank: 306
80 KB
8 gstatic.com
fonts.gstatic.com
www.gstatic.com
95 KB
6 google.de
www.google.de — Cisco Umbrella Rank: 4002
905 B
6 braze.com
sdk.iad-05.braze.com — Cisco Umbrella Rank: 3700
2 KB
5 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 818
144 KB
5 px-cloud.net
collector-pxxt4gy2ig.px-cloud.net — Cisco Umbrella Rank: 271980
2 KB
4 snapchat.com
tr.snapchat.com — Cisco Umbrella Rank: 1096
tr6.snapchat.com — Cisco Umbrella Rank: 1403
709 B
4 contentsquare.net
t.contentsquare.net — Cisco Umbrella Rank: 4291
c.contentsquare.net — Cisco Umbrella Rank: 4768
srm.ba.contentsquare.net — Cisco Umbrella Rank: 22103
69 KB
4 yottaa.net
cdn-fsly.yottaa.net — Cisco Umbrella Rank: 25002 Failed
qoe-1.yottaa.net — Cisco Umbrella Rank: 9663
1 MB
3 online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 3974
w2txo5aanrqcugspgvcrdwnytdqppjwm7njcmxkdc2646a963e00faeaam1.e.aa.online-metrix.net
16 KB
3 cdnbasket.net
data.cdnbasket.net — Cisco Umbrella Rank: 6828
page.cdnbasket.net — Cisco Umbrella Rank: 6830
view.cdnbasket.net — Cisco Umbrella Rank: 6834
1014 B
3 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2512
33 KB
3 pinterest.com
ct.pinterest.com — Cisco Umbrella Rank: 1083
2 KB
3 jebbit.com
js.jebbit.com — Cisco Umbrella Rank: 68342
external-api.jebbit.com — Cisco Umbrella Rank: 83668
60 KB
3 bigcontent.io
elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 158403
8 KB
2 cdnwidget.com
ids.cdnwidget.com — Cisco Umbrella Rank: 5618
e.cdnwidget.com — Cisco Umbrella Rank: 20333
335 B
2 bing.com
bat.bing.com — Cisco Umbrella Rank: 692
13 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 240
91 KB
2 pinimg.com
s.pinimg.com — Cisco Umbrella Rank: 1174
21 KB
2 ordergroove.com
static.ordergroove.com — Cisco Umbrella Rank: 32223
63 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 101
21 KB
2 ytimg.com
i.ytimg.com — Cisco Umbrella Rank: 104
6 KB
2 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2685
446 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114
213 KB
1 pangle-ads.com
analytics.pangle-ads.com — Cisco Umbrella Rank: 2641
962 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 98
185 B
1 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1988
637 B
1 linksynergy.com
ut.rd.linksynergy.com — Cisco Umbrella Rank: 10004
405 B
1 wknd.ai
tag.wknd.ai — Cisco Umbrella Rank: 5411
6 KB
1 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1770
9 KB
1 sc-static.net
sc-static.net — Cisco Umbrella Rank: 1399
18 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 173
2 KB
1 appsflyer.com
websdk.appsflyer.com — Cisco Umbrella Rank: 6735
12 KB
1 rakuten.com
tag.rmp.rakuten.com — Cisco Umbrella Rank: 8466
15 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 950
304 B
1 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 1095
149 B
1 cnnx.link
js.cnnx.link — Cisco Umbrella Rank: 10791
1 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1219
24 KB
1 cosmeticscriminals.com
cosmeticscriminals.com
326 B
0 rlcdn.com Failed
idsync.rlcdn.com Failed
0 pointmediatracker.com Failed
pixel.pointmediatracker.com Failed
252 52
Domain Requested by
18 www.youtube.com www.elfcosmetics.com
www.youtube.com
18 www.elfcosmetics.com 1 redirects www.elfcosmetics.com
cdn-fsly.yottaa.net
13 cdn.cookielaw.org cdn-fsly.yottaa.net
cdn.cookielaw.org
www.elfcosmetics.com
12 imgs.signifyd.com www.elfcosmetics.com
imgs.signifyd.com
12 api.usehero.com cdn.usehero.com
11 cdn.media.amplience.net 5 redirects www.elfcosmetics.com
10 www.paypal.com www.elfcosmetics.com
www.paypal.com
www.paypalobjects.com
8 assets.bounceexchange.com www.elfcosmetics.com
8 jnn-pa.googleapis.com www.youtube.com
8 googleads.g.doubleclick.net 3 redirects www.youtube.com
www.elfcosmetics.com
7 async-px.dynamicyield.com cdn.dynamicyield.com
7 www.google.com 1 redirects www.youtube.com
www.elfcosmetics.com
6 upload.usehero.com cdn.usehero.com
6 www.google.de www.elfcosmetics.com
6 sdk.iad-05.braze.com cdn-fsly.yottaa.net
5 analytics.tiktok.com www.elfcosmetics.com
analytics.tiktok.com
5 collector-pxxt4gy2ig.px-cloud.net www.elfcosmetics.com
5 cdn.static.amplience.net www.elfcosmetics.com
4 www.gstatic.com www.youtube.com
www.gstatic.com
4 fonts.gstatic.com www.youtube.com
3 www.paypalobjects.com www.elfcosmetics.com
www.paypalobjects.com
3 ct.pinterest.com s.pinimg.com
www.elfcosmetics.com
3 tr.snapchat.com www.elfcosmetics.com
sc-static.net
3 elfcosmetics.a.bigcontent.io
3 cdn.usehero.com www.elfcosmetics.com
cdn.usehero.com
3 cdn.dynamicyield.com www.elfcosmetics.com
3 cdn-fsly.yottaa.net www.elfcosmetics.com
2 h.online-metrix.net imgs.signifyd.com
2 cdn-scripts.signifyd.com www.elfcosmetics.com
2 t.paypal.com
2 c.contentsquare.net
2 bat.bing.com www.elfcosmetics.com
2 js.jebbit.com www.elfcosmetics.com
2 connect.facebook.net www.elfcosmetics.com
2 s.pinimg.com www.elfcosmetics.com
2 static.ordergroove.com www.elfcosmetics.com
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 www.google-analytics.com www.elfcosmetics.com
www.google-analytics.com
2 i.ytimg.com www.youtube.com
2 static.doubleclick.net www.youtube.com
2 api.ipify.org cdn-fsly.yottaa.net
2 www.googletagmanager.com www.elfcosmetics.com
1 e.cdnwidget.com
1 api.bounceexchange.com www.elfcosmetics.com
1 ids.cdnwidget.com assets.bounceexchange.com
1 w2txo5aanrqcugspgvcrdwnytdqppjwm7njcmxkdc2646a963e00faeaam1.e.aa.online-metrix.net
1 srm.ba.contentsquare.net t.contentsquare.net
1 view.cdnbasket.net assets.bounceexchange.com
1 page.cdnbasket.net assets.bounceexchange.com
1 data.cdnbasket.net assets.bounceexchange.com
1 tr6.snapchat.com sc-static.net
1 analytics.pangle-ads.com analytics.tiktok.com
1 www.facebook.com
1 external-api.jebbit.com js.jebbit.com
1 alb.reddit.com
1 region1.analytics.google.com www.googletagmanager.com
1 ut.rd.linksynergy.com www.elfcosmetics.com
1 tag.wknd.ai www.elfcosmetics.com
1 t.contentsquare.net www.elfcosmetics.com
1 www.redditstatic.com www.elfcosmetics.com
1 sc-static.net www.elfcosmetics.com
1 www.googleadservices.com www.elfcosmetics.com
1 websdk.appsflyer.com www.elfcosmetics.com
1 tag.rmp.rakuten.com www.elfcosmetics.com
1 qoe-1.yottaa.net www.elfcosmetics.com
1 px.dynamicyield.com cdn.dynamicyield.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 insight.adsrvr.org www.elfcosmetics.com
1 js.cnnx.link www.googletagmanager.com
1 st.dynamicyield.com www.elfcosmetics.com
1 code.jquery.com www.elfcosmetics.com
1 cosmeticscriminals.com 1 redirects
0 idsync.rlcdn.com Failed
0 pixel.pointmediatracker.com Failed www.elfcosmetics.com
0 10742279.fls.doubleclick.net Failed www.googletagmanager.com
0 9231397.fls.doubleclick.net Failed www.googletagmanager.com
252 76
Subject Issuer Validity Valid
*.elfcosmetics.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-25 -
2024-10-25		 a year crt.sh
dm.amplience.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-20 -
2024-08-14		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.yottaa.net
GlobalSign RSA OV SSL CA 2018		 2023-09-13 -
2024-10-14		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.px-cloud.net
Sectigo RSA Domain Validation Secure Server CA		 2023-08-15 -
2024-09-13		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2023-04-01 -
2024-03-31		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.dynamicyield.com
Amazon RSA 2048 M02		 2023-09-03 -
2024-10-01		 a year crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA		 2023-02-07 -
2024-02-18		 a year crt.sh
*.iad-05.braze.com
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-07-27 -
2024-08-27		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
edgestatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
js.cnnx.link
Amazon RSA 2048 M02		 2023-07-11 -
2024-08-07		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2023-04-12 -
2024-05-13		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2023-11-13 -
2024-11-12		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.ordergroove.com
Go Daddy Secure Certificate Authority - G2		 2023-08-04 -
2024-08-17		 a year crt.sh
tag.rmp.rakuten.com
GTS CA 1D4		 2023-12-02 -
2024-03-01		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2023-10-12 -
2024-10-31		 a year crt.sh
*.appsflyer.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-07-27 -
2024-07-27		 a year crt.sh
*.usehero.com
Amazon RSA 2048 M02		 2023-08-28 -
2024-09-24		 a year crt.sh
*.bigcontent.io
GeoTrust TLS RSA CA G1		 2023-03-14 -
2024-04-13		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
sc-static.net
Amazon RSA 2048 M03		 2023-12-21 -
2025-01-18		 a year crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-31 -
2024-08-07		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-10-13 -
2024-01-11		 3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-25 -
2024-02-21		 6 months crt.sh
*.tiktok.com
RapidSSL ECC CA 2018		 2023-07-14 -
2024-08-13		 a year crt.sh
*.jebbit.com
Amazon RSA 2048 M01		 2023-05-24 -
2024-06-21		 a year crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 01		 2023-10-24 -
2024-04-21		 6 months crt.sh
t.contentsquare.net
Amazon RSA 2048 M01		 2023-09-13 -
2024-10-11		 a year crt.sh
tag.wknd.ai
R3		 2023-11-20 -
2024-02-18		 3 months crt.sh
api.usehero.com
Amazon RSA 2048 M02		 2023-02-05 -
2024-03-05		 a year crt.sh
*.rd.linksynergy.com
ZeroSSL RSA Domain Secure Site CA		 2023-02-13 -
2024-02-13		 a year crt.sh
*.google.de
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-09-01 -
2024-02-28		 6 months crt.sh
*.snap.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-04-13 -
2024-04-12		 a year crt.sh
dep.ba.contentsquare.net
Amazon RSA 2048 M01		 2023-03-20 -
2024-04-17		 a year crt.sh
assets.bounceexchange.com
GTS CA 1D4		 2023-11-20 -
2024-02-18		 3 months crt.sh
*.pangle-ads.com
RapidSSL TLS ECC CA G1		 2023-08-10 -
2024-09-09		 a year crt.sh
cdn-scripts.signifyd.com
Amazon RSA 2048 M01		 2023-07-03 -
2024-07-31		 a year crt.sh
data.cdnbasket.net
GTS CA 1D4		 2023-11-12 -
2024-02-10		 3 months crt.sh
page.cdnbasket.net
GTS CA 1D4		 2023-11-15 -
2024-02-13		 3 months crt.sh
view.cdnbasket.net
GTS CA 1D4		 2023-11-20 -
2024-02-18		 3 months crt.sh
srm.ba.contentsquare.net
Amazon RSA 2048 M02		 2023-11-07 -
2024-12-06		 a year crt.sh
imgs.signifyd.com
Go Daddy Secure Certificate Authority - G2		 2023-10-20 -
2024-11-20		 a year crt.sh
h.online-metrix.net
Trustwave Organization Validation SHA256 CA, Level 1		 2023-01-09 -
2024-01-23		 a year crt.sh
*.e.aa.online-metrix.net
Trustwave Organization Validation SHA256 CA, Level 1		 2023-06-14 -
2024-07-01		 a year crt.sh
ids.cdnwidget.com
R3		 2023-11-13 -
2024-02-11		 3 months crt.sh
*.wunderkind.co
R3		 2023-12-06 -
2024-03-05		 3 months crt.sh
e.cdnwidget.com
R3		 2023-11-06 -
2024-02-04		 3 months crt.sh

This page contains 16 frames:

Primary Page: https://www.elfcosmetics.com/cosmetic-criminals
Frame ID: 0B5D4875F23966812D8BAA16D88F361B
Requests: 163 HTTP requests in this frame

Frame: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Frame ID: 56B6CA3CA4FD51D127F62585B13D21F3
Requests: 18 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: 6A78872B516C8852F806EC5098129F9B
Requests: 18 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=5604021205782;auiddc=978309849.1704389664;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals
Frame ID: F3CFCA03EA2802DD1AEB76AD8ED81A6A
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=9518799620176;auiddc=978309849.1704389664;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals
Frame ID: CBDD07EF040030E25FB0BDFBC177F155
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Frame ID: D68C2B7DF0FF8749AE19CE1BE0B52E55
Requests: 4 HTTP requests in this frame

Frame: https://cdn.usehero.com/plugin.5.46.0.js
Frame ID: 6CDD8129F7D5D23B7C3C346D9DCEEF65
Requests: 13 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=5773000f-a162-488b-9f42-6c8729642cf5&u_sclid=1479e282-67fa-4e48-a9e8-3d91dc66e508
Frame ID: 905B54847C2A954DE382343C49700A92
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 1626FD9A9F40CA1E65132542CDA418D9
Requests: 3 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: BB17908BADB4012BF083F70ACDBF0721
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: CB861A2001E23FFD4406119E6320B602
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/YkCKH_RKrJNjOho-?d31cf67feb632262=KRWC7IFpYXFYM5iovbUGt8CvuBiHAiwXUj_vpq0IcSsJbTcbv5YocSdWKrM3ftdJHw87ag2UUoTRmi-bWwrqvflOdt0Ef9IwHkbHc3bJ2nCUOg9lJfLF7xV1Ih1XroI-el1Jt9EbXNSzuSzhG5z3Omr_6tW89Kcxdi2lK3kVcCRGxXI6LbiesUaKK-JoqIVvDaC5holXaUzkB4Ud&jb=3d33262460716d7d355d636e6e6f77732e68796737576b666c6f7f7b2f3038393b266a796a7f3d4162706d656d2c6073683d43687a6d676d2f3232393a30
Frame ID: E7EE65701BA6001EFE3F74ABE4161CE8
Requests: 9 HTTP requests in this frame

Frame: https://upload.usehero.com/avatars/lqRiQXDD6L-uKFjelXCdNsJJUB86TAX--56x56.jpg
Frame ID: A2BBBD74F9CADFAABA20A996B3922B94
Requests: 3 HTTP requests in this frame

Frame: https://imgs.signifyd.com/yQDv6CrXzf9ooh8T?afa469ceee951cba=CWBYmwLfIpVNWYNeQ_s56MRG0tEGsbv6RT5X71zQAyT2UcIHHSt_sVze8c87JdxezT8YQQKeJZLr3isSlZyYXCT4Rb-Br1ilLCgiKfuo8pxlssK1QtcdYIFvABNjQdfbrS-SVaR7_ilZSOpNwK1ej--YUQ6iplE2grYZtkCfPZrPrhBi7V69_D-bQxQEgdvdenvHtMSHmJsxeQoqar0
Frame ID: 58CBA74C93B4FA2CE5B0DC433F7C47D9
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/SVqkrC2UeBnZabga?c2e94e4436751281=Tt0X-yqPVwMLXSJqVtKeg4O5PU9xMpDqSIXrYQPvnUT7cRR3AveCKsnsgdu_0aZf1PLed2DZhXYxiwuOio4_HCw5EgjOuP13PbQyx9eUu1AD4pNO3QllbJ35AJ-lbq17_uVs2YpdRjV8Qzd47mahPo4H1sMT2N17Rnls-vJuKKTl7HUWdT1KO4H_YsQ1H3wMP9ZmhqmZTlseKI8gM-9G
Frame ID: D17DEDA6CB788A377105FDDA94CC41E4
Requests: 2 HTTP requests in this frame

Frame: https://imgs.signifyd.com/GqEsJ351f8_3TFPI?fb9dfbc1e88924d3=DGIZe-S7-JPnkYkcZEQAmFJcRAiB2nMEjB3poh6EzFCukw31T3thkfgK5SxBi3KgkFguQU-U_TD8TSrtoj7_fKIQnHK37FbcjGYl32XfGAUZ3ixYonuBBKlWTJKbaii2Dj3bI0ubqWjtOdm0Tp8hinFxb582eVTbw7VoBW_-N72vltfFdHMt-E0O5sPxMID96ZvxEVgSZ_0tvMKq7pm_
Frame ID: B059B8D0CED1F9AF7D55D313354AC0F9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Project Water Tower | e.l.f. CosmeticsBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. https://cosmeticscriminals.com/ HTTP 301
    https://www.elfcosmetics.com/cosmetic-criminals Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • cdn\.dynamicyield\.\w+/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • tag\.rmp\.rakuten\.com
Overall confidence: 10%
Detected patterns
  • basket.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

252
Requests

93 %
HTTPS

45 %
IPv6

52
Domains

76
Subdomains

67
IPs

4
Countries

13015 kB
Transfer

28809 kB
Size

71
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cosmeticscriminals.com/ HTTP 301
    https://www.elfcosmetics.com/cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Request Chain 11
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/webm_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
Request Chain 20
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/webm_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
Request Chain 21
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/webm_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm
Request Chain 22
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/webm_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
Request Chain 44
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=ZVz3CNfV-hJ1_MyyFgFyoR25XKHGTsV2jiZBONsNn_g HTTP 303
  • https://www.elfcosmetics.com/callback?usid=0ae6d5d5-54e4-4c72-95cb-a25322f5573e&code=wmRn22EzLP7iGIB8Yt-7bIbKiTcLqpw1XOQRTyfl_VA
Request Chain 46
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Request Chain 48
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Request Chain 164
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1586948612&cv=11&fst=1704389663876&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&value=0&auid=978309849.1704389664&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&ocp_id=IuyWZcuCBvqciM0P6d6F0Ag&sscte=1&crd=&eitems=ChAIgMvZrAYQw9j20OTu84c0Eh0APKHi1tOFWwANhaqJuDqhPJHcuYNhr_Btvt8YtA&pscrd=EkxDaEFJZ012WnJBWVFxOGF3cHJyOTVzaElFaVVBZ0k4ZFlBS21zaUs1TWYzTFhZYUIxZW1QYW9nNXVMZEFSSTZkU1NjYUlRYWphM2h3GldDaEFJZ012WnJBWVF1dlM3NW9qOTlPOVpFaTBBcHFPQ3I3SzZoQU5IRjJBVmVjWnhqSlNIRXJYNzFmTTlyYXFrekY1X1lITUszODJ1LU5feWc3bWlON0EiEwjLm-2kosSDAxV6DqIDHWlvAYo HTTP 302
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1586948612&cv=11&fst=1704389663876&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&value=0&auid=978309849.1704389664&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ012WnJBWVFxOGF3cHJyOTVzaElFaVVBZ0k4ZFlBS21zaUs1TWYzTFhZYUIxZW1QYW9nNXVMZEFSSTZkU1NjYUlRYWphM2h3GldDaEFJZ012WnJBWVF1dlM3NW9qOTlPOVpFaTBBcHFPQ3I3SzZoQU5IRjJBVmVjWnhqSlNIRXJYNzFmTTlyYXFrekY1X1lITUszODJ1LU5feWc3bWlON0EiEwjLm-2kosSDAxV6DqIDHWlvAYo&is_vtc=1&ocp_id=IuyWZcuCBvqciM0P6d6F0Ag&cid=CAQSKQAvHhf_tPc-uV0r1PnGbidcB7LTmUS4xMPG4s-kBe3tqusEj8YiO8lR&eitems=ChAIgMvZrAYQw9j20OTu84c0Eh0APKHi1gXsuataVh_Fgj98LvgQgYnb-WBZnauAVA&random=2742869957 HTTP 302
  • https://www.google.de/pagead/1p-conversion/698270988/?random=1586948612&cv=11&fst=1704389663876&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&value=0&auid=978309849.1704389664&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ012WnJBWVFxOGF3cHJyOTVzaElFaVVBZ0k4ZFlBS21zaUs1TWYzTFhZYUIxZW1QYW9nNXVMZEFSSTZkU1NjYUlRYWphM2h3GldDaEFJZ012WnJBWVF1dlM3NW9qOTlPOVpFaTBBcHFPQ3I3SzZoQU5IRjJBVmVjWnhqSlNIRXJYNzFmTTlyYXFrekY1X1lITUszODJ1LU5feWc3bWlON0EiEwjLm-2kosSDAxV6DqIDHWlvAYo&is_vtc=1&ocp_id=IuyWZcuCBvqciM0P6d6F0Ag&cid=CAQSKQAvHhf_tPc-uV0r1PnGbidcB7LTmUS4xMPG4s-kBe3tqusEj8YiO8lR&eitems=ChAIgMvZrAYQw9j20OTu84c0Eh0APKHi1gXsuataVh_Fgj98LvgQgYnb-WBZnauAVA&random=2742869957&ipr=y

252 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request cosmetic-criminals
www.elfcosmetics.com/
Redirect Chain
  • https://cosmeticscriminals.com/
  • https://www.elfcosmetics.com/cosmetic-criminals
892 KB
228 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
7375fe7d1cc3047d706aecd82c6a14ca0387c0e3fc5b67de17f4ae95f26e3f56

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
cache-control
public, must-revalidate, s-maxage=900
content-encoding
gzip
content-length
232507
content-type
text/html; charset=utf-8
date
Thu, 04 Jan 2024 17:34:19 GMT
etag
W/"c21f4-Jcl8q2HoJfxIcPMvYtjz4rhqO8o"
vary
Accept-Encoding
via
1.1 57f9250ef620b33bc5b87625f8d36f5e.cloudfront.net (CloudFront)
x-amz-apigw-id
RBnT8HYkCYcEUmA=
x-amz-cf-id
YnHcT_jkf8sduFulYvo6gRfeHEnYwZcjkvNBVeiPDTvvDVdZTweS8A==
x-amz-cf-pop
LHR62-C3
x-amzn-remapped-connection
close
x-amzn-remapped-content-length
795124
x-amzn-remapped-date
Thu, 04 Jan 2024 17:34:18 GMT
x-amzn-requestid
ec820d94-46cd-406d-95a5-94c1e05e24a2
x-amzn-trace-id
Root=1-6596ec18-06253e747f67b3c30d4bfc8b;Sampled=0;lineage=2b75b0e9:0
x-cache
Miss from cloudfront
x-yottaa-metrics
3421a5fe3897/[2308,2152,-] 34D1a5fe38a8/[-,2447.073]
x-yottaa-optimizations
ob/1000000100001000 si/34D1a5fe38a8-1704379623-9167598871 tts/1704308418854 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os
200

Redirect headers

age
0
content-length
1197
content-type
text/html; charset=utf-8
date
Thu, 04 Jan 2024 17:34:16 GMT
location
https://www.elfcosmetics.com/cosmetic-criminals
vary
User-Agent
x-yottaa-fw
fb/100000 tid/658dc4f7d93140973bd491b7 rid/658dc848d93140973bd496fa stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics
23D1cc8d5973/[-,0.311]
x-yottaa-optimizations
ob/0 si/23D1cc8d5973-1704379623-8490493773 tts/1704389656465 ti/0 ai/658dc4f7d93140973bd491b7
init.js
www.elfcosmetics.com/XT4Gy2ig/ 		166 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/XT4Gy2ig/init.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
0bedcfb9ec8de8c6eb2ca6d90074342f7f4667873a5edb642986e683a94cc60d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:19 GMT
content-encoding
gzip
etag
"2960e-TDmdOMi3EoLBRs2nhuMAKZ2J+DE"
active-cdn
Akamai
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
active-cdn,x-served-by,Akamai-Request-BC
cache-control
max-age=600
x-yottaa-metrics
34D1a5fe38a8/[-,236.256]
x-px-hash
ODU1MmRlZmQxNzJlZTI1ZjlmZjMwM2Y1ODk0MzcwNDVhODZiMzE1OTNkNGM0YWVmNDdlZWExMDc2NWYzZGZmOA==
x-yottaa-optimizations
ob/0 si/34D1a5fe38a8-1704379623-9167598881 tts/1704389659797 ti/0 ai/5a0c9b7632f01c35d42101b2
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/ 		0
0
PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 		630 KB
630 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:1a::5f65:6f9e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:19 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
m5dZZiwnu,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-req-id
ZaZ9RMqyoA
content-length
644728
x-xss-protection
1; mode=block
x-amp-source-height
1249
server
Unknown
x-frame-options
DENY
x-amp-source-width
3199
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 		210 KB
211 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:1a::5f65:6f9e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
c856ca647a5edf9ff56752649cd2bbd3d6d6fb2263d1b473a255534f5bf6f830
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:19 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
KE_4p-anu,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-req-id
v6oCa1skal
content-length
215306
x-xss-protection
1; mode=block
x-amp-source-height
340
server
Unknown
x-frame-options
DENY
x-amp-source-width
800
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
image/gif
PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:1a::5f65:6f9e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
349a84fa24c5bda7424681c4ab9a0d265a0966a963f47e975dc5f7f347e3bb1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:19 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
-jHS4uPc9,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-req-id
dnzeFDmWeV
content-length
2102142
x-xss-protection
1; mode=block
x-amp-source-height
1484
server
Unknown
x-frame-options
DENY
x-amp-source-width
3080
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 03 Jan 2024 21:02:28 GMT
PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 		330 KB
331 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:1a::5f65:6f9e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:19 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
3VXOkvx1H,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-req-id
2vvOVubBmB
content-length
338113
x-xss-protection
1; mode=block
x-amp-source-height
1062
server
Unknown
x-frame-options
DENY
x-amp-source-width
2806
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 27 Dec 2023 17:21:33 GMT
PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 		180 KB
180 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:1a::5f65:6f9e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:19 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
ZFdUusQOi,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-req-id
cVLp3cRHhJ
content-length
184181
x-xss-protection
1; mode=block
x-amp-source-height
1108
server
Unknown
x-frame-options
DENY
x-amp-source-width
1952
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Fri, 29 Dec 2023 07:51:47 GMT
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b

Request headers

Referer
Origin
https://www.elfcosmetics.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd

Request headers

Referer
Origin
https://www.elfcosmetics.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Server
2a02:26f0:480:1a::5f65:6fab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:20 GMT
last-modified
Fri, 22 Dec 2023 15:50:27 GMT
etag
"dd3676819bd88a250c875a11e38c307d"
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
video/mp4
access-control-allow-origin
*
Content-Range
bytes 0-1060947/1060948
x-amp-srv
A
accept-ranges
bytes
x-amp-route
ak-s1
Content-Length
1060948

Redirect headers

date
Thu, 04 Jan 2024 17:34:19 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
dYhYQwie9,l4p5bDg2e,bgWw7nQ29
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/webm_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Server
2a02:26f0:480:1a::5f65:6fab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
692db01eb703744d633776b15675c6b2c761732ca585236d376836bf6f04bc9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:20 GMT
last-modified
Fri, 22 Dec 2023 17:43:50 GMT
etag
"fae641824ad9e109b5a20c2cba506e57"
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
video/webm
access-control-allow-origin
*
Content-Range
bytes 0-1210813/1210814
x-amp-srv
A
accept-ranges
bytes
x-amp-route
ak-s1
Content-Length
1210814

Redirect headers

date
Thu, 04 Jan 2024 17:34:19 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
SiEkUB8QJ,l4p5bDg2e,fH6Lo3_5e
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
bxGKZ6lfJ7A
www.youtube.com/embed/ Frame 56B6 		93 KB
40 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
139dccc148a700e806645b9f9b2530ff93258b0ef1cf3cb7ebea8b1020f80307
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Thu, 04 Jan 2024 17:34:19 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
rZPCKoUReO0
www.youtube.com/embed/ Frame 6A78 		93 KB
40 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
578bee6e4e3c64581e188d06eb57bdbb8f576eb46ddccf5e7c175c1fdd980a27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Thu, 04 Jan 2024 17:34:19 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 		613 KB
614 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:1a::5f65:6f9e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
8b311b78042906393bf9c3cdc5bc8115b450b8b31905b1641dec7246fbd4cc85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:19 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
9nOTFtVJa,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-req-id
u3Zlac-den
content-length
627998
x-xss-protection
1; mode=block
x-amp-source-height
525
server
Unknown
x-frame-options
DENY
x-amp-source-width
3200
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 28 Dec 2023 16:15:28 GMT
jquery-3.7.1.slim.min.js
code.jquery.com/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:19 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
4439269
x-cache
HIT, HIT
content-length
24036
x-served-by
cache-lga21942-LGA, cache-fra-eddf8230136-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1704389660.771252,VS0,VE0
etag
W/"28feccc0-11278"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
10574, 459
player_api
www.youtube.com/ 		993 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/player_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7ac9f0e85d1ed4d4ccf7a151ec6b9b80f89baa745841db8efd82713671ff5ab8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:19 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type
text/javascript; charset=utf-8
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Thu, 04 Jan 2024 17:34:19 GMT
vendor.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 		2 MB
619 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
57e461c9b78558e62478cca713658387eaf54afe6ae0a8128ee38e5846b4d6d8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
7DhVfT1FfID7USGHRQIdkAPtGlAbpV1z
via
1.1 20340eb7909bfa098c771e4c93be880a.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Thu, 04 Jan 2024 17:34:19 GMT
x-amz-cf-pop
LHR62-C3
age
2586716
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1000 si/3411a5fe3887-1690921777-1105583644 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Miss from cloudfront, HIT
x-amz-meta-deploy
621192
content-length
633349
x-amz-meta-bundle
10314
x-served-by
cache-fra-eddf8230103-FRA
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1704389660.780007,VS0,VE2
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
3421a5fe3894/[940,855,-] 3411a5fe3887/[-,1341.400]
accept-ranges
bytes
x-amz-cf-id
zSQSSJjgsZfkn5dSovYi7NApT_4Bn2YTkgHSWcIeodTCmRzlXV8CdA==
x-cache-hits
1
main.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 		2 MB
454 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4f770b32793546ad41060cc03c06e4a744b10e9ae4af0b2b0522cfcf1fb33285

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
ee3xb.NTbr4bzXJ3SxfA7qqa0mkCetT8
via
1.1 223f95455b0bb3057583bfe63e0d5c7a.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Thu, 04 Jan 2024 17:34:19 GMT
x-amz-cf-pop
DFW57-P1
age
124665
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1100 si/3211a5fec643-1692101820-744365274 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
621192
content-length
464645
x-amz-meta-bundle
10314
x-served-by
cache-fra-eddf8230103-FRA
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1704389660.780423,VS0,VE3
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
3221a5fec612/[34,-,1704261662565] 3211a5fec643/[-,271.808]
accept-ranges
bytes
x-amz-cf-id
0Wm-6GygV7ff69lqYDLURN89NpfHoLWtd_u-xYEYVkEbb2hueg4tAQ==
x-cache-hits
1
pages-product-list-product-list-page.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/pages-product-list-product-list-page.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cd0b162bc6e5a1dfcdba80c8b12d3f2ec6ac423a1c1ed7d996779d9c6b81f346

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
3Wq5BoaKPulOYkW6Fp3r6wFQLlG6RLjA
via
1.1 d45e064f8c3e1035d136019303749e0e.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Thu, 04 Jan 2024 17:34:19 GMT
x-amz-cf-pop
DFW57-P1
age
1277202
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1001 si/3211a5fec6ec-1699966125-864528434 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
621192
content-length
11125
x-amz-meta-bundle
10314
x-served-by
cache-fra-eddf8230103-FRA
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1704389660.780429,VS0,VE2
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
3221a5fec69c/[103,93,-] 3211a5fec6ec/[hit]
accept-ranges
bytes
x-amz-cf-id
s5hBPhvFX-Vd0WhOVKf-vdneybTeE5XHmEvMns86anHptC0f6cJ07w==
x-cache-hits
1
dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/webm_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
375 KB
376 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Server
2a02:26f0:480:1a::5f65:6fab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4973f562e7d8f8ad478be1fe1090639ca7b50af5f98c5c13efe61d22fb72665e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:20 GMT
last-modified
Fri, 29 Dec 2023 07:23:44 GMT
etag
"dd9940f6d244dca562aef306c8b59fe0"
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
video/webm
access-control-allow-origin
*
Content-Range
bytes 0-384464/384465
x-amp-srv
A
accept-ranges
bytes
x-amp-route
ak-s1
Content-Length
384465

Redirect headers

date
Thu, 04 Jan 2024 17:34:20 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
Ffb8Zr4M4,l4p5bDg2e,6oVxns4D8
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
848c5446-ecbd-46ce-a180-637c5c42845d.webm
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/webm_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm
237 KB
238 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Server
2a02:26f0:480:1a::5f65:6fab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
744f83518728b979fb7e008389501d1acaa5a3086284274c296f26c5d4cfc8e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:20 GMT
last-modified
Tue, 02 Jan 2024 17:30:06 GMT
etag
"bc22e0c363ee3e170f7a975b978bad39"
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
video/webm
access-control-allow-origin
*
Content-Range
bytes 0-243067/243068
x-amp-srv
A
accept-ranges
bytes
x-amp-route
ak-s1
Content-Length
243068

Redirect headers

date
Thu, 04 Jan 2024 17:34:19 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
K4zby9wxt,l4p5bDg2e,tO41Cj3M_
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/webm_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
194 KB
195 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Server
2a02:26f0:480:1a::5f65:6fab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2d5ce843cf166fdb4108ebcfe16b22da332149e2bcb4b7d93b3abd0d93e2def8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:20 GMT
last-modified
Tue, 02 Jan 2024 17:20:49 GMT
etag
"a2b2c1d6820d46784bd0e0e1ed3190de"
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
video/webm
access-control-allow-origin
*
Content-Range
bytes 0-198985/198986
x-amp-srv
A
accept-ranges
bytes
x-amp-route
ak-s1
Content-Length
198986

Redirect headers

date
Thu, 04 Jan 2024 17:34:19 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
ZBNA9w0AC,l4p5bDg2e,nvYvyivv1
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
www-player.css
www.youtube.com/s/player/da154528/ Frame 6A78 		358 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/www-player.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:31:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
156
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47436
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 03 Jan 2025 17:31:43 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6A78 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 28 Dec 2023 23:26:56 GMT
x-content-type-options
nosniff
age
583644
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2024 23:26:56 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6A78 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 20:17:31 GMT
x-content-type-options
nosniff
age
249409
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 31 Dec 2024 20:17:31 GMT
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		564 B
811 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
af7aa4914c29a6baabdf4887c7aa1c8531012faa62ac216929952f6a40821012

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 04 Jan 2024 17:34:20 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
564
embed.js
www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/ Frame 6A78 		52 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
abbda51c88a9a22c60f30b677f8925355382798bfcabb143d3938400c484d0f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 08:24:16 GMT
content-encoding
br
x-content-type-options
nosniff
age
292204
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16336
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 31 Dec 2024 08:24:16 GMT
www-embed-player.js
www.youtube.com/s/player/da154528/www-embed-player.vflset/ Frame 6A78 		322 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:12:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
1310
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
98735
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 03 Jan 2025 17:12:30 GMT
base.js
www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/ Frame 6A78 		2 MB
768 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2e43938512568a6819be40d8c79292dc4b5d9ac9888f23a9f5ba931f98ce81aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 08:24:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
292206
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
786305
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 31 Dec 2024 08:24:14 GMT
www-player.css
www.youtube.com/s/player/da154528/ Frame 56B6 		358 KB
46 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/www-player.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:31:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
157
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47436
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 03 Jan 2025 17:31:43 GMT
embed.js
www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/ Frame 56B6 		52 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
abbda51c88a9a22c60f30b677f8925355382798bfcabb143d3938400c484d0f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 08:24:16 GMT
content-encoding
br
x-content-type-options
nosniff
age
292204
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16336
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 31 Dec 2024 08:24:16 GMT
www-embed-player.js
www.youtube.com/s/player/da154528/www-embed-player.vflset/ Frame 56B6 		322 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:12:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
1310
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
98735
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 03 Jan 2025 17:12:30 GMT
base.js
www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/ Frame 56B6 		2 MB
768 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2e43938512568a6819be40d8c79292dc4b5d9ac9888f23a9f5ba931f98ce81aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 08:24:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
292206
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
786305
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 31 Dec 2024 08:24:14 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 56B6 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 28 Dec 2023 23:26:56 GMT
x-content-type-options
nosniff
age
583644
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2024 23:26:56 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 56B6 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 20:17:31 GMT
x-content-type-options
nosniff
age
249409
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 31 Dec 2024 20:17:31 GMT
OtAutoBlock.js
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 		1 MB
152 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/OtAutoBlock.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e038dff62440b626103b2b81adcbb64b5cb3bd80433d1a710f37162cd7c0cc17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 17:34:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
24304
content-md5
3CHjrTrl4YSKzn90GsMA3A==
content-length
154812
x-ms-lease-status
unlocked
last-modified
Mon, 30 Oct 2023 13:08:00 GMT
server
cloudflare
etag
0x8DBD9493E0E92B7
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
faa9619b-101e-0023-4914-1ea340000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
84053b5b1d1a377b-FRA
expires
Fri, 05 Jan 2024 17:34:21 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98bc0753b3f7392176a4af252bfae9bcd1f2804b73dee374119899d8f52ae3d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 17:34:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
FWT01iLvZ++xUAz3aesSug==
age
44752
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6841
x-ms-lease-status
unlocked
last-modified
Wed, 03 Jan 2024 22:17:18 GMT
server
cloudflare
etag
0x8DC0CA9BF9BFF37
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
1f518f4a-801e-0043-4dbb-3edfdf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
84053b5b1d18377b-FRA
gtm.js
www.googletagmanager.com/ 		432 KB
122 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9ad389543b882262b26151e39b81233ab6a833daeb530a99cc164bb96b5e4039
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
124605
x-xss-protection
0
last-modified
Thu, 04 Jan 2024 16:27:20 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 04 Jan 2024 17:34:22 GMT
api_dynamic.js
cdn.dynamicyield.com/api/8772046/ 		378 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:7800:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
890e001a83f07334785932a039f2656e7a5f3ebc430ede8d6254e383914e86f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:22 GMT
content-encoding
gzip
via
1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
last-modified
Tue, 02 Jan 2024 20:42:32 GMT
server
DYCDN
age
8
x-amz-cf-pop
FRA60-P3
x-amz-server-side-encryption
AES256
etag
W/"eeded215f3a718cf1a30a0769fcc6f83"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=30
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
3FuyEVT2_ITbPV6tDgUz0KJeV_7BczwwNz8OEPAJpx93VGZqSD0qsQ==
api_static.js
cdn.dynamicyield.com/api/8772046/ 		385 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:7800:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
844e110d367aacf96432d2a6f36b849d92efd4e09773c4673bc0f60fbd7203a8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 20:47:40 GMT
content-encoding
gzip
via
1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
last-modified
Tue, 02 Jan 2024 20:42:32 GMT
server
DYCDN
age
75102
x-amz-cf-pop
FRA60-P3
x-amz-server-side-encryption
AES256
etag
W/"a3d96bfa73c17ea78b620eed0a2e7991"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
jo3fIP2PGZCTKsjrGVWqUKU-02-5xDELIF7SkN3MTFBkueFj3G8SgQ==
/
api.ipify.org/ 		23 B
223 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.237.62.212 El Segundo, United States, ASN18450 (WEBNX, US),
Reverse DNS
api.ipify.org
Software
nginx/1.25.2 /
Resource Hash
f1999206051534c886e13fb23a24980bf7e3cfd83a388f4cf2c81e3e7d7c03ad

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 04 Jan 2024 17:34:22 GMT
Server
nginx/1.25.2
Connection
keep-alive
Content-Length
23
Vary
Origin
Content-Type
application/json
/
api.ipify.org/ 		23 B
223 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.237.62.212 El Segundo, United States, ASN18450 (WEBNX, US),
Reverse DNS
api.ipify.org
Software
nginx/1.25.2 /
Resource Hash
f1999206051534c886e13fb23a24980bf7e3cfd83a388f4cf2c81e3e7d7c03ad

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 04 Jan 2024 17:34:22 GMT
Server
nginx/1.25.2
Connection
keep-alive
Content-Length
23
Vary
Origin
Content-Type
application/json
init.js
www.elfcosmetics.com/XT4Gy2ig/ 		0
449 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/XT4Gy2ig/init.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:22 GMT
content-encoding
gzip
etag
"2960e-cJSWshCMh2frQ+1sbD/n/SMs3oQ"
active-cdn
Akamai
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
active-cdn,x-served-by,Akamai-Request-BC
cache-control
max-age=600
x-yottaa-metrics
34D1a5fe38a8/[-,171.303]
x-px-hash
YjA3MTFhYTYwNjkwODJkZDg4YjgwYjZhZTAwYmJmZjBhYTRhNTNlMjFiNWE5ZTM2NGU3ZmM2N2RlY2U4MDE3Mg==
x-yottaa-optimizations
ob/0 si/34D1a5fe38a8-1704379623-9167598904 tts/1704389662515 ti/0 ai/5a0c9b7632f01c35d42101b2
callback
www.elfcosmetics.com/
Redirect Chain
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
  • https://www.elfcosmetics.com/callback?usid=0ae6d5d5-54e4-4c72-95cb-a25322f5573e&code=wmRn22EzLP7iGIB8Yt-7bIbKiTcLqpw1XOQRTyfl_VA
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/callback?usid=0ae6d5d5-54e4-4c72-95cb-a25322f5573e&code=wmRn22EzLP7iGIB8Yt-7bIbKiTcLqpw1XOQRTyfl_VA
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:23 GMT
via
1.1 cdcf1be46a91676588ed8966c4b8eb12.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
0
x-amz-cf-pop
LHR62-C3
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
aaf7966b-c426-41b5-bb6e-fbafce0466b8
x-yottaa-optimizations
ob/1000 si/34D1a5fe38a8-1704379623-9167598917 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
RBnVAF6KiYcEpUQ=
content-length
0
x-yottaa-forcecache
true
x-amzn-trace-id
Root=1-6596ec1f-0580e5406151b5761ef1f474;Sampled=0;lineage=2b75b0e9:0
content-type
application/json
cache-control
public, max-age=604800
x-yottaa-os
200
x-yottaa-metrics
3421a5fe3898/[253,248,-] 34D1a5fe38a8/[-,255.416]
x-amzn-remapped-date
Thu, 04 Jan 2024 17:34:23 GMT
x-amz-cf-id
-vfisYj28lty_pBB42wRqNk81Ls3snR107UFOszMNFGtCdU2QC_zvg==

Redirect headers

date
Thu, 04 Jan 2024 17:34:22 GMT
x-correlation-id
84053b5eae6c5280
via
1.1 7a71153df5fe7b23e438dedb00b3bf4a.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/0 si/34D1a5fe38a8-1704379623-9167598910 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
content-length
0
pragma
no-cache
x-ratelimit-1m-remaining
23289, 1980221
x-ratelimit-1m-reset
37429, 37428
x-ratelimit-1m-limit
24000, 2000000
vary
Accept-Encoding
location
https://www.elfcosmetics.com/callback?usid=0ae6d5d5-54e4-4c72-95cb-a25322f5573e&code=wmRn22EzLP7iGIB8Yt-7bIbKiTcLqpw1XOQRTyfl_VA
cache-control
no-store
x-yottaa-os
303
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=ZVz3CNfV-hJ1_MyyFgFyoR25XKHGTsV2jiZBONsNn_g
x-yottaa-metrics
3421a5fe389f/[168,164,-] 34D1a5fe38a8/[-,183.205]
cf-ray
84053b5eae6c5280-LHR
x-amz-cf-id
YWYJx9hhA1ZoT7JIQH5ejJccvdyrpVLuo8fTAm3rIMEdXvH5kl-pkA==
/
sdk.iad-05.braze.com/api/v3/data/ 		323 B
454 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1a09824b6d7bbd0f5e82a23d14da408abfba60d02f5bdb48309d3ab6ca61bb1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest
true
X-Braze-DataRequest
true
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/json
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest

Response headers

date
Thu, 04 Jan 2024 17:34:22 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
939340c6-3e9d-4605-aceb-17bca2710d06
x-served-by
cache-fra-eddf8230061-FRA
x-runtime
0.034398
etag
W/"1a09824b6d7bbd0f5e82a23d14da408a"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
id
googleads.g.doubleclick.net/pagead/ Frame 6A78
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
100 B
242 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0be6b755910551d20e2c8f2cc9258bc2e7000445b9c8e4f030b8cf458a0e022e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 04 Jan 2024 17:34:22 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame 6A78 		29 B
495 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:24:13 GMT
x-content-type-options
nosniff
age
609
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 04 Jan 2024 17:39:13 GMT
id
googleads.g.doubleclick.net/pagead/ Frame 56B6
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
100 B
189 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
361f9ffb9f3bc85e62e58b7f19e356a0c44bd11d4a3319fb01f758b685105957
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 04 Jan 2024 17:34:22 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame 56B6 		29 B
89 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:24:13 GMT
x-content-type-options
nosniff
age
609
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 04 Jan 2024 17:39:13 GMT
/
sdk.iad-05.braze.com/api/v3/data/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Thu, 04 Jan 2024 17:34:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-fra-eddf8230061-FRA
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Thu, 04 Jan 2024 17:34:22 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 6A78 		86 KB
40 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
eac810283a09ee72b754e02f1eff87cbaba4b297afdee33f7e453d559b6bade1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Thu, 04 Jan 2024 17:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40733
x-xss-protection
0
remote.js
www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/ Frame 6A78 		116 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e50b3437118e3987bcf15bbe18094b785119f764d2af29be181b531de3b1bb08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 08:24:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
292207
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33735
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 31 Dec 2024 08:24:15 GMT
1xEiQfu-UCiwbMaFnr-G2Uzcd5udG06umsh6raawdbQ.js
www.google.com/js/th/ Frame 6A78 		50 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/1xEiQfu-UCiwbMaFnr-G2Uzcd5udG06umsh6raawdbQ.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7112241fbbe5028b06cc6859ebf86d94cdc779b9d1b4eae9ac87aada6b075b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 18:13:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
84039
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19870
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:30:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Jan 2025 18:13:43 GMT
default.jpg
i.ytimg.com/vi/rZPCKoUReO0/ Frame 6A78 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi/rZPCKoUReO0/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB_gmAAtAFigIMCAAQARhyIFYoPTAP&rs=AOn4CLCM5ONTEJwdjxOrSlWBNC86VGolng
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a36655e9de608636a4c3262639b79321a93bdd9ad275e4e130a07719094146f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:22 GMT
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2380
x-xss-protection
0
server
sffe
etag
"1703117772"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 04 Jan 2024 19:34:22 GMT
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Thu, 04 Jan 2024 17:34:22 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 56B6 		87 KB
40 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
011491b5ff37fd0673568b1ea2b7bae29a4a9510eea1b8c5a7f645b918c9bf0a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Thu, 04 Jan 2024 17:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40979
x-xss-protection
0
remote.js
www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/ Frame 56B6 		116 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e50b3437118e3987bcf15bbe18094b785119f764d2af29be181b531de3b1bb08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 08:24:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
292207
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33735
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 31 Dec 2024 08:24:15 GMT
1xEiQfu-UCiwbMaFnr-G2Uzcd5udG06umsh6raawdbQ.js
www.google.com/js/th/ Frame 56B6 		50 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/1xEiQfu-UCiwbMaFnr-G2Uzcd5udG06umsh6raawdbQ.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7112241fbbe5028b06cc6859ebf86d94cdc779b9d1b4eae9ac87aada6b075b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 18:13:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
84039
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19870
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:30:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Jan 2025 18:13:43 GMT
default.jpg
i.ytimg.com/vi/bxGKZ6lfJ7A/ Frame 56B6 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi/bxGKZ6lfJ7A/default.jpg
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ad22b91587a2adec093dc2d911118cac6b363dcaed96b3aaaa3af80d58efa03
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:22 GMT
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2965
x-xss-protection
0
server
sffe
etag
"1703142370"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 04 Jan 2024 19:34:22 GMT
6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8a6566c7e926c37c010dc811a5e82d5eddad8b10057bf711f0f644be60707d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 17:34:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
24227
content-md5
4swZDWVp4C0QChiGUbrcTg==
content-length
1746
x-ms-lease-status
unlocked
last-modified
Tue, 14 Nov 2023 15:26:04 GMT
server
cloudflare
etag
0x8DBE5260423F079
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
b26488eb-901e-0084-770e-174b82000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
84053b6238621959-FRA
expires
Fri, 05 Jan 2024 17:34:23 GMT
st
st.dynamicyield.com/ 		114 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=a8qrauj89wipbqi8umbpln5fhe68gz19&ref=&scriptVersion=2.20.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-US%22%2C%22data%22%3A%5B%5D%7D
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:248c:d200:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a6b9e644c12aee2c3de2ee7a64edafefff8e39af57b9bae125e1fc6d96c14edb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:23 GMT
content-encoding
gzip
via
1.1 5a897fa3742273380e3e2532c7dadcb6.cloudfront.net (CloudFront)
x-amz-cf-pop
MXP64-P1
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control
no-cache
x-amz-cf-id
05-4w0-VOr6NRSSzTS_WX_9hNJfoNq7Qj4KTZo_b7FAEKzn0ICwsIA==
expires
Thu, 04 Jan 2024 17:34:22 GMT
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Thu, 04 Jan 2024 17:34:23 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 6A78 		90 B
134 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8f9a9098c4ded509bc8b29a03c9a07bda525e10ef5f19df1e00bed6f360f4c33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Thu, 04 Jan 2024 17:34:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110
x-xss-protection
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Thu, 04 Jan 2024 17:34:23 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 56B6 		90 B
134 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8a529d731b65f14de11f1f946a8b4cd7ed6327aca33a3cd67f970d70d9dd1618
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Thu, 04 Jan 2024 17:34:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110
x-xss-protection
0
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		600 B
655 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
a6ffd355ef134067881693be4cc9be0d537c10569efa404114b30e721e290ff4

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 04 Jan 2024 17:34:23 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
600
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 04 Jan 2024 17:22:25 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
718
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 04 Jan 2024 19:22:25 GMT
activityi;src=9231397;type=retarget;cat=globa0;ord=5604021205782;auiddc=978309849.1704389664;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He4130v896608294;gcd=11l1l1l1l1;...
9231397.fls.doubleclick.net/ Frame F3CF 		0
0
activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=9518799620176;auiddc=978309849.1704389664;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma_cp...
10742279.fls.doubleclick.net/ Frame CBDD 		0
0
cnxtag-min.js
js.cnnx.link/roi/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:c000:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:32:28 GMT
via
1.1 google, 1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
FRA50-C1
age
116
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
cache-control
max-age=600
x-amz-cf-id
aUAoBn1CUeBwaaTEqD5jsnfETlhSLS_wFo-VtWEPpKe4Ck3iTkCt3w==
/
insight.adsrvr.org/track/pxl/ 		70 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
server
Kestrel
content-length
70
content-type
image/gif
kpi
pixel.pointmediatracker.com/ 		0
0
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		59 B
304 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
84053b6b3dca03b0-FRA
access-control-allow-headers
Content-Type
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		756 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8da41648231f96a1ff630fdd642b36ebea84ec868862abb26a508bf6da08c1ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
X-Braze-ContentCardsRequest
true

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
e71420fe-624f-4b84-9489-31f2dec1c1b6
x-served-by
cache-fra-eddf8230061-FRA
x-runtime
0.199062
etag
W/"8da41648231f96a1ff630fdd642b36eb"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Thu, 04 Jan 2024 17:34:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-fra-eddf8230061-FRA
token
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
69cd4e11d5c2ca3c7ddcdf2d7923494a3820e1ce47062a2859ff4b594d2fb843
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
accept-language
de-DE,de;q=0.9
x-pwa-request
true
Authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
content-encoding
gzip
x-correlation-id
84053b686d402404
cf-cache-status
DYNAMIC
via
1.1 392aafb38d46b0d6c1710455b6663726.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/1000 si/34D1a5fe38a8-1704379623-9167598918 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
pragma
no-cache
x-ratelimit-1m-remaining
23246, 1978844
x-ratelimit-1m-reset
35873, 35872
vary
Accept-Encoding, User-Agent
x-ratelimit-1m-limit
24000, 2000000
content-type
application/json
cache-control
no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics
3421a5fe3897/[218,216,-] 34D1a5fe38a8/[-,221.140]
cf-ray
84053b686d402404-LHR
x-amz-cf-id
4BHGQmfwCaDo59npW1mjd36TAzvSLhv0GnTq9qRdKe1J5SMZEyS5oQ==
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 6A78 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 04 Jan 2024 17:34:24 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 56B6 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/de_DE/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 04 Jan 2024 17:34:24 GMT
dy-coll-min.js
cdn.dynamicyield.com/scripts/2.20.0/ 		195 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:7800:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
2460590a71f767273c7821bcb071f6a10f6016feb3497ba4e0a84bd219c97873

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 07:20:54 GMT
content-encoding
gzip
via
1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
last-modified
Tue, 12 Dec 2023 06:36:07 GMT
server
DYCDN
age
1592011
x-amz-cf-pop
FRA60-P3
etag
W/"1de3a69734e5e15370eb5a27bf75c819"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=31536000
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
Vbu0rnmhIDexLPu6sBdcCYhTnxekmMa-CT7T61G_XjLlZPSpC5YSng==
collect
www.google-analytics.com/j/ 		4 B
212 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=549020073&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&dt=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgAI~&jid=1648884032&gjid=2016151413&cid=471137427.1704389664&tid=UA-432816-1&_gid=1758557866.1704389664&_r=1&_slc=1&gtm=45He4130n81WL3STMXv896608294&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=303625394
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:24 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
generate_204
www.youtube.com/ Frame 6A78 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?mxf4KQ
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
generate_204
www.youtube.com/ Frame 56B6 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?oR_91w
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sessions
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
accept-language
de-DE,de;q=0.9
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjBhZTZkNWQ1LTU0ZTQtNGM3Mi05NWNiLWEyNTMyMmY1NTczZSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDM4OTYzNCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJrZWRKbEtvWnhic1JscnBKbGFZWXdYQVc6OmNoaWQ6ICIsImV4cCI6MTcwNDM5MTQ2NCwiaWF0IjoxNzA0Mzg5NjY0LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDU0NTgwMjk3MTYzNDkxIn0.HB6XgtE-IZJYP3c0Yjb0hWTsHckLpg4xM-EAi2DNzIrvWY1W9maJKxnqFzzZ30NLVV7fe-QrkHoSlvkROvEUGg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
via
1.1 704990717f84876e269b7e943738c392.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/0 si/34D1a5fe38a8-1704379623-9167598919 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
deprecated
x-cache
Miss from cloudfront
pragma
no-cache
allow
OPTIONS,POST
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
3421a5fe3896/[150,147,-] 34D1a5fe38a8/[-,155.915]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges
bytes
cf-ray
84053b6a6a3c0706-LHR
x-dw-request-base-id
SZjIQCDslmUBAAB_
x-amz-cf-id
Msgc4rhgsaBSwDEtj2QptrO9i_5hPqjHihcrjKtBzO00RVdDpona2A==
x-yottaa-os
204
expires
Thu, 01 Dec 1994 16:00:00 GMT
shoppercontext
www.elfcosmetics.com/api/v1/ 		114 B
789 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
6b42a56b231d70ea3691b9f46363b9f8ed6ca35f6b50084718669b8beac1e57d

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
accept-language
de-DE,de;q=0.9
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjBhZTZkNWQ1LTU0ZTQtNGM3Mi05NWNiLWEyNTMyMmY1NTczZSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDM4OTYzNCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJrZWRKbEtvWnhic1JscnBKbGFZWXdYQVc6OmNoaWQ6ICIsImV4cCI6MTcwNDM5MTQ2NCwiaWF0IjoxNzA0Mzg5NjY0LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDU0NTgwMjk3MTYzNDkxIn0.HB6XgtE-IZJYP3c0Yjb0hWTsHckLpg4xM-EAi2DNzIrvWY1W9maJKxnqFzzZ30NLVV7fe-QrkHoSlvkROvEUGg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Thu, 04 Jan 2024 17:34:25 GMT
via
1.1 68589ba2b1a9a54786dcb97934f8038c.cloudfront.net (CloudFront)
content-encoding
gzip
x-amzn-remapped-content-length
114
x-amz-cf-pop
LHR62-C3
age
0
x-amzn-remapped-connection
close
x-yottaa-optimizations
ob/1000 si/34D1a5fe38a8-1704379623-9167598920 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-amzn-requestid
74ecb3b3-145f-4150-8007-4ac3bd127dc7
x-cache
Miss from cloudfront
x-amz-apigw-id
RBnVJEV_CYcETOg=
content-length
108
etag
W/"72-HgdmTgyCF/DQfqnMU3u+4UstAzI"
x-amzn-trace-id
Root=1-6596ec20-155dbbf000cded593863f084;Sampled=0;lineage=2b75b0e9:0
content-type
application/json; charset=utf-8
x-yottaa-os
200
x-yottaa-metrics
3421a5fe3895/[699,696,-] 34D1a5fe38a8/[-,702.274]
x-amzn-remapped-date
Thu, 04 Jan 2024 17:34:24 GMT
x-amz-cf-id
mojkwvl8ruK791WBmYrcMEcfB1-xFzptolXHPiaR_ZxpKokO7RVibw==
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		179 B
849 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=217.114.218.19
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
70c3c8c11fe43a3931b5540cbbad1392a48dcfb133574102e3cb7045d062b93f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
de-DE,de;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 0632dce52bb4d036890e14a88154db56.cloudfront.net (CloudFront)
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/1000 si/34D1a5fe38a8-1704379623-9167598921 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
deprecated
x-cache
Miss from cloudfront
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=217.114.218.19
x-yottaa-metrics
3421a5fe3894/[280,277,-] 34D1a5fe38a8/[-,282.683]
cf-ray
84053b6c0ebc35b9-LHR
x-dw-request-base-id
22TlByHslmUBAAB_
x-amz-cf-id
3arq805aM7w1hB8jMQoceWTwe-ojvrSoVZiecXBlFepfoEHpXnE_NA==
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		179 B
851 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=217.114.218.19
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
70c3c8c11fe43a3931b5540cbbad1392a48dcfb133574102e3cb7045d062b93f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
de-DE,de;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 8a2dbe2d91170aaa26a5c93eeaf49e5c.cloudfront.net (CloudFront)
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/1000 si/34D1a5fe38a8-1704379623-9167598923 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
deprecated
x-cache
Miss from cloudfront
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=217.114.218.19
x-yottaa-metrics
3421a5fe382b/[316,310,-] 34D1a5fe38a8/[-,320.382]
cf-ray
84053b6c1a92772b-LHR
x-dw-request-base-id
SZjdQCHslmUBAAB_
x-amz-cf-id
rHIowJ1pP4UuYvfRBzk_RGV1mJ9j4SE0VGkF5XIJRGLcV44UgktT0A==
baskets
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkedJlKoZxbsRlrpJlaYYwXAW/ 		11 B
814 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkedJlKoZxbsRlrpJlaYYwXAW/baskets?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
accept-language
de-DE,de;q=0.9
x-pwa-request
true
Authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjBhZTZkNWQ1LTU0ZTQtNGM3Mi05NWNiLWEyNTMyMmY1NTczZSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDM4OTYzNCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJrZWRKbEtvWnhic1JscnBKbGFZWXdYQVc6OmNoaWQ6ICIsImV4cCI6MTcwNDM5MTQ2NCwiaWF0IjoxNzA0Mzg5NjY0LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDU0NTgwMjk3MTYzNDkxIn0.HB6XgtE-IZJYP3c0Yjb0hWTsHckLpg4xM-EAi2DNzIrvWY1W9maJKxnqFzzZ30NLVV7fe-QrkHoSlvkROvEUGg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
x-correlation-id
84053b6c18bf48c5
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 8a2dbe2d91170aaa26a5c93eeaf49e5c.cloudfront.net (CloudFront)
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/1000 si/34D1a5fe38a8-1704379623-9167598922 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-cache
Miss from cloudfront
content-length
37
allow
GET,HEAD,OPTIONS
x-ratelimit-remaining
999
content-type
application/json;charset=UTF-8
vary
Accept-Encoding
cache-control
max-age=0,no-cache,no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkedJlKoZxbsRlrpJlaYYwXAW/baskets?siteId=elf-us
x-ratelimit-limit
99999
accept-ranges
bytes
cf-ray
84053b6c18bf48c5-LHR
x-amz-cf-id
CzHoqJGgCcXipoEJeoYmMP2Nl4JqnBQn6Ij9WBieawOIDC08dWaAsw==
x-yottaa-metrics
3421a5fe3893/[206,202,-] 34D1a5fe38a8/[-,208.700]
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		756 B
641 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8da41648231f96a1ff630fdd642b36ebea84ec868862abb26a508bf6da08c1ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
X-Braze-ContentCardsRequest
true

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
985acdc5-a0d3-4997-b608-b64691ca5f96
x-served-by
cache-fra-eddf8230061-FRA
x-runtime
0.079106
etag
W/"8da41648231f96a1ff630fdd642b36eb"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Thu, 04 Jan 2024 17:34:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-fra-eddf8230061-FRA
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202306.1.0/ 		404 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 17:34:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
XJk1ZZTljtwHFT3qcIJg+w==
age
44592
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
99599
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:36 GMT
server
cloudflare
etag
0x8DB82A15D413626
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
7a75efb1-601e-0081-6c94-b47ab1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
84053b6cb903377b-FRA
log_event
www.youtube.com/youtubei/v1/ Frame 6A78 		28 B
54 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
X-Goog-Request-Time
1704389664748
Content-Type
application/json
X-YouTube-Utc-Offset
60
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
X-YouTube-Client-Version
1.20231217.00.00
X-YouTube-Time-Zone
Europe/Berlin
X-Goog-Visitor-Id
Cgt4UER2dUpyUzdHbyib2NusBjIKCgJERRIEEgAgUw%3D%3D
X-YouTube-Ad-Signals
dt=1704389660275&flash=0&frm=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31
x-xss-protection
0
expires
Thu, 04 Jan 2024 17:34:24 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
352 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-432816-1&cid=471137427.1704389664&jid=1648884032&gjid=2016151413&_gid=1758557866.1704389664&_u=YEBAAEAAAAAAACgAI~&z=671201637
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 04 Jan 2024 17:34:24 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
log_event
www.youtube.com/youtubei/v1/ Frame 56B6 		28 B
54 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
X-Goog-Request-Time
1704389664763
Content-Type
application/json
X-YouTube-Utc-Offset
60
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
X-YouTube-Client-Version
1.20231217.00.00
X-YouTube-Time-Zone
Europe/Berlin
X-Goog-Visitor-Id
Cgt3VjRSNUpEOFA4OCib2NusBjIKCgJERRIEEgAgJg%3D%3D
X-YouTube-Ad-Signals
dt=1704389662174&flash=0&frm=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31
x-xss-protection
0
expires
Thu, 04 Jan 2024 17:34:24 GMT
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		32 B
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 04 Jan 2024 17:34:24 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
cast_sender.js
www.gstatic.com/eureka/clank/120/ Frame 6A78 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/120/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 12:40:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17645
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14705
x-xss-protection
0
last-modified
Mon, 23 Oct 2023 15:04:43 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Fri, 05 Jan 2024 12:40:19 GMT
cast_sender.js
www.gstatic.com/eureka/clank/120/ Frame 56B6 		50 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/120/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 12:40:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17645
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14705
x-xss-protection
0
last-modified
Mon, 23 Oct 2023 15:04:43 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Fri, 05 Jan 2024 12:40:19 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=471137427.1704389664&jid=1648884032&_u=YEBAAEAAAAAAACgAI~&z=937752271
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:24 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=471137427.1704389664&jid=1648884032&_u=YEBAAEAAAAAAACgAI~&z=937752271
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:25 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
batch
async-px.dynamicyield.com/ 		0
385 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1704389664923_115027
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-91.fra56.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:25 GMT
via
1.1 07a6f7d6fd9710cbcfc60fa67d44f04e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
P1HqgqHG7PK8A-gWvawfOCPT1XGxBDFJlcP27N9FVhh0VCjyTRMvwA==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=392511&uid=2769714021645347871&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=e041aa4df4af6a1108dd07f13a540e56&expSes=74449&aud=884367.884385.884387.1167402.1324059.1846919.998337.1092373.1232212.1426804.1443347.1182144.799438.799440&expVisitId=-7638163696122019523&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704389663925&rri=9666997
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-91.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:25 GMT
via
1.1 b30b1c2659a3fb836783824fe37110ee.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
xPZUgvT3EKEk5Vg5JvnPgTF7gCFeeaB0-bHEMzxOtrSI0tt2kAbI7g==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=542534&uid=2769714021645347871&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=e041aa4df4af6a1108dd07f13a540e56&expSes=74449&aud=884367.884385.884387.1167402.1324059.1846919.998337.1092373.1232212.1426804.1443347.1182144.799438.799440&expVisitId=-7638163695033333163&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704389663927&rri=888499
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-91.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:25 GMT
via
1.1 b30b1c2659a3fb836783824fe37110ee.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
pCL1ZiDs9BotkNBfeO57-JqvyvBBQL72o_xsKOpXHac1LqUkzoGitg==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=978273&uid=2769714021645347871&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=e041aa4df4af6a1108dd07f13a540e56&expSes=74449&aud=884367.884385.884387.1167402.1324059.1846919.998337.1092373.1232212.1426804.1443347.1182144.799438.799440&expVisitId=-7638163695389664704&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704389663929&rri=4032786
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-91.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:25 GMT
via
1.1 b30b1c2659a3fb836783824fe37110ee.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
ezznpMU9tM0sxrWhi-nl8_yEN-hxiX1GQjTFwT0jrscM6AlQN2bjQA==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=124988&uid=2769714021645347871&sec=8772046&t=ri&e=1575901&p=1&ve=12692962&va=%5B28207095%5D&ses=e041aa4df4af6a1108dd07f13a540e56&expSes=74449&aud=884367.884385.884387.1167402.1324059.1846919.998337.1092373.1232212.1426804.1443347.1182144.799438.799440&expVisitId=-7638163694171921347&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704389663936&rri=7046162
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-91.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:25 GMT
via
1.1 b30b1c2659a3fb836783824fe37110ee.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
NSa3jKzEEu6WgSC-FcoCqGmZBjn1Skgn0Y3SYG0uOvW-2f0qUgPZdg==
expires
0
uia
async-px.dynamicyield.com/ 		0
384 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/uia?cnst=1&_=1704389664942
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-91.fra56.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:25 GMT
via
1.1 b30b1c2659a3fb836783824fe37110ee.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
7extbAMW3ScJQYdIG5xBN0vGE9L88jD0OUj_8TVNyHqipSDRfIz_XQ==
expires
0
baskets
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
eb2f6a928a8fd7ff273918bd40284f2f182bdc04c40e5c8a16def7eb9ae1e127
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
de-DE,de;q=0.9
x-pwa-request
true
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjBhZTZkNWQ1LTU0ZTQtNGM3Mi05NWNiLWEyNTMyMmY1NTczZSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDM4OTYzNCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJrZWRKbEtvWnhic1JscnBKbGFZWXdYQVc6OmNoaWQ6ICIsImV4cCI6MTcwNDM5MTQ2NCwiaWF0IjoxNzA0Mzg5NjY0LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDU0NTgwMjk3MTYzNDkxIn0.HB6XgtE-IZJYP3c0Yjb0hWTsHckLpg4xM-EAi2DNzIrvWY1W9maJKxnqFzzZ30NLVV7fe-QrkHoSlvkROvEUGg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Thu, 04 Jan 2024 17:34:25 GMT
via
1.1 299d6cdcc49a194864ae1dbfa6512d00.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/1000 si/34D1a5fe38a8-1704379623-9167598924 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
deprecated
x-cache
Miss from cloudfront
content-length
1046
pragma
no-cache
etag
419c984e1a97c4f82fa161574a1ddf28a456a6d63faba6f85456daad8342f6c4
allow
OPTIONS,POST
content-type
application/json;charset=UTF-8
x-dw-resource-state
419c984e1a97c4f82fa161574a1ddf28a456a6d63faba6f85456daad8342f6c4
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
3421a5fe382c/[319,314,-] 34D1a5fe38a8/[-,323.075]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges
bytes
cf-ray
84053b6efc79770d-LHR
x-dw-request-base-id
SZj2QCHslmUBAAB_
x-amz-cf-id
4VyoNpUh86tyD2wiPrg0ncSFOzNEcY4P1kogEcJzNvslDjgFbjCQMg==
x-yottaa-os
200
expires
Thu, 01 Dec 1994 16:00:00 GMT
en.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/b3580e16-19d9-4554-ba1a-ac19abea14a3/ 		199 KB
36 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/b3580e16-19d9-4554-ba1a-ac19abea14a3/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1df881dfa3c790fb46a3ab0d0edd13cfaf25c0c369cca89ec8115cfdf338236
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 17:34:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
15965
content-md5
bM5EAFhwhSHsrqZI9IpFVg==
content-length
36174
x-ms-lease-status
unlocked
last-modified
Tue, 14 Nov 2023 15:26:18 GMT
server
cloudflare
etag
0x8DBE5260C9926DA
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
40ed0566-901e-0002-3b0e-17873b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
84053b6ecc7a1959-FRA
expires
Fri, 05 Jan 2024 17:34:25 GMT
batch
async-px.dynamicyield.com/ 		0
384 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1704389665083_264516
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-91.fra56.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:25 GMT
via
1.1 07a6f7d6fd9710cbcfc60fa67d44f04e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
kQ-9rjPpzeK4jdbRvyxDZ1mL5Lci_YMnEI7Tw7WZBCO1F2HRKRxUYw==
expires
0
us.svg
www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ 		9 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/us.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:25 GMT
x-amz-version-id
9zy6w68xzC0VtboioQSwQDLT607ezHMK
via
1.1 5c6c6b06dd745e052b0c5c0350148e06.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
LHR62-C3
age
2586513
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1011 si/34D1a5fe38a8-1701461948-4266377764 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-meta-deploy
621192
content-length
676
x-amz-meta-bundle
10314
x-yottaa-forcecache
true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-metrics
3421a5fe3835/[3,-,1701802958039] 34D1a5fe38a8/[hit]
x-amz-cf-id
Xr-T6o7B1YKJcmREUyXrKdVHfq-W3-XpUMOCg7FiiOdA_NcxoIMMEQ==
clog
px.dynamicyield.com/ 		0
228 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.dynamicyield.com/clog
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.151.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-151-6.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:25 GMT
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
expires
0
us.svg
www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ 		9 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/us.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:25 GMT
x-amz-version-id
9zy6w68xzC0VtboioQSwQDLT607ezHMK
via
1.1 5c6c6b06dd745e052b0c5c0350148e06.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
LHR62-C3
age
2586513
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1011 si/34D1a5fe38a8-1701461948-4266377764 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-meta-deploy
621192
content-length
676
x-amz-meta-bundle
10314
x-yottaa-forcecache
true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-metrics
3421a5fe3835/[3,-,1701802958039] 34D1a5fe38a8/[hit]
x-amz-cf-id
Xr-T6o7B1YKJcmREUyXrKdVHfq-W3-XpUMOCg7FiiOdA_NcxoIMMEQ==
event
qoe-1.yottaa.net/log-nt/ 		3 B
191 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://qoe-1.yottaa.net/log-nt/event
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.2.49.54 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 04 Jan 2024 17:34:25 GMT
access-control-expose-headers
X-Results-Data-Source
access-control-allow-credentials
true
cache-control
no-cache
timing-allow-origin
*
content-type
text/json
www-widgetapi.js
www.youtube.com/s/player/da154528/www-widgetapi.vflset/ 		216 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a0e2b951191e60b6c3905118d84d9a95a309d355c4eb71dfead2ae2866683ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:33:48 GMT
content-encoding
br
x-content-type-options
nosniff
age
37
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68553
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 03 Jan 2025 17:33:48 GMT
main.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 		272 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.31.94.141 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-94-141.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8dea6b2240fed7b9dccb7a71b05a27a2b41908306b12c498c2c718856568a3cd
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15768000
Content-Encoding
gzip
Date
Thu, 04 Jan 2024 17:34:25 GMT
Last-Modified
Mon, 22 May 2023 13:58:04 GMT
Server
Apache
ETag
"22004f-4412b-5fc48a8e49847"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
57612
Expires
Thu, 04 Jan 2024 17:49:25 GMT
110221.ct.js
tag.rmp.rakuten.com/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.rmp.rakuten.com/110221.ct.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.147.102.34.bc.googleusercontent.com
Software
/
Resource Hash
305fe9a5f5590087ad5d80aa44c7a7f1416966806e955ce7a42ab086ec14e38c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:25 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=31536000
last-modified
Thu, 04 Jan 2024 17:34:25 GMT
x-cache
hit
x-samesite
secure
content-type
text/javascript
cache-control
max-age=86400
x-dyn
0
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
js
www.paypal.com/sdk/ 		405 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CE2) /
Resource Hash
891bca20e4e11ff9bd4f4b5da760a71f53dbc49c58b76ca5417068744c59afe0
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-eQIIYk5h/yY6Uak/xQSiQI3H01kLAKBDMJ73RitPDsPfKuS8' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-eQIIYk5h/yY6Uak/xQSiQI3H01kLAKBDMJ73RitPDsPfKuS8' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-eQIIYk5h/yY6Uak/xQSiQI3H01kLAKBDMJ73RitPDsPfKuS8' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-eQIIYk5h/yY6Uak/xQSiQI3H01kLAKBDMJ73RitPDsPfKuS8' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 04 Jan 2024 17:34:25 GMT
disable-set-cookie
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
10595
x-cache
HIT
p3p
true
paypal-debug-id
0114048a52a51
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
dc
ccg11-origin-www-1.paypal.com
content-length
113501
x-xss-protection
1; mode=block
last-modified
Wed, 03 Jan 2024 21:00:58 GMT
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server
ECAcc (frc/4CE2)
traceparent
00-00000000000000000000114048a52a51-073e6f05c0aaf802-01
etag
W/"1bb5d-RtLt7Mv0w84MvJB3hZDBWTkMH7w"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
timing-allow-origin
*
/
websdk.appsflyer.com/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://websdk.appsflyer.com/?st=banners&
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:11::215:14d5 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Thu, 04 Jan 2024 17:34:25 GMT
Content-Encoding
gzip
x-amz-request-id
2YBFDHXY2BG0X743
x-amz-server-side-encryption
AES256
Connection
keep-alive
Content-Length
11792
x-amz-id-2
X0mLy+zhQfGcMJeE6Lu48tPmxFSWqOpnSxdZQBh4ixekSso906hm/iT5X8JInwPSkeLM9fgFwoQ=
Last-Modified
Wed, 14 Jun 2023 06:58:45 GMT
Server
AmazonS3
ETag
"5a676288bcea03bd05e483bc4ce066ae"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=2846
Accept-Ranges
bytes
X-DataStream-Cache-Status
1
Expires
Thu, 04 Jan 2024 18:21:51 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 17:34:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
5mNZducabMgxSDzBo+ZI8w==
age
32633
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3017
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:30 GMT
server
cloudflare
etag
0x8DB82A159AF8EA6
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
0c718e4e-201e-0081-6f27-129959000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
84053b72888b1959-FRA
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/ 		61 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 17:34:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sXFDxCJwbPEMIT/8f5Prwg==
age
24226
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12544
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:33 GMT
server
cloudflare
etag
0x8DB82A15AFF8646
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
99943331-001e-00a9-52a5-21f8f1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
84053b72888c1959-FRA
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 17:34:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
v0pzgeeelPwcAOki15i3HA==
age
24226
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1766
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:32 GMT
server
cloudflare
etag
0x8DB82A15AB9FB83
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
cd67b2fb-901e-0094-1c03-248eea000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
84053b72888d1959-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 17:34:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
oWkBTLgDDXvrUsd93y/Zxg==
age
24226
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:41 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
d09127de-b01e-0048-64cd-1224b4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
84053b72888e1959-FRA
loader.js
cdn.usehero.com/ 		98 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/loader.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:a800:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 16:39:58 GMT
content-encoding
gzip
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
3267
x-amz-server-side-encryption
AES256
etag
W/"fbf714a58cbac38c0deea519667d9044"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
yWp103Fq5GSIkMU3tYvh4zG9XHS0JcemuclIfTMvrBrWK4xN6U8l8g==
us.svg
www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ 		9 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/us.svg
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:25 GMT
x-amz-version-id
9zy6w68xzC0VtboioQSwQDLT607ezHMK
via
1.1 5c6c6b06dd745e052b0c5c0350148e06.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
LHR62-C3
age
2586513
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1011 si/34D1a5fe38a8-1701461948-4266377764 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-meta-deploy
621192
content-length
676
x-amz-meta-bundle
10314
x-yottaa-forcecache
true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-metrics
3421a5fe3835/[3,-,1701802958039] 34D1a5fe38a8/[hit]
x-amz-cf-id
Xr-T6o7B1YKJcmREUyXrKdVHfq-W3-XpUMOCg7FiiOdA_NcxoIMMEQ==
NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2a49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:26 GMT
x-amz-version-id
null
cf-cache-status
HIT
age
79861
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
5378
last-modified
Wed, 03 Jan 2024 19:23:25 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
84053b75eeff2c25-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2a49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:26 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
HIT
age
79861
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 03 Jan 2024 19:23:25 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
84053b75eefc2c25-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
icon-noun-snowflake-1044022
elfcosmetics.a.bigcontent.io/v1/static/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-snowflake-1044022?%24Desktop%24=&fmt=auto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2a49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
30766af54516bbc623c690d7506f7d86b6c987acbcc1229debb7dff8f463459b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:26 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
HIT
age
22739
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 04 Jan 2024 11:15:27 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
84053b75eefe2c25-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10812184462/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10812184462/?random=1704389663870&cv=11&fst=1704389663870&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&auid=978309849.1704389664&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c2bad4048a4cbd23e0c3992fd2c36644f64d873f44409e0234ae593aa040e924
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1271
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/698270988/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/698270988/?random=1704389663876&cv=11&fst=1704389663876&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&value=0&bttype=purchase&auid=978309849.1704389664&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
28479d5dbd7f71f7b2d0da192350fe6a1bc5cf5b0baef023fdf97f64a1e49569
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1652
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/865242110/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/865242110/?random=1704389663943&cv=11&fst=1704389663943&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&auid=978309849.1704389664&uamb=0&uaw=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
58c65490754b79ac6c5ffe879245a8f93f29f0a9deb8e7b1a1b5768880e5237f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1298
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1704389663945&cv=11&fst=1704389663945&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&auid=978309849.1704389664&uamb=0&uaw=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ccf66f972fae817b8617ab7745c38c89eda73a2795a151f3865f25bc4d4a8f0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1299
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		32 B
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 04 Jan 2024 17:34:25 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
scevent.min.js
sc-static.net/ 		41 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static.net/scevent.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.87.248 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-87-248.ams50.r.cloudfront.net
Software
CloudFront /
Resource Hash
2a2cd65d5fefa2b8e45e0dcec4b3ce4ef13140ec27d8e2a49c0d38bb1a2a8468

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:26 GMT
content-encoding
gzip
via
1.1 631cbe67f42dc4b925732ef1044517ca.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
AMS50-C1
x-cache
Miss from cloudfront
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
private, s-maxage=0, max-age=600
access-control-allow-headers
Content-Type
content-length
17628
x-amz-cf-id
zm5RGzftszPs6RvGVuW3PupECHWH0HuSczHVTYbc4XH6ZS-oILc1GA==
core.js
s.pinimg.com/ct/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:8d::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ef45c21f7e054481c81992c1a46293a28c9bb8b3722bc566479326187f473c8c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:26 GMT
content-encoding
br
x-cdn
fastly
etag
"8d7d8ce32aa2a45d64e9f04a9a5cb1c4"
x-amz-server-side-encryption
AES256
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
X-CDN
vary
Accept-Encoding, Origin
cache-control
max-age=7200
alt-svc
h3=":443";ma=600
content-length
1793
fbevents.js
connect.facebook.net/en_US/ 		202 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 04 Jan 2024 17:34:26 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
54273
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
wlySq+Ni1Eh47koaTAZGHSbT0PGy4dVeH9zwgkaRfwLhK6okk5T6XIDf7NUhbZLP3Qo7ZMVIr3igGMCRHInB/w==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
pixel.js
www.redditstatic.com/ads/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:26 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Tue, 12 Dec 2023 19:56:38 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"ead4fccfb1bebd02138cf2dcadd7dcba"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
8123
events.js
analytics.tiktok.com/i18n/pixel/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.25 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-25.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e5db57b12755397cb6c40f4319862beece6fb74c0764861b8b01447ba662abb2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id
53c9a0df
date
Thu, 04 Jan 2024 17:34:26 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240104173426603DFFB87D64D5FF125F-70E1ADE71C701DB6-00
x-cache
TCP_MISS from a104-126-37-21.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing
inner; dur=2, cdn-cache; desc=MISS, edge; dur=1, origin; dur=104
content-length
1949
pragma
no-cache
server
nginx
x-tt-logid
20240104173426603DFFB87D64D5FF125F
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
104,104.126.37.21
x-tt-trace-host
01c98d95a4c89fa6573f148d054a5703b521efa9c9ccbf010928ee1e030508883854ecac590e55f988442f9de6a97c50bb9acdb34fd7070aabce79c7598ddffe7db2b019b993f4c557f5cec2a8611188da05342bdabfa421d95d0dd0d5556f64b7
expires
Thu, 04 Jan 2024 17:34:26 GMT
widget.js
js.jebbit.com/companion/v1/ 		44 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2090:3e00:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a68adcd6e4525179b1a4e28b16abe4777a0afb870b4317b427f6d6ea8fbe22ed

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 06:44:54 GMT
x-amz-version-id
Uw77y8f3Lm7O6.ZhO9qLmkRQyA3BbYtB
via
1.1 e3d9ae12f22103dbc65c451ae520a012.cloudfront.net (CloudFront)
last-modified
Thu, 21 Dec 2023 18:01:49 GMT
server
AmazonS3
x-amz-cf-pop
AMS58-P1
age
38973
etag
"c3a781ab856fe1e791e7bbb3d0023f28"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
45036
x-amz-cf-id
5WqcxqVLQqKCW1PvkT6oVWlLw28WZ2sze7tc77nzOy2Qcm3Q4jIG1Q==
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Thu, 04 Jan 2024 17:34:25 GMT
last-modified
Fri, 10 Nov 2023 20:09:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 5F19B0F5FF8D4D59B0456D05AE2E9025 Ref B: FRA31EDGE0515 Ref C: 2024-01-04T17:34:26Z
etag
"80abcdf1114da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13175
1a8bfa042c9c5.js
t.contentsquare.net/uxa/ 		284 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.132.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-132-25.lhr3.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b24c214fcfb8abe0f59cb6964248056f89eaf8e9b8719eb0c14e529cb164dad1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 15:57:09 GMT
content-encoding
br
via
1.1 20405ed0e9ef5e72d636863d6d962362.cloudfront.net (CloudFront)
x-amz-cf-pop
LHR3-C2
age
0
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
69463
last-modified
Thu, 04 Jan 2024 15:53:58 GMT
server
AmazonS3
etag
"7df042b6511e2178e96a883621506865"
vary
Origin
content-type
application/javascript;charset=utf-8
cache-control
max-age=900
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
GrUmF1zzIfJCJAHGZRhvwgi6YvEm3XHDm5iRxoYu577EcEh8xDg6Uw==
i.js
tag.wknd.ai/4142/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/4142/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
ddb2dc13235adf42770ec320b6e8096e741128edadbc864d5cd07f71acadd25e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:33:33 GMT
content-encoding
gzip
via
1.1 google
age
53
x-envoy-upstream-service-time
0
x-region
us-central1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5752
server
istio-envoy
etag
f866bef580f92b
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
js
www.googletagmanager.com/gtag/ 		274 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e0ee26062231c0b50ed8172b682b9849d9e5b25b258355caca131b884fe2efe6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92928
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 04 Jan 2024 17:34:26 GMT
PWA-UpdateSession
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/ 		56 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
accept-language
de-DE,de;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:26 GMT
content-encoding
gzip
via
1.1 1b05f9178c1c0be702b00f1d1f0bcff6.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/1000 si/34D1a5fe38a8-1704379623-9167598930 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
pragma
no-cache
content-type
application/json
cache-control
no-cache, no-store, must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
x-yottaa-metrics
3421a5fe382f/[399,395,-] 34D1a5fe38a8/[-,404.961]
cf-ray
84053b753852dd60-LHR
x-dw-request-base-id
SZg1QSLslmUBAAB_
x-amz-cf-id
ObFY5giyRqF_PExI7bmlFELFUd2sxhL4y2clqkeDDiOrh1sG6wh1DA==
expires
Thu, 01 Dec 1994 16:00:00 GMT
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
623 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 17:34:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
44631
x-ms-lease-status
unlocked
last-modified
Thu, 04 Jan 2024 03:32:43 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
338c4599-401e-0011-3eca-3ea337000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
84053b75cad2377b-FRA
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
538 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 17:34:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
32324
x-ms-lease-status
unlocked
last-modified
Thu, 04 Jan 2024 03:32:42 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
2b79f078-c01e-0042-16db-3e8003000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
84053b75ebf81959-FRA
ot_company_logo.png
cdn.cookielaw.org/logos/static/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 17:34:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
E8+sk/ECzKgTUVtDLikiIA==
age
54241
content-length
4036
x-ms-lease-status
unlocked
last-modified
Wed, 03 Jan 2024 06:11:25 GMT
server
cloudflare
etag
0x8DC0C22D138730A
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
cb203d1f-c01e-0089-631c-3e8356000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
84053b761b07377b-FRA
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 17:34:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
78726
x-ms-lease-status
unlocked
last-modified
Wed, 03 Jan 2024 03:13:03 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
8083e50c-501e-0050-35f8-3dfbd3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
84053b761b08377b-FRA
en-us.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/vendors~offers/locale/ 		61 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/vendors~offers/locale/en-us.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.31.94.141 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-94-141.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
dfc983293c9baf693a719da3c69be679cbe8aea18c8f35a7abfef41f14800e9c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15768000
Content-Encoding
gzip
Date
Thu, 04 Jan 2024 17:34:26 GMT
Last-Modified
Mon, 22 May 2023 13:58:04 GMT
Server
Apache
ETag
"200109-f346-5fc48a8d9f7d1"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6295
Expires
Thu, 04 Jan 2024 17:49:26 GMT
display
api.usehero.com/webplugin/ 		162 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&state=untouched&outboundFeature=
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.178.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-178-133.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
11c4396421b83f6c6841997324307956c9f0e51e6cd983fc966aeb5591020251
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
d66c4a7c-7b60-4c63-a2d2-c13ac9bb8899
cross-origin-resource-policy
same-origin
x-geo-longitude
9.15060
pragma
no-cache
referrer-policy
same-origin
etag
W/"a2-QotxW6K73X9KMZR2ikA/mAchbTM"
x-frame-options
SAMEORIGIN
x-geo-zip
31715
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
52.34060
x-accuracy
200
expires
0
date
Thu, 04 Jan 2024 17:34:26 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
Europe/Berlin
x-envoy-upstream-service-time
11
content-length
162
x-xss-protection
0
x-request-id
d66c4a7c-7b60-4c63-a2d2-c13ac9bb8899
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
DE
x-geo-city
Meerbeck
local
www.paypal.com/credit-presentment/experiments/ Frame D68C 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4C86) /
Resource Hash
0f5fe767ec60aa4b60c09496259716f16d914bc3588105ab8e6a55c876870c9d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
age
70090
cache-control
s-maxage=86400, max-age=0
content-encoding
gzip
content-length
1523
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type
text/html; charset=utf-8
date
Thu, 04 Jan 2024 17:34:26 GMT
dc
ccg11-origin-www-1.paypal.com
etag
W/"1479-rcjjDmCYbnZKEiOs2pd/xEvI80U"
last-modified
Wed, 03 Jan 2024 22:06:16 GMT
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
0b55057b862b9
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server
ECAcc (frc/4C86)
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
*
traceparent
00-00000000000000000000b55057b862b9-24cf04d365bc64d3-01
vary
Accept-Encoding
x-cache
HIT
x-xss-protection
1; mode=block
pptm.js
www.paypal.com/tagmanager/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.417&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4C8D) /
Resource Hash
937829208c31a3c25ff1cf61f775b45ca596575abde2c08ecc08e9e126a8c5bf
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-S4SdsC7pQ8qHg5jYgJdyPwj87852uEXFU2zkV5UHOomGQTP1' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-S4SdsC7pQ8qHg5jYgJdyPwj87852uEXFU2zkV5UHOomGQTP1' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 04 Jan 2024 17:34:26 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
80001
x-cache
HIT
paypal-debug-id
013b801135667
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
dc
ccg11-origin-www-1.paypal.com
content-length
4796
x-xss-protection
1; mode=block
last-modified
Wed, 03 Jan 2024 19:21:06 GMT
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server
ECAcc (frc/4C8D)
traceparent
00-0000000000000000000013b801135667-2db79447a6d3fb6b-01
etag
W/"3691-Zl+Qsv8hCt779gNt/S0womjB0CY"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=3600
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
timing-allow-origin
*
/
www.google.com/pagead/1p-user-list/10812184462/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/10812184462/?random=1704389663870&cv=11&fst=1704387600000&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_3qtW5Dm_P8_YtNHQDr2L53WxIiboBg&random=4197316597&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10812184462/ 		42 B
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/10812184462/?random=1704389663870&cv=11&fst=1704387600000&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_3qtW5Dm_P8_YtNHQDr2L53WxIiboBg&random=4197316597&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/865242110/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/865242110/?random=1704389663943&cv=11&fst=1704387600000&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_d0O3jK3uuVU1EN-d8zOkzb8ydie9fA&random=2783252840&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/865242110/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/865242110/?random=1704389663943&cv=11&fst=1704387600000&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_d0O3jK3uuVU1EN-d8zOkzb8ydie9fA&random=2783252840&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
logger
www.paypal.com/xoplatform/logger/api/ 		1013 B
783 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4C99) /
Resource Hash
699ea373a13f070a5c93734e0811db701d4cb7ba6e8dc05c86749064bd294a2e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept
application/json
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Thu, 04 Jan 2024 17:34:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
paypal-debug-id
0bbab189031a6
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
dc
ccg11-origin-www-1.paypal.com
content-length
607
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server
ECAcc (frc/4C99)
traceparent
00-00000000000000000000bbab189031a6-3337556f1974ad35-01
etag
W/"3f5-zfGboJpd4c74ZpKQtzUJ7MNE0ms"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin
*
logger
www.paypal.com/xoplatform/logger/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4C99) /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-length
0
date
Thu, 04 Jan 2024 17:34:26 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
05a9984b04165
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server
ECAcc (frc/4C99)
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
*
traceparent
00-000000000000000000005a9984b04165-dfbc4bab96e0b9d4-01
vary
Accept-Encoding
x-content-type-options
nosniff
/
www.google.com/pagead/1p-user-list/698270988/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/698270988/?random=1704389663945&cv=11&fst=1704387600000&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_Rk1sZO9QFrdHoFHVGDqMksR0tx7IzA&random=1201986847&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/698270988/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/698270988/?random=1704389663945&cv=11&fst=1704387600000&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_Rk1sZO9QFrdHoFHVGDqMksR0tx7IzA&random=1201986847&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
jsp
ut.rd.linksynergy.com/ 		148 B
405 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
ec39679b1074bca6b0f2048ea385a49a3db047df9d3f8e5dfade34d392a83a68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-type
text/plain; charset=utf-8
date
Thu, 04 Jan 2024 17:34:26 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
148
x-samesite
secure
collect
region1.analytics.google.com/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je4130v879088318z8896608294&_p=1704389661905&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=471137427.1704389664&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dt=&sid=1704389666&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&en=page_view&_fv=1&_ss=1&ep.page_type=content&ep.page_environment=production&ep.page_country=US&ep.page_language=EN&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=US&up.user_loyalty_status=false&tfd=10603
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
56 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=471137427.1704389664&gtm=45je4130v879088318z8896608294&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZLYXLXNDL8&cid=471137427.1704389664&gtm=45je4130v879088318z8896608294&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=396526402
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1704389666718&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=edc5d1d6-800c-4ff3-8867-bac4fc5b0303&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_3549b422&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:26 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
/
www.google.de/pagead/1p-conversion/698270988/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1586948612&cv=11&fst=1704389663876&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma_cps=sypham&...
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1586948612&cv=11&fst=1704389663876&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=12...
  • https://www.google.de/pagead/1p-conversion/698270988/?random=1586948612&cv=11&fst=1704389663876&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=120...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/698270988/?random=1586948612&cv=11&fst=1704389663876&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&value=0&auid=978309849.1704389664&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ012WnJBWVFxOGF3cHJyOTVzaElFaVVBZ0k4ZFlBS21zaUs1TWYzTFhZYUIxZW1QYW9nNXVMZEFSSTZkU1NjYUlRYWphM2h3GldDaEFJZ012WnJBWVF1dlM3NW9qOTlPOVpFaTBBcHFPQ3I3SzZoQU5IRjJBVmVjWnhqSlNIRXJYNzFmTTlyYXFrekY1X1lITUszODJ1LU5feWc3bWlON0EiEwjLm-2kosSDAxV6DqIDHWlvAYo&is_vtc=1&ocp_id=IuyWZcuCBvqciM0P6d6F0Ag&cid=CAQSKQAvHhf_tPc-uV0r1PnGbidcB7LTmUS4xMPG4s-kBe3tqusEj8YiO8lR&eitems=ChAIgMvZrAYQw9j20OTu84c0Eh0APKHi1gXsuataVh_Fgj98LvgQgYnb-WBZnauAVA&random=2742869957&ipr=y
Protocol
H3
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:26 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/698270988/?random=1586948612&cv=11&fst=1704389663876&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&value=0&auid=978309849.1704389664&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ012WnJBWVFxOGF3cHJyOTVzaElFaVVBZ0k4ZFlBS21zaUs1TWYzTFhZYUIxZW1QYW9nNXVMZEFSSTZkU1NjYUlRYWphM2h3GldDaEFJZ012WnJBWVF1dlM3NW9qOTlPOVpFaTBBcHFPQ3I3SzZoQU5IRjJBVmVjWnhqSlNIRXJYNzFmTTlyYXFrekY1X1lITUszODJ1LU5feWc3bWlON0EiEwjLm-2kosSDAxV6DqIDHWlvAYo&is_vtc=1&ocp_id=IuyWZcuCBvqciM0P6d6F0Ag&cid=CAQSKQAvHhf_tPc-uV0r1PnGbidcB7LTmUS4xMPG4s-kBe3tqusEj8YiO8lR&eitems=ChAIgMvZrAYQw9j20OTu84c0Eh0APKHi1gXsuataVh_Fgj98LvgQgYnb-WBZnauAVA&random=2742869957&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1638306756445368
connect.facebook.net/signals/config/ 		144 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1638306756445368?v=2.9.138&r=stable&domain=www.elfcosmetics.com
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f68073f49c7ef260ff7449f77367ebe5863bc313d44391857eb952d2ebd1885d
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 04 Jan 2024 17:34:26 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
FhL69maqSv2j7LI90Zlb7A1MYnk8XohO+VASE0VOl5EAn64b8Jno6aOWeHUlc18ejmDGHnsEWR5REZbrGh59Zw==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
widget.css
js.jebbit.com/companion/v1/ 		15 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2090:3e00:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1a1fe89f11a11d89299028b565a99569e2aa5df3055ce514ba4dec2a8f0fe4fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
RTEvjx9S_f.J6xhm_CGfuKjdaFCgE8S4
date
Wed, 03 Jan 2024 22:03:26 GMT
via
1.1 e3d9ae12f22103dbc65c451ae520a012.cloudfront.net (CloudFront)
last-modified
Thu, 21 Dec 2023 18:01:49 GMT
server
AmazonS3
x-amz-cf-pop
AMS58-P1
age
72233
x-amz-server-side-encryption
AES256
etag
"8e754beaa7f32e405c184f00c12cece1"
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
15502
x-amz-cf-id
yiggVmbH_JAkKgyDXAj_85UOuXpqLTMfu0zjjMMWLTHoSWH0w5ytgQ==
launcher_configs
external-api.jebbit.com/moments/v2/ 		2 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=
Requested by
Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.74.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-74-65.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
x-dns-prefetch-control
off
content-length
2
x-xss-protection
1; mode=block
pragma
no-cache
etag
W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-download-options
noopen
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
expires
0
main.MWZkNjY4MmI1MQ.js
analytics.tiktok.com/i18n/pixel/static/ 		396 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWZkNjY4MmI1MQ.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.25 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-25.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
7bb9a0e065f86710347b5cbdc6d013eb6e41733771f933a3217292258d6d2d13

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id
53c9a6a5
date
Thu, 04 Jan 2024 17:34:26 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240104151458EA39EF60BE43AD40BFC4
x-tt-trace-id
00-240104151458EA39EF60BE43AD40BFC4-3EF35DD00CD06089-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a104-126-37-21.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01a7a585ae3da5d972ab004c466d12d386e9c221c0944c084540bb4e1d956ebceefa6cdfd16e5139ff6a2eadf50d7ddc6d483e4785445788702f735a837a8b07557beed334fa3ca8ace380ec6b28e90499dc775b6e818a801ae124046be3473c5d
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=2
content-length
105147
plugin.5.46.0.js
cdn.usehero.com/ Frame 6CDD 		244 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/plugin.5.46.0.js
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:a800:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
066f884cfd15768801743268a042cc8f5bba3f262b33ff05716b33b9e9550905

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:18:34 GMT
content-encoding
gzip
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
954
x-amz-server-side-encryption
AES256
etag
W/"e840bbd769b547fed1c31518dde8fa55"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
kmmoOylaVRJu-h-UwhO9ECbTM4Q7IKxO-JK5OCVWO95mVpf-We74Zg==
5013978.js
bat.bing.com/p/action/ 		0
117 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5013978.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Thu, 04 Jan 2024 17:34:26 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 3660E33476AD4C7ABB0E9907A724F814 Ref B: FRA31EDGE0515 Ref C: 2024-01-04T17:34:26Z
x-cache
CONFIG_NOCACHE
p
tr.snapchat.com/ 		68 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.snapchat.com/p?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&ev=PAGE_VIEW&intg=gtm&pids=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_c1=c5a03eb2-7139-4e06-9588-cfa79d5e9fb4&u_sclid=1479e282-67fa-4e48-a9e8-3d91dc66e508&u_scsid=5773000f-a162-488b-9f42-6c8729642cf5&bt=1d53c387&d_bvs=%5B%5D&df=true&huah=true&m_dcl=4020&m_fcps=3602&m_pi=4019&m_pl=9051&m_pv=2&m_rd=10868&m_sh=1200&m_sl=0&m_sw=1600&pl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&trackId=d5a48aa7-0ae5-45a7-9a92-0a2852fef339&ts=1704389666963&v=3.7.5-2401032347
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google
server
API Gateway
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, no-transform
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68
js
www.paypal.com/sdk/ Frame D68C 		405 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CE2) /
Resource Hash
891bca20e4e11ff9bd4f4b5da760a71f53dbc49c58b76ca5417068744c59afe0
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-eQIIYk5h/yY6Uak/xQSiQI3H01kLAKBDMJ73RitPDsPfKuS8' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-eQIIYk5h/yY6Uak/xQSiQI3H01kLAKBDMJ73RitPDsPfKuS8' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-eQIIYk5h/yY6Uak/xQSiQI3H01kLAKBDMJ73RitPDsPfKuS8' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-eQIIYk5h/yY6Uak/xQSiQI3H01kLAKBDMJ73RitPDsPfKuS8' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 04 Jan 2024 17:34:27 GMT
disable-set-cookie
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
10597
x-cache
HIT
p3p
true
paypal-debug-id
0114048a52a51
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
dc
ccg11-origin-www-1.paypal.com
content-length
113501
x-xss-protection
1; mode=block
last-modified
Wed, 03 Jan 2024 21:00:58 GMT
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server
ECAcc (frc/4CE2)
traceparent
00-00000000000000000000114048a52a51-073e6f05c0aaf802-01
etag
W/"1bb5d-RtLt7Mv0w84MvJB3hZDBWTkMH7w"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
timing-allow-origin
*
main.74d80534.js
s.pinimg.com/ct/lib/ 		65 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/lib/main.74d80534.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:8d::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
60cc60a6fcbd230def379432395199b585791ed521e2e5f595369a2193e617fb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:27 GMT
content-encoding
br
x-cdn
fastly
etag
"cb251578b1e91b3cc440fd1521770cc5"
x-amz-server-side-encryption
AES256
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
X-CDN
vary
Accept-Encoding, Origin
cache-control
max-age=1209600
alt-svc
h3=":443";ma=600
content-length
18895
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		600 B
618 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
1b4c92bed345e6e4c46e27663bf201c905e02969c5b72c4945458f97e458beec

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 04 Jan 2024 17:34:26 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
600
pageview
c.contentsquare.net/ 		0
320 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?pid=1926&uu=7d3c59dc-0b47-ad72-c16d-082350062456&sn=1&hd=1704389667&pn=1&dw=1600&dh=7598&ww=1600&wh=1200&sw=1600&sh=1200&dr=&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&uc=0&la=en-US&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&v=13.76.3&pvt=n&ex=&r=053762
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.211.234.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-211-234-8.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:27 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
fc7a288d-7e2c-4b5a-a98a-507d14fb09a8
https://www.elfcosmetics.com/ 		7 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.elfcosmetics.com/fc7a288d-7e2c-4b5a-a98a-507d14fb09a8
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cd6f19ed889f24b9bcbde6c982c5b4ec540eb533baea58bf8e6bb1c14155c7d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Length
7329
Content-Type
application/javascript
runtime_8b30b4890203fd4144c54b9ffd765f5e.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_8b30b4890203fd4144c54b9ffd765f5e.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
c4fad867557fa65e1a778e915c0b4ed0cd1bbb4443452c8943e5cec6504311e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 11:55:37 GMT
content-encoding
br
age
452330
x-guploader-uploadid
ABPtcPrZw3S31IFUeBDnWsGfYoix6bczZjFm2l6tIFg-3g8jvBDveQf-uzmEW5zRKvjlp17ETCw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1317
last-modified
Wed, 13 Dec 2023 20:29:20 GMT
server
UploadServer
etag
"dbc90523c425a5d782995c1a39051881"
x-goog-generation
1701276233202747
x-goog-hash
crc32c=Xs/EYg==, md5=28kFI8QlpdeCmVwaOQUYgQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1317
accept-ranges
bytes
content-type
text/javascript
ts
t.paypal.com/ 		42 B
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1704389667436&g=-60&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CEC) /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:27 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
correlation-id
ced32924bb118
server
ECAcc (frc/4CEC)
traceparent
00-0000000000000000000ced32924bb118-3cfd621a1087ded1-01
vary
Accept-Encoding
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
ced32924bb118
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin
*
expires
Thu, 04 Jan 2024 17:34:27 GMT
us.svg
www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ 		9 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/us.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:27 GMT
x-amz-version-id
9zy6w68xzC0VtboioQSwQDLT607ezHMK
via
1.1 5c6c6b06dd745e052b0c5c0350148e06.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
LHR62-C3
age
2586515
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1011 si/34D1a5fe38a8-1701461948-4266377764 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-meta-deploy
621192
content-length
676
x-amz-meta-bundle
10314
x-yottaa-forcecache
true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-metrics
3421a5fe3835/[3,-,1701802958039] 34D1a5fe38a8/[hit]
x-amz-cf-id
Xr-T6o7B1YKJcmREUyXrKdVHfq-W3-XpUMOCg7FiiOdA_NcxoIMMEQ==
c69c204f-fba0-4685-aea8-ad32f799fa5d.js
tr.snapchat.com/config/com/ 		186 B
205 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/config/com/c69c204f-fba0-4685-aea8-ad32f799fa5d.js?v=3.7.5-2401032347
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
9a35922a6b3cdd53f2dbce919d6e801174ef11b8eb275e17bba7742e1d115beb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
Origin
https://www.elfcosmetics.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google
server
API Gateway
content-type
application/javascript
access-control-allow-origin
https://www.elfcosmetics.com
x-envoy-upstream-service-time
0
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
186
i
tr.snapchat.com/cm/ Frame 905B 		0
0
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&rl=&if=false&ts=1704389667633&sw=1600&sh=1200&v=2.9.138&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1704389667623.1434818423&ic=fbpixel&ler=empty&it=1704389666781&coo=false&tm=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 04 Jan 2024 17:34:27 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
chunk.716.df63d46a2a86670d4b68.js
cdn.usehero.com/ Frame 6CDD 		841 KB
212 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:a800:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6e9a31b3784b5fa5f384ee596c719982c792ebc9034e6425e2da3ecfd36c0678

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:20:26 GMT
content-encoding
gzip
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
841
x-amz-server-side-encryption
AES256
etag
W/"01e9e2a8624bcf27fee5e0a11db65672"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
EpWGvsJ5BeEDH68CBDZly-nGlrnDxAq8rGD_wYytmiGVuwvdSrg3LQ==
identify_55404.js
analytics.tiktok.com/i18n/pixel/static/ 		137 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_55404.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.25 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-25.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a758246f43df5cf0f88a3c46a95cb7e962ec2e16327f7fc6b70d2150981b86df

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id
53c9ac52
date
Thu, 04 Jan 2024 17:34:27 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240104151451729F149ECF6813558824
x-tt-trace-id
00-240104151451729F149ECF6813558824-51FBAFAD18F35C0B-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a104-126-37-21.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01367c33e15c3c50b28fb24e715d87f6cac2647ec9d958a7d54e10cab0d022f9c748f9756734df1bf87bfa653b4e862bec9d6d0d38c0738f9e94e3627c13ef82bf33b7f31cdec53ed1e738382cbd6e99c43c70892e682cac37005f9afc1b3e9e6d
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4
content-length
36972
pangle_pixel
analytics.pangle-ads.com/api/v2/ 		0
962 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.pangle-ads.com/api/v2/pangle_pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZkNjY4MmI1MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.53.41.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-53-41-88.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
7c7c3a0b.409a10ec
date
Thu, 04 Jan 2024 17:34:27 GMT
x-bytefaas-request-id
20240104173427F328C681BCFD222B8DE5
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240104173427F328C681BCFD222B8DE5-5B6EF8FA312F0073-00
x-cache
TCP_MISS from a23-53-41-84.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52668873) (-)
x-parent-response-time
93,23.53.41.84
server-timing
cdn-cache; desc=MISS, edge; dur=86, origin; dur=8, inner; dur=5
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240104173427F328C681BCFD222B8DE5
x-cache-remote
TCP_MISS from a23-218-219-53.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52668873) (-)
access-control-max-age
86400
access-control-allow-methods
*
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
x-bytefaas-execution-duration
3.84
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
x-gw-dst-psm
ad.union.pangle_web_traffic
x-tt-trace-host
01c98d95a4c89fa6573f148d054a5703b5644f7dde2dc6db3a2d7d3f318ecdfe3d1ec3535f7a3758dcbf3cc13a4a0dcd99ec4b5abed38c8de4e564b8feb0e20fd8e7f012dbe22ce271d15842b6c38feecfdd3f0f2009acc705c2c746303033e3c527c4803956b04f873ed76bc1b7c09aa9
x-origin-response-time
8,23.218.219.53
access-control-allow-headers
*
expires
Thu, 04 Jan 2024 17:34:27 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
702 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZkNjY4MmI1MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.25 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-25.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
53c9ad0a
date
Thu, 04 Jan 2024 17:34:27 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2401041734277B3A6D365C31C31D534C-70682BD85C54572D-00
x-cache
TCP_MISS from a104-126-37-21.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing
inner; dur=63, cdn-cache; desc=MISS, edge; dur=4, origin; dur=155
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202401041734277B3A6D365C31C31D534C
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
155,104.126.37.21
x-tt-trace-host
01c98d95a4c89fa6573f148d054a5703b521efa9c9ccbf010928ee1e03050888381bba98c8dd940fad61fbf0f6f3ed0dfb96221a1dec0c1aaf7fdb40cb1fa0fc198c6b8eef3aae4572c4c5484ac977b3be61079333889b13e3ece49d9597d658df
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jan 2024 17:34:27 GMT
dvar
c.contentsquare.net/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=13.76.3&pid=1926&pn=1&sn=1&uu=7d3c59dc-0b47-ad72-c16d-082350062456&dv=H4sIAAAAAAAAA0WMsQrCUAxFfyVkdnHtpq0VwVEKnUraBgnERF6DWor%2F7hOUjvdwzl1wt%2B%2Bqtjuq96RQukVyhQtPgQVWs9FNBmiFdYTD685J2AaecPPrVgbbHDSUhELc8vorZ3%2FCyYLt%2B1i6KvWesvRgqEUj53bF9wcxTAoRiQAAAA%3D%3D&ct=2&r=194022
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.211.234.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-211-234-8.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:27 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
hash
www.paypal.com/credit-presentment/experiments/ Frame D68C 		40 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/hash?device_id=uid_82bc44e481_mtc6mzq6mjc&disableSetCookie=true&features=disable-set-cookie
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CC4) /
Resource Hash
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
date
Thu, 04 Jan 2024 17:34:28 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
paypal-debug-id
0620a55b17794
server-timing
traceparent;desc="00-00000000000000000000620a55b17794-8b9d583e73ba39f9-01", content-encoding;desc="", x-cdn;desc="edgecast"
dc
ccg11-origin-www-1.paypal.com
content-length
40
x-xss-protection
1; mode=block
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server
ECAcc (frc/4CC4)
traceparent
00-00000000000000000000620a55b17794-e7674d6386317fab-01
etag
W/"28-xz7oeWVj/8B52QKKulWR9ZDQlKU"
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-expose-headers
Server-Timing
cache-control
s-maxage=86400, max-age=0
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin
*
/
ct.pinterest.com/user/ 		297 B
712 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1704389667871&dep=2%2CPAGE_LOAD
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.74d80534.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.208.183 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-206-208-183.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
04c6083a9781b397d0b570f97154a3fa61aac68dfba173617e5a6351786b7470
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:28 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.c9d5ce17.1704389668.2747364a
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=600
content-length
172
x-pinterest-rid
7157421762670193
pin-unauth
dWlkPU16RTFNVE0zTjJNdE0yTTFOaTAwTXpVeExUZ3pOelF0T1RNMlpUSTVaR1psWVRKag
pragma
no-cache
referrer-policy
origin
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
02c339f3f7ae02d50ba1becd35099d6dbebe0149
expires
Sat, 01 Jan 2000 00:00:00 GMT
main-v2_1dd43944a7d92b95d004eaf267a033d9.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		452 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_1dd43944a7d92b95d004eaf267a033d9.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
acac3baa3b4972e5fde307683f87d9941e58a4af1d40efb82ba46aa4c0f26261

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 16:20:19 GMT
content-encoding
br
age
4448
x-guploader-uploadid
ABPtcPr2_fUP1DGhSNRoYhr2hiZUIQZ83Ca1II50Ekn6dOal94KlH3b7maUg5jFSEbFmJDIstnQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
103180
last-modified
Thu, 04 Jan 2024 16:20:07 GMT
server
UploadServer
etag
"86141a93f5db4e5b1930cf4d95052573"
x-goog-generation
1704385207462359
x-goog-hash
crc32c=s83QNw==, md5=hhQak/XbTlsZMM9NlQUlcw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
103180
accept-ranges
bytes
content-type
text/javascript
cjs_min_1e55b565811f11b08485230cf1d150d6.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		49 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 13 Dec 2023 16:23:30 GMT
content-encoding
gzip
age
1905057
x-guploader-uploadid
ABPtcPomfC_Dv-Q-CMviDrax9GIKHWNmA-UE8dVid06VlvHqN13IPmljYt0eNN1hkuan-rGFWbs
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15751
last-modified
Wed, 13 Dec 2023 16:23:11 GMT
server
UploadServer
etag
"d7dc7d7ebcc4f5af5fc2d4804e7ec737"
x-goog-generation
1702484591435387
x-goog-hash
crc32c=3TW0yQ==, md5=19x9frzE9a9fwtSATn7HNw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000,no-transform
x-goog-stored-content-length
15751
accept-ranges
bytes
content-type
text/javascript; charset=utf-8
/
ct.pinterest.com/v3/ 		35 B
456 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2274d80534%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1704389667916
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.208.183 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-206-208-183.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:28 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
referrer-policy
origin
x-cdn
akamai
akamai-grn
0.c9d5ce17.1704389668.2747364b
content-type
image/gif
access-control-allow-origin
*
pinterest-version
02c339f3f7ae02d50ba1becd35099d6dbebe0149
cache-control
no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time
0
content-length
35
x-pinterest-rid
2871597935288850
expires
Sat, 01 Jan 2000 00:00:00 GMT
shopper
api.usehero.com/localisation/ Frame 6CDD 		35 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/localisation/shopper?appId=efcf9631-4c6b-4874-9f76-51f71464249a&version=5.46.0
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.178.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-178-133.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
5570f4a23e52ab1d181c0cbc38821585e6b09260b9a3d5b8da32c125c06e1bb1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:28 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-time-zone
Europe/Berlin
klarna-correlation-id
4c05bea7-5226-409d-8365-7a6a98e87abb
x-envoy-upstream-service-time
17
x-geo-longitude
9.15060
x-request-id
4c05bea7-5226-409d-8365-7a6a98e87abb
access-control-max-age
21600
access-control-allow-methods
GET, HEAD, PUT, PATCH, POST, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-country
DE
cache-control
max-age=86400, public
x-geo-city
Meerbeck
x-geo-latitude
52.34060
x-geo-zip
31715
access-control-allow-headers
DNT,Accept-Language,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,x-region-id,x-api-version
x-accuracy
200
muse.js
www.paypalobjects.com/muse/ 		55 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/muse.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CA9) /
Resource Hash
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
bb612b715effa
dc
ccg11-origin-www-1.paypal.com
content-length
16488
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
server
ECAcc (frc/4CA9)
traceparent
00-0000000000000000000bb612b715effa-fabdeb41e59ea4a4-01
etag
"64f25363-daa8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Thu, 04 Jan 2024 18:34:27 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
699 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZkNjY4MmI1MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.25 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-25.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
53c9aeb4
date
Thu, 04 Jan 2024 17:34:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2401041734286044C228AEBA5740710C-55563AEC2B0AD354-00
x-cache
TCP_MISS from a104-126-37-21.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing
inner; dur=34, cdn-cache; desc=MISS, edge; dur=13, origin; dur=127
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202401041734286044C228AEBA5740710C
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
127,104.126.37.21
x-tt-trace-host
01c98d95a4c89fa6573f148d054a5703b521efa9c9ccbf010928ee1e0305088838501ab699e4c199fbd0117842c534ed6f7252dae3f81fb687b80a0d53a4e5f6d6b9c14edf3be26319f8bb0eeeae13a880a0c7489a205ada45c50b5a6810edb090
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jan 2024 17:34:28 GMT
p
tr6.snapchat.com/ 		0
44 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr6.snapchat.com/p
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 04 Jan 2024 17:34:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0
via
1.1 google
server
API Gateway
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
logger
www.paypal.com/xoplatform/logger/api/ Frame D68C 		1017 B
850 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4D0A) /
Resource Hash
368402529857d77887024f708e02ed968e24738bdc51c11a0e7906221ad74037
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept
application/json
Referer
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Thu, 04 Jan 2024 17:34:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
paypal-debug-id
06422443ab604
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
dc
ccg11-origin-www-1.paypal.com
content-length
608
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server
ECAcc (frc/4D0A)
traceparent
00-000000000000000000006422443ab604-b76f4d8109a6a685-01
etag
W/"3f9-naLy68ihs8GoR8179YutbQp4b/I"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypal.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin
*
script-tag.js
cdn-scripts.signifyd.com/api/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.103.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-103-62.zrh50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8c2cdac3c61b11fd9d94715ef07c3f743698dfe7fda47203088d6fc9b0840769

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:15:55 GMT
content-encoding
gzip
via
1.1 5e318b3ea3fa81a8c20898c2f8c40e7c.cloudfront.net (CloudFront)
last-modified
Wed, 03 Jan 2024 16:44:33 GMT
server
AmazonS3
x-amz-cf-pop
ZRH50-C1
age
1193
x-amz-server-side-encryption
AES256
etag
W/"981caf7de74c34d8b899b1af2b12b4aa"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
hRrNYAIEIyk_dATTtA0AMziHCvwHv-QHvgDPZWWFr_G-JPTfUSVrKw==
inbox-v2_48b3046e5658d067d380731acb25edd9.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_48b3046e5658d067d380731acb25edd9.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
d37545bbfbab30b44e51e630172af7d5d8a717afe66642b3e8eba0f6e1666872

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Sun, 10 Dec 2023 04:11:01 GMT
content-encoding
br
age
2208207
x-guploader-uploadid
ABPtcPoRRYfUR8x9jRi96abWM0-qx4DSWkIlEIYXEFvVCehUwCo0cy1LTB4c60Ye-xORwrmfm6bS0BfIQg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4862
last-modified
Thu, 07 Dec 2023 16:30:37 GMT
server
UploadServer
etag
"e08d76c0eee63d930afa55862092fe13"
x-goog-generation
1698960924312628
x-goog-hash
crc32c=om6Z6Q==, md5=4I12wO7mPZMK+lWGIJL+Ew==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
4862
accept-ranges
bytes
content-type
text/javascript
sms-v2_59133b5ff2491255abf0da3a6c439b40.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/sms-v2_59133b5ff2491255abf0da3a6c439b40.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
7d6b2e34f8baa2cbb0d0352ba4401894ca78bd0e98a8f0259798be00d3f9f4ec

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Sun, 31 Dec 2023 11:48:33 GMT
content-encoding
br
age
366355
x-guploader-uploadid
ABPtcPoXyx7fIQEN4ou22baGrpnggx7kU38NA9UTW7U5sn4jqdNAg80BMFvKlVPoeQQ5DDQfqhk
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1301
last-modified
Wed, 13 Dec 2023 20:29:24 GMT
server
UploadServer
etag
"fc8b1adafd5fdfc3a8542a947659bc4f"
x-goog-generation
1701384320777424
x-goog-hash
crc32c=pCs8WQ==, md5=/Isa2v1f38OoVCqUdlm8Tw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1301
accept-ranges
bytes
content-type
text/javascript
onsite-v2_5631bf90701659009118a89f964ae570.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_5631bf90701659009118a89f964ae570.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
eddc11d8be0ae5311acc08d5f2ebe7ff9426384f6408ecbb56abbd7fb5e03743

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 22:43:27 GMT
content-encoding
br
age
67861
x-guploader-uploadid
ABPtcPrLsaChvBhYwy_vxKw48UWLB3F-N8ZNyBu7h9C8EvWJp2rXnYEttxqzkmwiPT1pX09VDGklCNtP6w
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4962
last-modified
Wed, 13 Dec 2023 20:29:09 GMT
server
UploadServer
etag
"801d41813e7b11c4986b4ca00307283b"
x-goog-generation
1701703209164802
x-goog-hash
crc32c=+KL22A==, md5=gB1BgT57EcSYa0ygAwcoOw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
4962
accept-ranges
bytes
content-type
text/javascript
/
data.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.117.23.127 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
127.23.117.34.bc.googleusercontent.com
Software
/
Resource Hash
53209fa14c4b4c74135983da5d59dc8f62516f7ce65ba17a9766c4a4d450bc75

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 17:34:28 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
page.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://page.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.186.202.199 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
199.202.186.35.bc.googleusercontent.com
Software
/
Resource Hash
f34c6a3c394365248df5229025f8b77cd254160fe7c97d66a4ed70cb2121ee95

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 17:34:28 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
view.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://view.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.117.197.184 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
184.197.117.34.bc.googleusercontent.com
Software
/
Resource Hash
054627cae231e45043f9bc88dba346a81e14b729a5deb6d20cad1319f63a8ffb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 17:34:28 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
index.html
www.paypalobjects.com/muse/analytics/ Frame 1626 		55 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/analytics/index.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CBF) /
Resource Hash
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
gzip
content-length
16892
content-type
text/html
date
Thu, 04 Jan 2024 17:34:28 GMT
dc
ccg11-origin-www-1.paypal.com
etag
"64f25363-dacc"
expires
Thu, 04 Jan 2024 18:34:28 GMT
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id
6a244898dfca5
server
ECAcc (frc/4CBF)
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-00000000000000000006a244898dfca5-3676ecc28503d2fd-01
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
settings
api.usehero.com/webplugin/ Frame 6CDD 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/webplugin/settings?appId=efcf9631-4c6b-4874-9f76-51f71464249a
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.178.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-178-133.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
532bcb8909320181167f847a492db322b746fe9d010daf0f8a10121b4e22cc97
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding
gzip
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
601cd314-6f3a-4b58-a0a6-65b675adc41a
cross-origin-resource-policy
same-origin
x-geo-longitude
9.15060
pragma
no-cache
referrer-policy
same-origin
etag
W/"64f-5vtIf06F9AHeeSALavoGvmhOwKU"
x-frame-options
SAMEORIGIN
x-geo-zip
31715
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
52.34060
x-accuracy
200
expires
0
date
Thu, 04 Jan 2024 17:34:28 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
Europe/Berlin
x-envoy-upstream-service-time
13
x-xss-protection
0
x-request-id
601cd314-6f3a-4b58-a0a6-65b675adc41a
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
DE
x-geo-city
Meerbeck
p
tr.snapchat.com/ 		0
15 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/p
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 04 Jan 2024 17:34:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google
server
API Gateway
access-control-allow-origin
https://www.elfcosmetics.com
x-envoy-upstream-service-time
1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
company_toolkit.js
cdn-scripts.signifyd.com/api/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.103.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-103-62.zrh50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:13:30 GMT
content-encoding
gzip
via
1.1 5e318b3ea3fa81a8c20898c2f8c40e7c.cloudfront.net (CloudFront)
last-modified
Tue, 30 May 2023 10:18:44 GMT
server
AmazonS3
x-amz-cf-pop
ZRH50-C1
age
1258
x-amz-server-side-encryption
AES256
etag
W/"2c3950f122b3977df61b0e077aaa92c8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
ZO_2k9Tu6eXK05bZBPC3Z6-tmhI3kqWDxt7cQ-OlTAcJ5uXibtSOMQ==
us.svg
www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ 		9 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/us.svg
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:28 GMT
x-amz-version-id
9zy6w68xzC0VtboioQSwQDLT607ezHMK
via
1.1 5c6c6b06dd745e052b0c5c0350148e06.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
LHR62-C3
age
2586516
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1011 si/34D1a5fe38a8-1701461948-4266377764 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-meta-deploy
621192
content-length
676
x-amz-meta-bundle
10314
x-yottaa-forcecache
true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-metrics
3421a5fe3835/[3,-,1701802958039] 34D1a5fe38a8/[hit]
x-amz-cf-id
Xr-T6o7B1YKJcmREUyXrKdVHfq-W3-XpUMOCg7FiiOdA_NcxoIMMEQ==
noop.js
www.paypalobjects.com/muse/ Frame 1626 		18 B
275 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/noop.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (daa/7D46) /
Resource Hash
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paypalobjects.com/muse/analytics/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:28 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
paypal-debug-id
ec93bea988650
dc
ccg11-origin-www-1.paypal.com
content-length
18
last-modified
Sat, 13 Feb 2021 00:26:56 GMT
server
ECAcc (daa/7D46)
traceparent
00-0000000000000000000ec93bea988650-4a683726af84c784-01
etag
"60271cd0-12"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Thu, 04 Jan 2024 17:34:27 GMT
jquery-3.5.1.min.js
assets.bounceexchange.com/assets/bounce/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 22:43:16 GMT
content-encoding
br
age
67872
x-guploader-uploadid
ABPtcPrB4Aa_IZUxxwVp106FCbn9sYr5h0MRZJNOHCgj25f5Xl-JxiSd3NM42gWshgur-5v86_Y
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31582
last-modified
Wed, 13 Dec 2023 20:28:32 GMT
server
UploadServer
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary
Accept-Encoding
x-goog-generation
1702499312244758
x-goog-hash
crc32c=W9o9Ng==, md5=3F5/GMjTasHT1HU6h8mNCg==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
89476
accept-ranges
none
content-type
text/javascript; charset=UTF-8
local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame BB17 		2 KB
969 B 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
none
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
age
1278710
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
938
content-type
text/html; charset=UTF-8
date
Wed, 20 Dec 2023 22:22:38 GMT
etag
W/"fc893948c3efc689b5b19d8a77958e23"
last-modified
Wed, 13 Dec 2023 20:28:30 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1702499310379960
x-goog-hash
crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
2408
x-guploader-uploadid
ABPtcPoKNyS5xbDZHDoTHzdRHAxvjFMRf71XBWA6sogR16q65l4SSYMFWnwmwi_feIxmWyUdS-tzoUMTbA
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.178.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-178-133.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Thu, 04 Jan 2024 17:34:28 GMT
expires
0
klarna-correlation-id
bf4fea72-6a55-453a-bed0-60aedc33cd09
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
200
x-content-type-options
nosniff
x-country
DE
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
5
x-frame-options
SAMEORIGIN
x-geo-city
Meerbeck
x-geo-latitude
52.34060
x-geo-longitude
9.15060
x-geo-zip
31715
x-permitted-cross-domain-policies
none
x-request-id
bf4fea72-6a55-453a-bed0-60aedc33cd09
x-time-zone
Europe/Berlin
x-xss-protection
0
metrics
api.usehero.com/ Frame 6CDD 		0
984 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.178.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-178-133.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Thu, 04 Jan 2024 17:34:28 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
Europe/Berlin
klarna-correlation-id
4d2def9b-f355-48a8-86a6-c0a95290b651
x-envoy-upstream-service-time
12
cross-origin-resource-policy
same-origin
x-geo-longitude
9.15060
x-xss-protection
0
x-request-id
4d2def9b-f355-48a8-86a6-c0a95290b651
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
31715
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Meerbeck
x-geo-latitude
52.34060
x-country
DE
x-accuracy
200
expires
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.178.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-178-133.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Thu, 04 Jan 2024 17:34:28 GMT
expires
0
klarna-correlation-id
079421b4-b8b8-4fcf-9684-9aaa46ac2aba
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
200
x-content-type-options
nosniff
x-country
DE
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
63
x-frame-options
SAMEORIGIN
x-geo-city
Meerbeck
x-geo-latitude
52.34060
x-geo-longitude
9.15060
x-geo-zip
31715
x-permitted-cross-domain-policies
none
x-request-id
079421b4-b8b8-4fcf-9684-9aaa46ac2aba
x-time-zone
Europe/Berlin
x-xss-protection
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.178.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-178-133.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Thu, 04 Jan 2024 17:34:28 GMT
expires
0
klarna-correlation-id
e498dc1b-4a3f-4356-8326-4a6c399e3082
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
200
x-content-type-options
nosniff
x-country
DE
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
5
x-frame-options
SAMEORIGIN
x-geo-city
Meerbeck
x-geo-latitude
52.34060
x-geo-longitude
9.15060
x-geo-zip
31715
x-permitted-cross-domain-policies
none
x-request-id
e498dc1b-4a3f-4356-8326-4a6c399e3082
x-time-zone
Europe/Berlin
x-xss-protection
0
metrics
api.usehero.com/ Frame 6CDD 		0
983 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.178.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-178-133.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Thu, 04 Jan 2024 17:34:28 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
Europe/Berlin
klarna-correlation-id
2f85c8d3-79a3-44d1-9029-123085f4dd6b
x-envoy-upstream-service-time
9
cross-origin-resource-policy
same-origin
x-geo-longitude
9.15060
x-xss-protection
0
x-request-id
2f85c8d3-79a3-44d1-9029-123085f4dd6b
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
31715
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Meerbeck
x-geo-latitude
52.34060
x-country
DE
x-accuracy
200
expires
0
metrics
api.usehero.com/ Frame 6CDD 		0
984 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.178.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-178-133.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Thu, 04 Jan 2024 17:34:28 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
Europe/Berlin
klarna-correlation-id
e8e7474f-29a7-48ae-bed3-5b3f620ad694
x-envoy-upstream-service-time
11
cross-origin-resource-policy
same-origin
x-geo-longitude
9.15060
x-xss-protection
0
x-request-id
e8e7474f-29a7-48ae-bed3-5b3f620ad694
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
31715
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Meerbeck
x-geo-latitude
52.34060
x-country
DE
x-accuracy
200
expires
0
lineup
api.usehero.com/info/ Frame 6CDD 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/info/lineup?appId=efcf9631-4c6b-4874-9f76-51f71464249a&id=3VNlAm9GwR
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.178.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-178-133.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
f0ea7d6bc25fd0d6b24f2be614e02b46cbcf24ba58e180b189ba7667370f39e1
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
5530bbcd-a3c6-435e-98c6-fde739a432a1
cross-origin-resource-policy
same-origin
x-geo-longitude
9.15060
pragma
no-cache
referrer-policy
same-origin
etag
W/"11c-PUgpVsJDbhtr8ahrv9tSs3uQgns"
x-frame-options
SAMEORIGIN
x-geo-zip
31715
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
public, max-age=120
x-geo-latitude
52.34060
x-accuracy
200
expires
0
date
Thu, 04 Jan 2024 17:34:28 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
Europe/Berlin
x-envoy-upstream-service-time
10
content-length
284
x-xss-protection
0
x-request-id
5530bbcd-a3c6-435e-98c6-fde739a432a1
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
DE
x-geo-city
Meerbeck
ts
t.paypal.com/ 		42 B
240 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Project%20Water%20Tower%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1704389668661&g=-60&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4C83) /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 17:34:28 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
correlation-id
2fac049cde6db
server
ECAcc (frc/4C83)
traceparent
00-00000000000000000002fac049cde6db-f9d711cc80d88593-01
vary
Accept-Encoding
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
2fac049cde6db
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin
*
expires
Thu, 04 Jan 2024 17:34:28 GMT
metrics
api.usehero.com/ Frame 6CDD 		0
983 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.178.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-178-133.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Thu, 04 Jan 2024 17:34:28 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
Europe/Berlin
klarna-correlation-id
5d9e8f54-2103-4a24-bbb1-d8cebb7c67e2
x-envoy-upstream-service-time
8
cross-origin-resource-policy
same-origin
x-geo-longitude
9.15060
x-xss-protection
0
x-request-id
5d9e8f54-2103-4a24-bbb1-d8cebb7c67e2
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
31715
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Meerbeck
x-geo-latitude
52.34060
x-country
DE
x-accuracy
200
expires
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.178.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-178-133.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Thu, 04 Jan 2024 17:34:28 GMT
expires
0
klarna-correlation-id
a75a9063-3852-4257-9fbe-0051d362a204
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
200
x-content-type-options
nosniff
x-country
DE
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
7
x-frame-options
SAMEORIGIN
x-geo-city
Meerbeck
x-geo-latitude
52.34060
x-geo-longitude
9.15060
x-geo-zip
31715
x-permitted-cross-domain-policies
none
x-request-id
a75a9063-3852-4257-9fbe-0051d362a204
x-time-zone
Europe/Berlin
x-xss-protection
0
exist
srm.ba.contentsquare.net/ 		2 B
94 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://srm.ba.contentsquare.net/exist?v=13.76.3&pid=1926&pn=1&sn=1&uu=7d3c59dc-0b47-ad72-c16d-082350062456
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.97.89 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-97-89.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 04 Jan 2024 17:34:28 GMT
content-length
2
content-type
application/json
pgvi9qdfiz0rg1za.js
imgs.signifyd.com/ 		95 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/pgvi9qdfiz0rg1za.js?u9o4yvz9mbsehyq3=w2txo5aa&4z6c79b1koxx7v6j=LzQ3ZWFiMzk4ZTA0Y2ZlOTFiYThmZGIyZDAz
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
eb5d2703f407214a276ff1b34a0b1844ab5ae925735deb868a11590c2a5207a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Thu, 04 Jan 2024 17:34:28 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
CP=IVAa PSAa
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=100
Expires
Thu, 01 Jan 1970 00:00:00 GMT
graphql
www.paypal.com/targeting/ Frame 1626 		435 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/targeting/graphql?disableSetCookie=true
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CCA) /
Resource Hash
6bd5b9d90c9120b7f44159c16d919942f41b4187dcb49e34160ec665f2bdb0e1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-yblSThLpMfwPITfMKW/1XOg5oAmt88AB/d7nnZA9kvVfuQzS' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.paypalobjects.com/
disable-set-cookie
true
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-yblSThLpMfwPITfMKW/1XOg5oAmt88AB/d7nnZA9kvVfuQzS' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-encoding
gzip
date
Thu, 04 Jan 2024 17:34:29 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
paypal-debug-id
0a355b738b531
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server
ECAcc (frc/4CCA)
traceparent
00-00000000000000000000a355b738b531-9a7b7ddedf66a7cb-01
etag
W/"1b3-Fuasm9ChMTumSoPUb5NLahUZzaQ"
vary
Accept-Encoding, Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin
*
graphql
www.paypal.com/targeting/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/targeting/graphql?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4C94) /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,disable-set-cookie
Access-Control-Request-Method
POST
Origin
https://www.paypalobjects.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
access-control-allow-credentials
true
access-control-allow-headers
content-type,disable-set-cookie
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
date
Thu, 04 Jan 2024 17:34:28 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
06549a8587135
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server
ECAcc (frc/4C94)
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
*
traceparent
00-000000000000000000006549a8587135-765afa8581572cbf-01
vary
Accept-Encoding Origin, Access-Control-Request-Headers
ct.html
ct.pinterest.com/ Frame CB86 		565 B
625 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/ct.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.208.183 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-206-208-183.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

akamai-grn
0.c9d5ce17.1704389668.27473f50
cache-control
max-age=86400
content-encoding
gzip
content-length
323
content-type
text/html; charset=utf-8
date
Thu, 04 Jan 2024 17:34:28 GMT
pinterest-version
02c339f3f7ae02d50ba1becd35099d6dbebe0149
referrer-policy
origin
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-cdn
akamai
x-envoy-upstream-service-time
0
x-pinterest-rid
5217736092285550
lqRiQXDD6L-uKFjelXCdNsJJUB86TAX--56x56.jpg
upload.usehero.com/avatars/ Frame 6CDD 		928 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/lqRiQXDD6L-uKFjelXCdNsJJUB86TAX--56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-66.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
64fb011f8aa4f1a4470c3093845f0c2047a21504f823e2ec6f6684d87b81f0f8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 20:23:47 GMT
via
1.1 eb99f1f32a184a8c9c9c920381a7576a.cloudfront.net (CloudFront)
last-modified
Sun, 12 Feb 2023 00:23:18 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P5
age
76242
etag
"278d510e97539c507718c7343b8f3dc7"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
928
x-amz-cf-id
yRjTRYNOV6jjE5B3Qm7ZCUuUZGGKMChRU3gERucR_HlvlKuRmix7ww==
g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
upload.usehero.com/avatars/ Frame 6CDD 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-66.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
083e613ed2185815dc9dc91ae569c1ea8cb0187da15b88fb4df656b04ade665f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 20:28:06 GMT
via
1.1 eb99f1f32a184a8c9c9c920381a7576a.cloudfront.net (CloudFront)
last-modified
Tue, 18 Jul 2023 20:33:39 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P5
age
75983
etag
"dd497646e037b78e9dc7ed0418ad50f0"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1340
x-amz-cf-id
mle7T9h2yvldDr0F50iMqkSkA1TuAQWELEgcVqsKZgszvARhrEK55g==
U5YtXBWRyw-lXZknMeYZw50zvH2qmOtC-56x56.jpg
upload.usehero.com/avatars/ Frame 6CDD 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/U5YtXBWRyw-lXZknMeYZw50zvH2qmOtC-56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-66.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b6c31aab66c7d12f65fb2d3d9feb66b5eaa697471a6259c19f65d55337eee0d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 00:12:09 GMT
via
1.1 eb99f1f32a184a8c9c9c920381a7576a.cloudfront.net (CloudFront)
last-modified
Thu, 06 Apr 2023 20:17:49 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P5
age
62540
x-amz-server-side-encryption
AES256
etag
"42ac0c7f92c94a27b5bf3f04ae16a051"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1174
x-amz-cf-id
akAvp-x9HO10h6u_B-Bm7ShtSp7zqo2KeZq4fHAAJoeheRPFuS-jkw==
YkCKH_RKrJNjOho-
imgs.signifyd.com/ Frame E7EE 		272 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/YkCKH_RKrJNjOho-?d31cf67feb632262=KRWC7IFpYXFYM5iovbUGt8CvuBiHAiwXUj_vpq0IcSsJbTcbv5YocSdWKrM3ftdJHw87ag2UUoTRmi-bWwrqvflOdt0Ef9IwHkbHc3bJ2nCUOg9lJfLF7xV1Ih1XroI-el1Jt9EbXNSzuSzhG5z3Omr_6tW89Kcxdi2lK3kVcCRGxXI6LbiesUaKK-JoqIVvDaC5holXaUzkB4Ud&jb=3d33262460716d7d355d636e6e6f77732e68796737576b666c6f7f7b2f3038393b266a796a7f3d4162706d656d2c6073683d43687a6d676d2f3232393a30
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/pgvi9qdfiz0rg1za.js?u9o4yvz9mbsehyq3=w2txo5aa&4z6c79b1koxx7v6j=LzQ3ZWFiMzk4ZTA0Y2ZlOTFiYThmZGIyZDAz
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
dedd3d1b042b0a57325154a8979b412b5025b8fbc3b1e652d84fda0d0ab14025
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Thu, 04 Jan 2024 17:34:28 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
tmx-nonce
c2646a963e00faea
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=99
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ihxwF3lP1Mi7D23B
imgs.signifyd.com/ Frame E7EE 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/ihxwF3lP1Mi7D23B?85f1e15fa4a310c4=brRyBsm6DJ9nCvMT6urhU-ipUAgpwNcKt3plkmkkX73h4gtZ5rKIkLGlMGNsSD379DIXckdTulKFocSZlNCgxH3TulIINX2XeOkgMf-cPmBfh1-05eEqZ1681wutAkTz1JJXLwng2q8JkslXS3GPn34enMrA5be3-ucAmv0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 17:34:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
aAH9z2JwJHtLA2H7
imgs.signifyd.com/ Frame E7EE 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/aAH9z2JwJHtLA2H7?ff3337eaa9f80239=1M8FIavtzK1boYQMrm0mRFCXuLiJf4ls-Ap_mUHNEgvXAaZiTvD0vDeW2V9OSU3ZcvakadEFCDIb8eR6T5Em0_-20_GLBg9C1dWaPw6lsXys_Qi0PkjoQin-bL0yMi-LSIFWfGMH7U8xaQpuKM8mvzvIWxs2iB822R8O5PE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 17:34:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
lqRiQXDD6L-uKFjelXCdNsJJUB86TAX--56x56.jpg
upload.usehero.com/avatars/ Frame A2BB 		928 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/lqRiQXDD6L-uKFjelXCdNsJJUB86TAX--56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-66.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
64fb011f8aa4f1a4470c3093845f0c2047a21504f823e2ec6f6684d87b81f0f8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 20:23:47 GMT
via
1.1 eb99f1f32a184a8c9c9c920381a7576a.cloudfront.net (CloudFront)
last-modified
Sun, 12 Feb 2023 00:23:18 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P5
age
76242
etag
"278d510e97539c507718c7343b8f3dc7"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
928
x-amz-cf-id
W26_9UV18R5mxQRZ2O1qiW1Rc_EIdIlcWi2U0wgPEn4I7WmRzKAPGg==
g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
upload.usehero.com/avatars/ Frame A2BB 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-66.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
083e613ed2185815dc9dc91ae569c1ea8cb0187da15b88fb4df656b04ade665f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 20:28:06 GMT
via
1.1 eb99f1f32a184a8c9c9c920381a7576a.cloudfront.net (CloudFront)
last-modified
Tue, 18 Jul 2023 20:33:39 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P5
age
75983
etag
"dd497646e037b78e9dc7ed0418ad50f0"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1340
x-amz-cf-id
5V8xr5y43dRv_3jEgdPMntbA86DKigxqTvKpF1JjdNf3GdL6caCnww==
U5YtXBWRyw-lXZknMeYZw50zvH2qmOtC-56x56.jpg
upload.usehero.com/avatars/ Frame A2BB 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/U5YtXBWRyw-lXZknMeYZw50zvH2qmOtC-56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-66.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b6c31aab66c7d12f65fb2d3d9feb66b5eaa697471a6259c19f65d55337eee0d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 00:12:09 GMT
via
1.1 eb99f1f32a184a8c9c9c920381a7576a.cloudfront.net (CloudFront)
last-modified
Thu, 06 Apr 2023 20:17:49 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P5
age
62540
x-amz-server-side-encryption
AES256
etag
"42ac0c7f92c94a27b5bf3f04ae16a051"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1174
x-amz-cf-id
JWAExEmv9AFth4N_YX72wuhMf44g50X0HT9k519tq0b5qrZKmDL4-g==
clear.png
imgs.signifyd.com/fp/ Frame E7EE 		81 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fp/clear.png
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/YkCKH_RKrJNjOho-?d31cf67feb632262=KRWC7IFpYXFYM5iovbUGt8CvuBiHAiwXUj_vpq0IcSsJbTcbv5YocSdWKrM3ftdJHw87ag2UUoTRmi-bWwrqvflOdt0Ef9IwHkbHc3bJ2nCUOg9lJfLF7xV1Ih1XroI-el1Jt9EbXNSzuSzhG5z3Omr_6tW89Kcxdi2lK3kVcCRGxXI6LbiesUaKK-JoqIVvDaC5holXaUzkB4Ud&jb=3d33262460716d7d355d636e6e6f77732e68796737576b666c6f7f7b2f3038393b266a796a7f3d4162706d656d2c6073683d43687a6d676d2f3232393a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*, w2txo5aa/c2646a963e00faealzq3zwfimzk4zta0y2zlotfiythmzgiyzdaz
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Thu, 04 Jan 2024 17:34:29 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Thu, 04 Jan 2024 17:34:29 GMT
Server
Apache
Etag
387ae89f619c41e0bf52ba5fb40d134f
Content-Type
image/png
Access-Control-Allow-Origin
https://www.elfcosmetics.com
Cache-Control
private, must-revalidate, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
Expires
Tue, 02 Jan 2029 17:34:29 GMT
yQDv6CrXzf9ooh8T
imgs.signifyd.com/ Frame 58CB 		90 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/yQDv6CrXzf9ooh8T?afa469ceee951cba=CWBYmwLfIpVNWYNeQ_s56MRG0tEGsbv6RT5X71zQAyT2UcIHHSt_sVze8c87JdxezT8YQQKeJZLr3isSlZyYXCT4Rb-Br1ilLCgiKfuo8pxlssK1QtcdYIFvABNjQdfbrS-SVaR7_ilZSOpNwK1ej--YUQ6iplE2grYZtkCfPZrPrhBi7V69_D-bQxQEgdvdenvHtMSHmJsxeQoqar0
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/YkCKH_RKrJNjOho-?d31cf67feb632262=KRWC7IFpYXFYM5iovbUGt8CvuBiHAiwXUj_vpq0IcSsJbTcbv5YocSdWKrM3ftdJHw87ag2UUoTRmi-bWwrqvflOdt0Ef9IwHkbHc3bJ2nCUOg9lJfLF7xV1Ih1XroI-el1Jt9EbXNSzuSzhG5z3Omr_6tW89Kcxdi2lK3kVcCRGxXI6LbiesUaKK-JoqIVvDaC5holXaUzkB4Ud&jb=3d33262460716d7d355d636e6e6f77732e68796737576b666c6f7f7b2f3038393b266a796a7f3d4162706d656d2c6073683d43687a6d676d2f3232393a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
8e6d309be0e623a35cca664717ed6ea96289be5e3e6b863e76791d633b2299ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Thu, 04 Jan 2024 17:34:29 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=99
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
gFtOQ2-Ofr-5FXUj
imgs.signifyd.com/ Frame E7EE 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/gFtOQ2-Ofr-5FXUj?8d84a536ec30cbc8=oB5EFRIA4xJyOa8rpY-ORrwtF6IbFaVd7ANMA7vQ_SjEXIQVzSdboxHDzO557ZfwMEvbXL30h1l9Uuq_DXiRbONzQrcPeJci5XPQqW2sYKhbZTHmkkZCRTMXxgYu_xExvfrWBZjbafNT7R0aR-N_qjFzVNQ&jb=3b3c266e79633f3d6e6b3a313d3666373f646b3c3236346a6d373f3c3e313b6d3b30353a6c6b64
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/YkCKH_RKrJNjOho-?d31cf67feb632262=KRWC7IFpYXFYM5iovbUGt8CvuBiHAiwXUj_vpq0IcSsJbTcbv5YocSdWKrM3ftdJHw87ag2UUoTRmi-bWwrqvflOdt0Ef9IwHkbHc3bJ2nCUOg9lJfLF7xV1Ih1XroI-el1Jt9EbXNSzuSzhG5z3Omr_6tW89Kcxdi2lK3kVcCRGxXI6LbiesUaKK-JoqIVvDaC5holXaUzkB4Ud&jb=3d33262460716d7d355d636e6e6f77732e68796737576b666c6f7f7b2f3038393b266a796a7f3d4162706d656d2c6073683d43687a6d676d2f3232393a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 17:34:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
SVqkrC2UeBnZabga
h.online-metrix.net/ Frame D17D 		103 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://h.online-metrix.net/SVqkrC2UeBnZabga?c2e94e4436751281=Tt0X-yqPVwMLXSJqVtKeg4O5PU9xMpDqSIXrYQPvnUT7cRR3AveCKsnsgdu_0aZf1PLed2DZhXYxiwuOio4_HCw5EgjOuP13PbQyx9eUu1AD4pNO3QllbJ35AJ-lbq17_uVs2YpdRjV8Qzd47mahPo4H1sMT2N17Rnls-vJuKKTl7HUWdT1KO4H_YsQ1H3wMP9ZmhqmZTlseKI8gM-9G
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/YkCKH_RKrJNjOho-?d31cf67feb632262=KRWC7IFpYXFYM5iovbUGt8CvuBiHAiwXUj_vpq0IcSsJbTcbv5YocSdWKrM3ftdJHw87ag2UUoTRmi-bWwrqvflOdt0Ef9IwHkbHc3bJ2nCUOg9lJfLF7xV1Ih1XroI-el1Jt9EbXNSzuSzhG5z3Omr_6tW89Kcxdi2lK3kVcCRGxXI6LbiesUaKK-JoqIVvDaC5holXaUzkB4Ud&jb=3d33262460716d7d355d636e6e6f77732e68796737576b666c6f7f7b2f3038393b266a796a7f3d4162706d656d2c6073683d43687a6d676d2f3232393a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.132.130 , United States, ASN30286 (THM, US),
Reverse DNS
h.online-metrix.net
Software
Apache /
Resource Hash
42bc39e6129d7cdc59094fa33848c8d7b43f7b1e67b2e0a4b8ae8b6ed2639d9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Thu, 04 Jan 2024 17:34:29 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
GqEsJ351f8_3TFPI
imgs.signifyd.com/ Frame B059 		90 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/GqEsJ351f8_3TFPI?fb9dfbc1e88924d3=DGIZe-S7-JPnkYkcZEQAmFJcRAiB2nMEjB3poh6EzFCukw31T3thkfgK5SxBi3KgkFguQU-U_TD8TSrtoj7_fKIQnHK37FbcjGYl32XfGAUZ3ixYonuBBKlWTJKbaii2Dj3bI0ubqWjtOdm0Tp8hinFxb582eVTbw7VoBW_-N72vltfFdHMt-E0O5sPxMID96ZvxEVgSZ_0tvMKq7pm_
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/YkCKH_RKrJNjOho-?d31cf67feb632262=KRWC7IFpYXFYM5iovbUGt8CvuBiHAiwXUj_vpq0IcSsJbTcbv5YocSdWKrM3ftdJHw87ag2UUoTRmi-bWwrqvflOdt0Ef9IwHkbHc3bJ2nCUOg9lJfLF7xV1Ih1XroI-el1Jt9EbXNSzuSzhG5z3Omr_6tW89Kcxdi2lK3kVcCRGxXI6LbiesUaKK-JoqIVvDaC5holXaUzkB4Ud&jb=3d33262460716d7d355d636e6e6f77732e68796737576b666c6f7f7b2f3038393b266a796a7f3d4162706d656d2c6073683d43687a6d676d2f3232393a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
94017c5fc111ac2dd075e8d49ffabd568df68b84a6512b753edbef0bce744ebf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Thu, 04 Jan 2024 17:34:29 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=98
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
gFtOQ2-Ofr-5FXUj
imgs.signifyd.com/ Frame E7EE 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/gFtOQ2-Ofr-5FXUj?8d84a536ec30cbc8=oB5EFRIA4xJyOa8rpY-ORrwtF6IbFaVd7ANMA7vQ_SjEXIQVzSdboxHDzO557ZfwMEvbXL30h1l9Uuq_DXiRbONzQrcPeJci5XPQqW2sYKhbZTHmkkZCRTMXxgYu_xExvfrWBZjbafNT7R0aR-N_qjFzVNQ&ja=393234362c2461353e3a2c7a373630266e3f3b3e3a307a393a30382e6b6435393c303072393830322c717a71353a72302c647072353326393c3032243932383826333e383a2c3138383a2c333c32322439383a3026313630382e3b3a3a302e3824302e657e3f6930323261686b6e63353d66666e6c6c33656b38343139363d383c623b693f612e65643f3c2e796364373a3e266e623f6a7c7c7a7925394125324e27384e7d7775266d6c6e6b6571656d7e69637926696f6f2f30446b677967657e69632d6b706365636e63647b26786437312e78623d37326e3838636b34606b6e686f313b3362373b3a3d696f30663b6a646a3a6e362e60623d61336b3836633d6663383d6f3a633230633069323e3f3e3835383a303a316c362e62796f3d5d6164646d7d71273a383b3b266073623d4b6a78676765273a38313a382c687b677f3d5763666e6f757924687b6a7f374362726f6d6d246460693d362e66646535322466657e703d3a2e7e7a663747777a677a6f25384642657a6e63662c6d637c6072353c3a323b6c3b6332686d6930306f34616b3d3c3a303232616439373f3c3a31646c3c3530303b36396c3c65616b3a3e64613336636e6a6e3d323931333131346b2e6e723f607c74787b2f31492d384625384e7d777524676e6e6b65796d6f7469637b2c69676725304e6b6f7b656f76616b2763726365636e6366712478357a66756d696e5f6e6e6b7b6225374d6e61647b6f2378647f676964577d696c6e6d757b57676f6463615f706463736d7825374d6e61647b6f2378647f676964576b646d68675d696b7865626b7425354d646b647965237864756f61645d797d63636b7e616765273f47646964796f217a6c7567616c557b626f61637f617e6d2f374d6e6b6c736f297a6c776d6b6c577a6f6b6c7a6c61796d702f3d4f6663647b65297866776f61645f76666b55706e6b7b677a2d3f4f666b6c73652972667d6d696c576c657e6966747a2d3f45666b647965237a6e776f616455737c675f7661677d6d7825374d6e61647b6f2378647f676964576061746b27374d6e6b66736f26676c5761377f6f6265645f656a4f46273a383b2e302f3a3a284d7a676c4f442f38304f532532383024382f32324b60726765637765215d65624d442f32324d4e51442d383a4559253230392c3a2d38302a477865664f46273a384f532538384d4c51462730384d592f323a312e302d303a4b62726d65617565215d676a436374576f6a4169762f30325f6d684d4c4b4e474c4d5d6366797463666b656c576b707a69737325394a2f32324f5a56576a666f6e6e5f6d69666f6b702f33402d3a304d505e5d6b67666f72556a7f66646f705d6069666c5f6c6c6f617c27394a2f32324d5054576e666d697c55626c6f666e2531482730384d525e5f6c72616757666f787e68273b4a253a384f5a5c577968616e6d785f766f7a767d7a6f556c656425334a2738384f5856577c65707c7f706d57696f6d7a7a6f7371636d6c576a7a7e632f3342253a324f505e5f766d70747d7a6f5d6b676770726f7b79696d645d706f7c692f33482532304d5a5e577e657a7c7d726d576c6b647c6f725f6b6663736d7e706d7861692f33482532304d5a5e577952454a2d334a2d3832474d595f65666d67656c7e5d6b666c6f725f7f696e742d31482d38304d4d5b5f6e6a655d7a6d64646578576769726763722d3b482f323a4f455357717e696464637a6c5f6c6d786b7e697e69766f7b2f33402f3032474d5955746f7874757a67556e666f637c2d334a2d3832474d595f746f707e75706f5d6464676b7e5f66696e6569702f3b4825303847455b577e67707c7f726555606b6c6455646e67697e2f3348253230474759577e657a7c7d726d576263646e55666c65697e5f6e636c67697a2f39422f32304f4d51557e6f72766d705f697a7863715765626a6f6b7e2531482730385f4f4847465f636f646d78576875646e6d72576e666d697c2f33422f3a3a574748454e576b656770786573736d66557c6f78767d7a65576979766b2d39422538385d45404d4e5d6b67677a726f7373656c5d7e6d7274777a6d5f6d7c69273b4a2f32305d4d48474e55616d6578786f737965645f7c67727c7f7267576d746b392f314a2d3830574f4a4d4c5d696d6f787a6f79736f645f746d7a7e7d78655d7b3b746b2d39402d3a3a5745484f465f61656f727a6d7979656e5f746570767f7a6f5f713b7c63577b78656a2d39422538385d45404d4e5d6c6d687f675572656e6c67786d785f6b666e6f2d3b48273a385d45424d445564677a766a577c6f72747f7265253b402f3a3a57474a4f4c576c78637f576875666c6d7873273940273a385d4f424d4c5f6c67716f57696f6c7c6d787c2d39402d3a3a5745484f465f6f7f6e7661576e78617d3136266f6e55603733646e3d646e6e3e353c386e64633e383d6534386067386d3d3e64383535343e333a3c6e34303d31267f6f66743541647465662d38304b64612c2e7f6d667237496e746d6e2f3a3a4970617b253a3845726d664d4c2538384f6e65636c672e6b696e3d3b&jb=393f352466733f456770636c666125324e3724382f3232205f69666c65757b2d38304e5e2d3830333a2c322d3b482f323a57696e3e362f3b4825303870363c212f3038497a706c6f5f6f62496376273a4e3f3937243336253a32224342544f442d324b2d3832646161652538384d6561616d2b2d3a3a4968786f6d652d304c3938302c3826363831332c393a3325323a5b6b6663786b273a4e3f3937243336
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/YkCKH_RKrJNjOho-?d31cf67feb632262=KRWC7IFpYXFYM5iovbUGt8CvuBiHAiwXUj_vpq0IcSsJbTcbv5YocSdWKrM3ftdJHw87ag2UUoTRmi-bWwrqvflOdt0Ef9IwHkbHc3bJ2nCUOg9lJfLF7xV1Ih1XroI-el1Jt9EbXNSzuSzhG5z3Omr_6tW89Kcxdi2lK3kVcCRGxXI6LbiesUaKK-JoqIVvDaC5holXaUzkB4Ud&jb=3d33262460716d7d355d636e6e6f77732e68796737576b666c6f7f7b2f3038393b266a796a7f3d4162706d656d2c6073683d43687a6d676d2f3232393a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Thu, 04 Jan 2024 17:34:29 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=98
Content-Type
text/javascript;charset=UTF-8
Jaqk9Ew9a6-t25xJ
w2txo5aanrqcugspgvcrdwnytdqppjwm7njcmxkdc2646a963e00faeaam1.e.aa.online-metrix.net/ Frame E7EE 		81 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://w2txo5aanrqcugspgvcrdwnytdqppjwm7njcmxkdc2646a963e00faeaam1.e.aa.online-metrix.net/Jaqk9Ew9a6-t25xJ?a3f4ecb98a552652=yBjztdDug5O1Puil4ocaR_Z2uiEURaHRD4O7UDDiQaBajk4HTL5z0aTKVX_QXZqm7DW9b_UUylcESfFWPrg2cms4IwQnTa5PsQW5MJEmGD6nOoCHOn5nuEaL1E4FChOzyP1XFTAxGpguuIpH34lPs_gx2K9m9wpyG93G
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.134.131 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 17:34:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ZvzubAq7WcVLHIA4
imgs.signifyd.com/ Frame 58CB 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/ZvzubAq7WcVLHIA4?984d4a74e805ba5d=C8iVjMRQ2B-5njFauGKfBzTDBnhziX-IAet1dedPaoMAIw6h3b_XjStJQIlac-9f3sDyoxttYlo3LSDdlV169fntkgidnsueIj-XzLVgveiZpHnxau9RQZl-_6LJ8E2sEeTzslMicVgJOmX8VBV7HkKYnVg&jf=3b3c266e79603f6c3b3d69393b6236663035693c39653b6930376a6c6964306e3a64666c3c6f33
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/yQDv6CrXzf9ooh8T?afa469ceee951cba=CWBYmwLfIpVNWYNeQ_s56MRG0tEGsbv6RT5X71zQAyT2UcIHHSt_sVze8c87JdxezT8YQQKeJZLr3isSlZyYXCT4Rb-Br1ilLCgiKfuo8pxlssK1QtcdYIFvABNjQdfbrS-SVaR7_ilZSOpNwK1ej--YUQ6iplE2grYZtkCfPZrPrhBi7V69_D-bQxQEgdvdenvHtMSHmJsxeQoqar0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imgs.signifyd.com/yQDv6CrXzf9ooh8T?afa469ceee951cba=CWBYmwLfIpVNWYNeQ_s56MRG0tEGsbv6RT5X71zQAyT2UcIHHSt_sVze8c87JdxezT8YQQKeJZLr3isSlZyYXCT4Rb-Br1ilLCgiKfuo8pxlssK1QtcdYIFvABNjQdfbrS-SVaR7_ilZSOpNwK1ej--YUQ6iplE2grYZtkCfPZrPrhBi7V69_D-bQxQEgdvdenvHtMSHmJsxeQoqar0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 17:34:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=98
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
458359.gif
idsync.rlcdn.com/ 		0
0
ohCRkstA4HaX-5vk
imgs.signifyd.com/ Frame E7EE 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/ohCRkstA4HaX-5vk?2eebd7ba8ad0da55=nGD2HSw52BnY71jHr2at3Sf6e2xKsJZ09DwgnWu5bhEQUezhiuqw05OIgbgZXP8WCRjhGyyaI94xxsc2DA4PvMdbqTKIhZjK-4nWMy-4urwCMCl0KtEvpkfihIw8HjFLlYLm7OQfc5pqCPzEJk8C2N-ot7ZtqL5bHEPCD31gM56pEnVcgZw2zF0hH5c8APZZBM_fYthXMQEnUMMRhKw&jf=3c3b3624796b66577a646e3d7e64725f7b5a5e307c44403965626f616d343f432c73696e576e61766f3f333f383e3938333636392e71636c55747b786d3d7f6d68386d6b6e73612c7b63645d61677b353b3a3f393930313338343a3f38613a3e3c386b6d3966383a3a31303c38323263323436306b6f39643a33303138353a3b3e32323838346a303f646d6e3e38333d316933306933613a303b3f39686562313f316e3f3c65676a3b363a386b6330313b62666e6d3830333b3431303c6b3d333b3464366e32323c6f62356c6e66693f3a613e6b6964346e3b3b63646963606d303d6f626b3261333a30383a6f313b303a366d393b346d3d3b3539323f6e36346e33376e393c2c7363645f736165373b3a3437383a32383c6f30393a3236643b6969313a3e60646d6d3b6b656b3137373e323e393c31303f6c633b3d3b3431693233306f6b6b66676e6664396c3c69336f6430616d6768383832333838383d3e6f313a6c6c31616c6d6931646f3a373c6c333a663a6564646b30393b3e653b3f6d663d6d683b6d6d3231336b3c3964373f333b6a393c69346f646134392479616c723f38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 17:34:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=97
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
cUK5p5RACAZpyfIQ
h.online-metrix.net/ Frame D17D 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://h.online-metrix.net/cUK5p5RACAZpyfIQ?2cf49b1223383f33=WqslXuL4AUdEICHxyXr24WyrRALSHw55oV5ws9DK6JIrk_KYVrype7hocWn-0xoaZERdQh8_nqUXQCJ99ejxNhvZ71Nak-s-N4QerRzcIc7MWI2G8ni1T6hc0V8a5uK21ayjYGeV_kgl2BFYmK1p6koGE2ndo_juH24OSXyGU_zspCqupSQwFGhWZ4Vxz8EFoVepJsByI9Q7BDnWVMc&jf=3c3b3624796b66577a646e3d7e64725f62665d316061715f61326f405f3746672c73696e576e61766f3f333f383e3938333636392e71636c55747b786d3d7f6d68386d6b6e73612c7b63645d61677b353b3a3f393930313338343a3f38613a3e3c386b6d3966383a3a31303c38323263323436306b6f39643a33303138353a3b3e323238383439386864313d3361383a386866303f33343a303b39646c3662303f366c693261303a3c343f3c6e37303a3a646238316931636f30606a6a3c6b343b3837656c376f3032613a3c39653a6a3b64693b6839356f3b3830643a633a3b6a696e616c3162383d633a3f6c30673130636e6b38673e3b69336269693831336f34353c3c6c2c7363645f736165373b3a3437383a3239383a613a303c35643a306964673d6733383f386835693463616b3b323d3b38373a3a63313933366d3e6c363938306862673a36343e3f3a6b306c6262356d31683b3830303a38363a6a6e3369693d61363a3f6c61366b67606b31336b316b3233323c353d3d3a30666d3e373e3f3f613f316b336332303262356f3b60693c6939336f366665302479616c723f39
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.132.130 , United States, ASN30286 (THM, US),
Reverse DNS
h.online-metrix.net
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://h.online-metrix.net/SVqkrC2UeBnZabga?c2e94e4436751281=Tt0X-yqPVwMLXSJqVtKeg4O5PU9xMpDqSIXrYQPvnUT7cRR3AveCKsnsgdu_0aZf1PLed2DZhXYxiwuOio4_HCw5EgjOuP13PbQyx9eUu1AD4pNO3QllbJ35AJ-lbq17_uVs2YpdRjV8Qzd47mahPo4H1sMT2N17Rnls-vJuKKTl7HUWdT1KO4H_YsQ1H3wMP9ZmhqmZTlseKI8gM-9G
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 17:34:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
c
ids.cdnwidget.com/ 		61 B
235 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=142202084&GCS2=NWFiYzllZTEtZWU3MS00NmJlLWJiMTgtMWFjM2YxZDk4NzdmLmxvY2Fs&pe=false&wsid=4142&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Atrue%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A4142%2C%22loadID%22%3A%22IlnqEokC5At0ldm%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A3%2C%22IDStageStart%22%3A3%2C%22obsReqpage%22%3A404%2C%22obsReqdata%22%3A405%2C%22netComplete%22%3A607%2C%22obsReqview%22%3A624%2C%22IDStagePrefire%22%3A624%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A1%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%221605126463212088770%22%2C%22visitid%22%3A%221704389668750772%22%7D
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:56e0:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
9f8441024e84c58109845fa52d52c98b3a2a6cde7529d923779fc815053795d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:29 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61
init1.js
api.bounceexchange.com/bounce/ 		36 B
334 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/init1.js?wklzs=900&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHYAGAFgGYAOATgDZbrSBWazYALxCgFpbjMA7gFMARjlTAhAfVQATKKXykATJgBOQnCAA2cNBgJ9iAD3zLi-DTCFqNaqNgCG27agQBzKXDXaoAC2BgAAccAFJyAEFQ5QAxaJiBRIA6IW0YJBAcAFshNCQcJIys+Izs3NQkbiQ1VCy3ZxxMADdUcWApDJAAa1QhKFDCACFo5W0gkfCo5WUA4LDlJkjopljl2MSBFLTSnLyCorWYnfLK6tr67XnlaIBhEbUJpemJwgARbBBu3v6hkdk5R5TZT4PhMMy0Ui0cjA8yUSiEEgTZR3aYtWSAohkKh0WjwpjEBHXZEjJqAgbDabaEDudxCWQyBCAmANIS3EZCJo2KRUml0hlMlls6ZIRxqdoAR2AAE9AcQhcoRWKpE1nHBWc9InLidMcHARHVAnyMG11ddIszLuqUaNqbT6W4ZLIhAg0DBeuiNRELTgrSNFe0fcABZb5f7gz6Bq95bJ3DFUGocMAADIgRwes0RYBqNWR5qinAAbR5doZAF1YCy8wmCxyucW+W5y96hFXC-6pJKpeX+Crq+2VbohN3WwWgmoQPSxxUhxXLSOxxOpAhHDkm5Xe4WHYmQEgumu5xuC7r9RJJPTjRIZ82R50etIshPnFIx5pncB9z6R-X7QhHW-UG6dIfi2h7toGwHzrIQRSDgXRwBBoGiu+s6foeL5NDBcEIU6MAFv2qozj2OFFraDa-nI-6AbI2FCLhYG5BBt69FIoAgNyoq0ihLYiEEUD8LkvEFgARP6QkADQiY4kjuCAahSuJIl+EIu4gHoCl+CAOQKQushwCgCk+qKSB+EJpaYEEwB4B8WRBK4jjINIMDaI47gOE0fiOFAQA
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date
Thu, 04 Jan 2024 17:34:29 GMT
content-encoding
gzip
x-envoy-upstream-service-time
17
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
text/html; charset=UTF-8
cjs-logger
e.cdnwidget.com/ 		0
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.cdnwidget.com/cjs-logger?source=ID%20generation%20error&severity=Warning&error=forbidden%253A%2520disallowed%2520country%252C%2520country%2520code%2520is%2520DE&cookieID=&deviceID=&BXWID=4142&warpspeed=2%5EHIykD&loadID=IlnqEokC5At0ldm&version=1.5.9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.193.48 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
48.193.102.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 17:34:29 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
image/png
gFtOQ2-Ofr-5FXUj
imgs.signifyd.com/ Frame E7EE 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/gFtOQ2-Ofr-5FXUj?8d84a536ec30cbc8=oB5EFRIA4xJyOa8rpY-ORrwtF6IbFaVd7ANMA7vQ_SjEXIQVzSdboxHDzO557ZfwMEvbXL30h1l9Uuq_DXiRbONzQrcPeJci5XPQqW2sYKhbZTHmkkZCRTMXxgYu_xExvfrWBZjbafNT7R0aR-N_qjFzVNQ&jac=1&je=3d3931242c75676135383b372431313426303b3024313b2e786d356665246a697e7374372d3d422738306e6d7e6f662538322533493324383a25304b2d323a7b7e637c7d792532382d3941273830616069786d69646725323a273d4c2c61776c603d6b693d60316d3c653632396963636934643a693d6931333239333e313e3e6835613b3937313e68366c306e6434323e3a30313264673c6e3a3966696438343d3b2c6d72333f6b39336b3c6f323d316f38316e383d37643964666a386e32383d6139383c366b306865613b6b336a2e7f6360352f37422f3a386170696a6b7c6d697e75786525323a2739492f32302d3a322d3a49273a3a686974646d7973273830273b492f38322f3232253a412f3a3862706966647b2d38302d3b4b2535482d3f44273841273a3a6c7f6c665665727b6b65664669717c2d323a2d39432d3d4825354e2d38432738306f676a6366652f3232253b436c696673672d3a432d3a386f676c6f6c25383a2f33432f30302d3a382f3249253232786e6b7c6c6f70652d323a2d39432d3a382532382d38432738307264697e6c6f786d56657a7163676425303a2d33492d38302d3a382532492d3832756575343c2d3838253941666164716f2d3d44247d696c352d3d402d3a3862726b666e73273830273b492f3f422f3544253a412f3a386d6d6a616c6d2d38302d3b4b6661667b6f25304927303a78666b746c6f726d2d30382d3941273a3a253a3a2f354c
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/YkCKH_RKrJNjOho-?d31cf67feb632262=KRWC7IFpYXFYM5iovbUGt8CvuBiHAiwXUj_vpq0IcSsJbTcbv5YocSdWKrM3ftdJHw87ag2UUoTRmi-bWwrqvflOdt0Ef9IwHkbHc3bJ2nCUOg9lJfLF7xV1Ih1XroI-el1Jt9EbXNSzuSzhG5z3Omr_6tW89Kcxdi2lK3kVcCRGxXI6LbiesUaKK-JoqIVvDaC5holXaUzkB4Ud&jb=3d33262460716d7d355d636e6e6f77732e68796737576b666c6f7f7b2f3038393b266a796a7f3d4162706d656d2c6073683d43687a6d676d2f3232393a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 17:34:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=96
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
metrics
api.usehero.com/ Frame 6CDD 		0
0
metrics
api.usehero.com/ Frame 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/
Domain
9231397.fls.doubleclick.net
URL
https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=5604021205782;auiddc=978309849.1704389664;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?
Domain
10742279.fls.doubleclick.net
URL
https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=9518799620176;auiddc=978309849.1704389664;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?
Domain
pixel.pointmediatracker.com
URL
https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=2ba9a21b-63b0-4fb0-9b79-4caf2156005a&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=1759056162
Domain
tr.snapchat.com
URL
https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=5773000f-a162-488b-9f42-6c8729642cf5&u_sclid=1479e282-67fa-4e48-a9e8-3d91dc66e508
Domain
idsync.rlcdn.com
URL
https://idsync.rlcdn.com/458359.gif?partner_uid=a4c5da83-be8d-4c47-8d17-abaad514c41a
Domain
api.usehero.com
URL
https://api.usehero.com/metrics
Domain
api.usehero.com
URL
https://api.usehero.com/metrics

Verdicts & Comments Add Verdict or Comment

220 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| documentPictureInPicture object| $jscomp function| _loadCookieConfig function| _domready function| _delayed function| _findTags function| _srcAttr function| _needsEval function| _loadFromDOM function| _clearEvents function| _lastChainedResource function| _isImageLike boolean| domCompleteTriggered function| _abTest function| _getCookieVariant function| _setCookieVariant function| _configureAbTestAnalytics function| _executeAllAbTest function| _executeAllAbTestUniversal function| _executeAllAbTestClassic function| _executeAbTest function| _abTestScript function| _chooseVariant function| _abTestAnalyticsUniversal function| _abTestAnalyticsClassic object| _serviceWorkerConfig object| Yo string| yo_host string| _pxAppId function| $ function| jQuery object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| ytCCPlayer object| ytBTSPlayer function| onYouTubePlayerAPIReady function| onCCPlayerReady function| onBTSPlayerReady object| content object| PXXT4Gy2ig object| PX undefined| _XT4Gy2ighandler object| __LOADABLE_LOADED_CHUNKS__ object| regeneratorRuntime function| _ function| applyFocusVisiblePolyfill object| __CONFIG__ string| __DEVICE_TYPE__ object| __PRELOADED_STATE__ object| Progressive boolean| __HYDRATING__ object| dataLayer boolean| rakutenDataLayer object| DataLayer object| gaViewedIdsForPage object| DY boolean| BRAZE_SETUP_COMPLETE boolean| otSPAPathChange boolean| otIsInitialized boolean| otBlockOptOutInitReload function| OptanonWrapper object| DYcustom string| AppsFlyerSdkObject function| AF object| OneTrustStub object| DYExps object| DYO object| contextManager object| DYJSON object| DYCS object| _uxa object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| onetrustActiveGroups function| create_UUID function| createCookie string| GoogleAnalyticsObject function| ga object| HeroWebPluginSettings string| HeroObject function| hero object| GooglebQhCsO function| snaptr function| pintrk function| fbq function| _fbq object| _fbq_gtm_ids function| rdt string| TiktokAnalyticsObject object| ttq object| JebbitObject function| jebbit function| cnxtag object| cnxDataLayer object| DYWork function| $dy object| gaplugins object| gaGlobal object| gaData string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| Optanon object| OneTrust object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytglobal object| ytPubsub2Pubsub2Instance object| ytPubsub2Pubsub2SubscribedKeys object| ytPubsub2Pubsub2TopicToKeys object| ytPubsub2Pubsub2IsAsync object| ytPubsub2Pubsub2SkipSubKey object| ytNetworklessLoggingInitializationOptions object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingTransportTokensToJspbCttTargetIds_ object| ytLoggingGelSequenceIdObj_ function| ___rmuid object| ___RMCMPW boolean| otLastAcceptAllValue object| AF_cleanupMethods object| ogJsonpFunction object| OG object| AF_SDK function| DataLayerHelper object| __post_robot_11_0_0___uid_numhnacfzmymuvpacsidplhppphjzs object| paypal object| __zoid_10_3_3___uid_numhnacfzmymuvpacsidplhppphjzs object| configArgs number| pixelRatio number| width number| height object| screenSize object| labels object| bouncex function| UET function| UET_init function| UET_push object| _scPxHelper object| CS_CONF object| CSPureWindow function| csDate object| csJSON function| csArray function| csString function| csURL function| csMutationObserver object| csScreen object| csquerySelector object| csquerySelectorAll function| csNodechildNodes function| csNodeparentNode function| csNodenextSibling function| csNodefirstChild function| csElementshadowRoot function| csElementmatches function| csElementwebkitMatchesSelector function| csHTMLImageElementsrc function| csEventtarget function| csNavigatorsendBeacon object| CSPathComputation object| UXAnalytics object| ueto_106129bff3 object| uetq object| paypalDDL string| PaypalOffersObject function| ppq object| webpackJsonp.TiktTokAnalytics object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| webpackChunksmart_tag object| bxgraph object| __post_robot_10_0_44__ object| PAYPAL object| Hero function| a0_0x3ef0 function| a0_0x17ca object| sigScriptLoader object| SIG_SCRIPT_DEBUG function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie object| threatmetrix function| tmx_run_page_fingerprinting function| tmx_post_session_params_fixed boolean| tmx_profiling_started object| cti110221

71 Cookies

Domain/Path Name / Value
sc-static.net/scevent.min.js Name: X-AB
Value: b46f0e27cf754d26a3e5e972d945d42c
.youtube.com/ Name: YSC
Value: NVebbF63BhM
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: wV4R5JD8P88
www.elfcosmetics.com/ Name: initAuthComplete
Value: true
.elfcosmetics.com/ Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: %7B%22g%22%3A%228b958f90-e4d7-8663-d9f9-056dddb2f1c1%22%2C%22e%22%3A1704391461933%2C%22c%22%3A1704389661933%2C%22l%22%3A1704389661933%7D
.elfcosmetics.com/ Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: %7B%22g%22%3A%2228375058-38ab-af9a-607c-30e10dbf84aa%22%2C%22c%22%3A1704389661938%2C%22l%22%3A1704389661938%7D
.elfcosmetics.com/ Name: pxcts
Value: 7e272c64-ab27-11ee-9367-ad8b4c5dc07c
.elfcosmetics.com/ Name: _pxvid
Value: 7e272045-ab27-11ee-9366-69dcddb05095
.elfcosmetics.com/ Name: _dyjsession
Value: a8qrauj89wipbqi8umbpln5fhe68gz19
.elfcosmetics.com/ Name: dy_fs_page
Value: www.elfcosmetics.com%2Fcosmetic-criminals
.elfcosmetics.com/ Name: _dy_csc_ses
Value: a8qrauj89wipbqi8umbpln5fhe68gz19
.elfcosmetics.com/ Name: _dy_c_exps
Value:
.dynamicyield.com/ Name: DYID
Value: 2769714021645347871
.elfcosmetics.com/ Name: _dy_soct
Value: 647796.1248068.1704389663.a8qrauj89wipbqi8umbpln5fhe68gz19*836603.1652212.1704389663*837245.1654610.1704389663*861617.1750272.1704389663
.elfcosmetics.com/ Name: _gcl_au
Value: 1.1.978309849.1704389664
www.elfcosmetics.com/ Name: FPC
Value: 2ba9a21b-63b0-4fb0-9b79-4caf2156005a
.elfcosmetics.com/ Name: _dycnst
Value: dg
.elfcosmetics.com/ Name: _gid
Value: GA1.2.1758557866.1704389664
.elfcosmetics.com/ Name: _gat_UA-432816-1
Value: 1
www.elfcosmetics.com/ Name: scapi
Value: prd:0ae6d5d5-54e4-4c72-95cb-a25322f5573e:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjBhZTZkNWQ1LTU0ZTQtNGM3Mi05NWNiLWEyNTMyMmY1NTczZSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDM4OTYzNCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJrZWRKbEtvWnhic1JscnBKbGFZWXdYQVc6OmNoaWQ6ICIsImV4cCI6MTcwNDM5MTQ2NCwiaWF0IjoxNzA0Mzg5NjY0LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDU0NTgwMjk3MTYzNDkxIn0.HB6XgtE-IZJYP3c0Yjb0hWTsHckLpg4xM-EAi2DNzIrvWY1W9maJKxnqFzzZ30NLVV7fe-QrkHoSlvkROvEUGg
www.elfcosmetics.com/ Name: dwsid
Value: MVHGcsbwprEBDCGM7xESmcOQDfL45mUAvb7OT4i_3_048lYiot6CNLjL32BPoQ2MLpImCBh8EVq-Z8xMpgbh0g==
www.elfcosmetics.com/ Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92
Value: abkedJlKoZxbsRlrpJlaYYwXAW
www.elfcosmetics.com/ Name: __cq_dnt
Value: 1
www.elfcosmetics.com/ Name: dw_dnt
Value: 1
.elfcosmetics.com/ Name: _dyid
Value: 2769714021645347871
.elfcosmetics.com/ Name: _dyfs
Value: 1704389664823
.elfcosmetics.com/ Name: _dycst
Value: dk.w.c.ws.
.elfcosmetics.com/ Name: _dy_geo
Value: DE.EU.DE_.DE__
.elfcosmetics.com/ Name: _dy_df_geo
Value: Germany..
.elfcosmetics.com/ Name: _dy_toffset
Value: -1
.elfcosmetics.com/ Name: rmStore
Value: dmid:9097
.elfcosmetics.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Thu+Jan+04+2024+18%3A34%3A26+GMT%2B0100+(Central+European+Standard+Time)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=a362deef-6965-4660-aac6-5d0454f4bf07&interactionCount=0&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0%2C5%3A0
.tiktok.com/ Name: _ttp
Value: 2aV2woTroRrYfprtURBXCAPMejX
.elfcosmetics.com/ Name: og_session_id
Value: 1e72a9589c4f11e9a62ebc764e10b970.662621.1704389666
www.elfcosmetics.com/ Name: esw.currency
Value: USD
www.elfcosmetics.com/ Name: sid
Value: 1t2at6yNkOV7LLTiT4q-myQcUTeSm1NUx54
www.elfcosmetics.com/ Name: _dyid_server
Value: 2769714021645347871
www.elfcosmetics.com/ Name: esw.InternationalUser
Value: ""
www.elfcosmetics.com/ Name: esw.location
Value: US
www.elfcosmetics.com/ Name: currentLocale
Value: en_US
www.elfcosmetics.com/ Name: esw.sessionid
Value: abkedJlKoZxbsRlrpJlaYYwXAW
www.elfcosmetics.com/ Name: esw.LanguageIsoCode
Value: en_US
.elfcosmetics.com/ Name: _ga_ZLYXLXNDL8
Value: GS1.1.1704389666.1.0.1704389666.60.0.0
.elfcosmetics.com/ Name: _ga
Value: GA1.1.471137427.1704389664
.elfcosmetics.com/ Name: _rdt_uuid
Value: 1704389666717.edc5d1d6-800c-4ff3-8867-bac4fc5b0303
.linksynergy.com/ Name: rmuid
Value: a4c5da83-be8d-4c47-8d17-abaad514c41a
.elfcosmetics.com/ Name: _scid
Value: c5a03eb2-7139-4e06-9588-cfa79d5e9fb4
.elfcosmetics.com/ Name: _scid_r
Value: c5a03eb2-7139-4e06-9588-cfa79d5e9fb4
.doubleclick.net/ Name: IDE
Value: AHWqTUk-zYn283yb96Gmcn7QJoc0lzbZ4mOYgyMPsXH0fKV2rYjy8MH5yZleUHO4
.elfcosmetics.com/ Name: hero-session-efcf9631-4c6b-4874-9f76-51f71464249a
Value: author=client&expires=1735925666904&visitor=8006bce1-26d3-44aa-91cb-f914ca4608ed
.elfcosmetics.com/ Name: _uetsid
Value: 82129620ab2711ee90f715f60bb1694f
.elfcosmetics.com/ Name: _uetvid
Value: 8212e770ab2711eebf10812ab4e994d3
.snapchat.com/ Name: sc_at
Value: v2|H4sIAAAAAAAAAAXBgQkAIAwDsIsGrlZbzxmIV+x4k2V6qU4ki8EJh+UXvsRDGQl1pwanz97q8QEeHkosMgAAAA==
.elfcosmetics.com/ Name: _cs_c
Value: 0
.elfcosmetics.com/ Name: _cs_id
Value: 7d3c59dc-0b47-ad72-c16d-082350062456.1704389667.1.1704389667.1704389667.1558384338.1738553667403
.elfcosmetics.com/ Name: _px3
Value: 1df403b7d6405f2579477010916fef4d9985116930e1ac0c6196364370f28bbe:qIsKcc9gsdMHrtcPywamsSSUfwJ2wPJJ/bVQjwI4JNK5BCr/BbdOQR2gfueIkMMyslA+NkVCmGZPP2ZNjjJbpA==:1000:8LKsuwbyKPosktsr2WsE8HpLMih3tA/uIzE9BpYv/1sRJPIdUgGxFP9udxoks5pnbqCkc7L8xzIrTVtN0qqqwAoEfDPQeVdS3U1yqPmDM8UKJiGf3QnrYJfpt3r9xHsT4Sj72otcUGQJNGY3+pcYln9MtYCqKrgPmnUHQO9U8waSkDhMTmFkIAh9xTlP5DAU6ozTj6kYFUgIfxlkRHdlCKbPxb/y/Z0MRyQzETi8MA0=
.elfcosmetics.com/ Name: _fbp
Value: fb.1.1704389667623.1434818423
.elfcosmetics.com/ Name: _tt_enable_cookie
Value: 1
.elfcosmetics.com/ Name: _ttp
Value: bsADd2hT2IzllzCXF3yyyMSwiOt
.paypal.com/ Name: LANG
Value: en_US%3BUS
.paypal.com/ Name: x-pp-s
Value: eyJ0IjoiMTcwNDM4OTY2Nzk5NiIsImwiOiIwIiwibSI6IjAifQ
.paypal.com/ Name: tsrce
Value: crcpresentmentnodeweb
www.paypal.com/ Name: nsid
Value: s%3AJxHb2NmdyGWjQ9F04cwZbIH0Z4Cb6irO.RgSU%2BemuZWaiqG5yi6bYdpanTS1BzporMtabLbOZZK0
.paypal.com/ Name: l7_az
Value: dcg02.phx
.paypal.com/ Name: ts
Value: vreXpYrS%3D1799084067%26vteXpYrS%3D1704391467%26vr%3Dd58a6c6f18c0ad10c04498fffb6119ff%26vt%3Dd58a6c6f18c0ad10c04498fffb6119fe%26vtyp%3Dnew
.paypal.com/ Name: ts_c
Value: vr%3Dd58a6c6f18c0ad10c04498fffb6119ff%26vt%3Dd58a6c6f18c0ad10c04498fffb6119fe
.pinterest.com/ Name: ar_debug
Value: 1
.elfcosmetics.com/ Name: _pin_unauth
Value: dWlkPU16RTFNVE0zTjJNdE0yTTFOaTAwTXpVeExUZ3pOelF0T1RNMlpUSTVaR1psWVRKag
.elfcosmetics.com/ Name: _cs_s
Value: 1.5.0.1704391468544
www.elfcosmetics.com/ Name: hero-user-id
Value: null
imgs.signifyd.com/ Name: thx_guid
Value: 417a0b5f62972789a3096935733800e3

5 Console Messages

Source Level URL
Text
javascript error URL: https://www.elfcosmetics.com/cosmetic-criminals(Line 364)
Message:
Access to image at 'https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=2ba9a21b-63b0-4fb0-9b79-4caf2156005a&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=1759056162
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other warning URL: https://connect.facebook.net/signals/config/1638306756445368?v=2.9.138&r=stable&domain=www.elfcosmetics.com(Line 141)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://cdn.usehero.com/plugin.5.46.0.js
Message:
<link rel=preload> has an invalid `href` value

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
alb.reddit.com
analytics.pangle-ads.com
analytics.tiktok.com
api.bounceexchange.com
api.ipify.org
api.usehero.com
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
cdn.usehero.com
code.jquery.com
collector-pxxt4gy2ig.px-cloud.net
connect.facebook.net
cosmeticscriminals.com
ct.pinterest.com
data.cdnbasket.net
e.cdnwidget.com
elfcosmetics.a.bigcontent.io
external-api.jebbit.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
i.ytimg.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
jnn-pa.googleapis.com
js.cnnx.link
js.jebbit.com
page.cdnbasket.net
pixel.pointmediatracker.com
px.dynamicyield.com
qoe-1.yottaa.net
region1.analytics.google.com
s.pinimg.com
sc-static.net
sdk.iad-05.braze.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.doubleclick.net
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tr.snapchat.com
tr6.snapchat.com
upload.usehero.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aanrqcugspgvcrdwnytdqppjwm7njcmxkdc2646a963e00faeaam1.e.aa.online-metrix.net
websdk.appsflyer.com
www.elfcosmetics.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
www.youtube.com
10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
api.usehero.com
cdn-fsly.yottaa.net
idsync.rlcdn.com
pixel.pointmediatracker.com
tr.snapchat.com
104.126.37.25
104.237.62.212
13.224.103.62
13.224.132.25
142.250.185.194
151.101.130.133
151.101.194.133
165.254.56.168
18.196.74.65
18.235.151.6
18.245.60.66
18.66.112.91
184.31.94.141
192.229.221.25
2001:4860:4802:32::36
204.141.89.115
204.2.49.54
23.206.208.183
23.53.41.88
2600:1901:0:56e0::
2600:9000:2090:3e00:a:7914:b00:93a1
2600:9000:2156:c000:11:85b0:d600:93a1
2600:9000:2240:a800:13:d6f4:3240:93a1
2600:9000:2251:7800:a:b89d:a6c0:93a1
2600:9000:248c:d200:15:ad21:c740:93a1
2606:4700:4400::6812:2089
2606:4700:4400::6812:2a49
2606:4700::6812:82ec
2620:1ec:c11::200
2a00:1450:4001:800::200e
2a00:1450:4001:806::2003
2a00:1450:4001:806::2004
2a00:1450:4001:80b::200a
2a00:1450:4001:80b::2016
2a00:1450:4001:810::2006
2a00:1450:4001:827::2008
2a00:1450:4001:827::200e
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2003
2a00:1450:400c:c00::9b
2a02:26f0:3500:11::215:14d5
2a02:26f0:480:1a::5f65:6f9e
2a02:26f0:480:1a::5f65:6fab
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a04:4e42:200::396
2a04:4e42:600::649
2a04:4e42:8d::84
3.33.220.150
34.102.147.248
34.102.193.48
34.111.8.32
34.117.197.184
34.117.23.127
34.120.253.250
34.98.67.3
34.98.72.95
35.186.202.199
35.190.10.96
35.190.43.134
52.211.234.8
54.154.97.89
54.192.87.248
91.235.132.130
91.235.133.113
91.235.134.131
99.80.178.133
011491b5ff37fd0673568b1ea2b7bae29a4a9510eea1b8c5a7f645b918c9bf0a
04c6083a9781b397d0b570f97154a3fa61aac68dfba173617e5a6351786b7470
054627cae231e45043f9bc88dba346a81e14b729a5deb6d20cad1319f63a8ffb
066f884cfd15768801743268a042cc8f5bba3f262b33ff05716b33b9e9550905
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
083e613ed2185815dc9dc91ae569c1ea8cb0187da15b88fb4df656b04ade665f
0be6b755910551d20e2c8f2cc9258bc2e7000445b9c8e4f030b8cf458a0e022e
0bedcfb9ec8de8c6eb2ca6d90074342f7f4667873a5edb642986e683a94cc60d
0f5fe767ec60aa4b60c09496259716f16d914bc3588105ab8e6a55c876870c9d
11c4396421b83f6c6841997324307956c9f0e51e6cd983fc966aeb5591020251
139dccc148a700e806645b9f9b2530ff93258b0ef1cf3cb7ebea8b1020f80307
1a09824b6d7bbd0f5e82a23d14da408abfba60d02f5bdb48309d3ab6ca61bb1f
1a1fe89f11a11d89299028b565a99569e2aa5df3055ce514ba4dec2a8f0fe4fa
1b4c92bed345e6e4c46e27663bf201c905e02969c5b72c4945458f97e458beec
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
2460590a71f767273c7821bcb071f6a10f6016feb3497ba4e0a84bd219c97873
28479d5dbd7f71f7b2d0da192350fe6a1bc5cf5b0baef023fdf97f64a1e49569
2a2cd65d5fefa2b8e45e0dcec4b3ce4ef13140ec27d8e2a49c0d38bb1a2a8468
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2ad22b91587a2adec093dc2d911118cac6b363dcaed96b3aaaa3af80d58efa03
2d5ce843cf166fdb4108ebcfe16b22da332149e2bcb4b7d93b3abd0d93e2def8
2e43938512568a6819be40d8c79292dc4b5d9ac9888f23a9f5ba931f98ce81aa
305fe9a5f5590087ad5d80aa44c7a7f1416966806e955ce7a42ab086ec14e38c
30766af54516bbc623c690d7506f7d86b6c987acbcc1229debb7dff8f463459b
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
349a84fa24c5bda7424681c4ab9a0d265a0966a963f47e975dc5f7f347e3bb1d
361f9ffb9f3bc85e62e58b7f19e356a0c44bd11d4a3319fb01f758b685105957
368402529857d77887024f708e02ed968e24738bdc51c11a0e7906221ad74037
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c
3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
42bc39e6129d7cdc59094fa33848c8d7b43f7b1e67b2e0a4b8ae8b6ed2639d9c
4973f562e7d8f8ad478be1fe1090639ca7b50af5f98c5c13efe61d22fb72665e
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f770b32793546ad41060cc03c06e4a744b10e9ae4af0b2b0522cfcf1fb33285
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
53209fa14c4b4c74135983da5d59dc8f62516f7ce65ba17a9766c4a4d450bc75
532bcb8909320181167f847a492db322b746fe9d010daf0f8a10121b4e22cc97
5570f4a23e52ab1d181c0cbc38821585e6b09260b9a3d5b8da32c125c06e1bb1
578bee6e4e3c64581e188d06eb57bdbb8f576eb46ddccf5e7c175c1fdd980a27
57e461c9b78558e62478cca713658387eaf54afe6ae0a8128ee38e5846b4d6d8
58c65490754b79ac6c5ffe879245a8f93f29f0a9deb8e7b1a1b5768880e5237f
5a0e2b951191e60b6c3905118d84d9a95a309d355c4eb71dfead2ae2866683ee
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
60cc60a6fcbd230def379432395199b585791ed521e2e5f595369a2193e617fb
64fb011f8aa4f1a4470c3093845f0c2047a21504f823e2ec6f6684d87b81f0f8
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
692db01eb703744d633776b15675c6b2c761732ca585236d376836bf6f04bc9e
699ea373a13f070a5c93734e0811db701d4cb7ba6e8dc05c86749064bd294a2e
69cd4e11d5c2ca3c7ddcdf2d7923494a3820e1ce47062a2859ff4b594d2fb843
6a36655e9de608636a4c3262639b79321a93bdd9ad275e4e130a07719094146f
6b42a56b231d70ea3691b9f46363b9f8ed6ca35f6b50084718669b8beac1e57d
6bd5b9d90c9120b7f44159c16d919942f41b4187dcb49e34160ec665f2bdb0e1
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6e9a31b3784b5fa5f384ee596c719982c792ebc9034e6425e2da3ecfd36c0678
70c3c8c11fe43a3931b5540cbbad1392a48dcfb133574102e3cb7045d062b93f
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
7375fe7d1cc3047d706aecd82c6a14ca0387c0e3fc5b67de17f4ae95f26e3f56
744f83518728b979fb7e008389501d1acaa5a3086284274c296f26c5d4cfc8e4
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7ac9f0e85d1ed4d4ccf7a151ec6b9b80f89baa745841db8efd82713671ff5ab8
7bb9a0e065f86710347b5cbdc6d013eb6e41733771f933a3217292258d6d2d13
7d6b2e34f8baa2cbb0d0352ba4401894ca78bd0e98a8f0259798be00d3f9f4ec
844e110d367aacf96432d2a6f36b849d92efd4e09773c4673bc0f60fbd7203a8
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
890e001a83f07334785932a039f2656e7a5f3ebc430ede8d6254e383914e86f5
891bca20e4e11ff9bd4f4b5da760a71f53dbc49c58b76ca5417068744c59afe0
8a529d731b65f14de11f1f946a8b4cd7ed6327aca33a3cd67f970d70d9dd1618
8b311b78042906393bf9c3cdc5bc8115b450b8b31905b1641dec7246fbd4cc85
8c2cdac3c61b11fd9d94715ef07c3f743698dfe7fda47203088d6fc9b0840769
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8da41648231f96a1ff630fdd642b36ebea84ec868862abb26a508bf6da08c1ba
8dea6b2240fed7b9dccb7a71b05a27a2b41908306b12c498c2c718856568a3cd
8e6d309be0e623a35cca664717ed6ea96289be5e3e6b863e76791d633b2299ce
8f9a9098c4ded509bc8b29a03c9a07bda525e10ef5f19df1e00bed6f360f4c33
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
937829208c31a3c25ff1cf61f775b45ca596575abde2c08ecc08e9e126a8c5bf
94017c5fc111ac2dd075e8d49ffabd568df68b84a6512b753edbef0bce744ebf
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77
98bc0753b3f7392176a4af252bfae9bcd1f2804b73dee374119899d8f52ae3d2
9a35922a6b3cdd53f2dbce919d6e801174ef11b8eb275e17bba7742e1d115beb
9ad389543b882262b26151e39b81233ab6a833daeb530a99cc164bb96b5e4039
9f8441024e84c58109845fa52d52c98b3a2a6cde7529d923779fc815053795d4
a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a68adcd6e4525179b1a4e28b16abe4777a0afb870b4317b427f6d6ea8fbe22ed
a6b9e644c12aee2c3de2ee7a64edafefff8e39af57b9bae125e1fc6d96c14edb
a6ffd355ef134067881693be4cc9be0d537c10569efa404114b30e721e290ff4
a758246f43df5cf0f88a3c46a95cb7e962ec2e16327f7fc6b70d2150981b86df
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c
abbda51c88a9a22c60f30b677f8925355382798bfcabb143d3938400c484d0f4
acac3baa3b4972e5fde307683f87d9941e58a4af1d40efb82ba46aa4c0f26261
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615
af7aa4914c29a6baabdf4887c7aa1c8531012faa62ac216929952f6a40821012
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22
b24c214fcfb8abe0f59cb6964248056f89eaf8e9b8719eb0c14e529cb164dad1
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b6c31aab66c7d12f65fb2d3d9feb66b5eaa697471a6259c19f65d55337eee0d5
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c
c2bad4048a4cbd23e0c3992fd2c36644f64d873f44409e0234ae593aa040e924
c4fad867557fa65e1a778e915c0b4ed0cd1bbb4443452c8943e5cec6504311e7
c856ca647a5edf9ff56752649cd2bbd3d6d6fb2263d1b473a255534f5bf6f830
ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ccf66f972fae817b8617ab7745c38c89eda73a2795a151f3865f25bc4d4a8f0b
cd0b162bc6e5a1dfcdba80c8b12d3f2ec6ac423a1c1ed7d996779d9c6b81f346
cd6f19ed889f24b9bcbde6c982c5b4ec540eb533baea58bf8e6bb1c14155c7d3
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d37545bbfbab30b44e51e630172af7d5d8a717afe66642b3e8eba0f6e1666872
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d7112241fbbe5028b06cc6859ebf86d94cdc779b9d1b4eae9ac87aada6b075b4
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1
d8a6566c7e926c37c010dc811a5e82d5eddad8b10057bf711f0f644be60707d3
ddb2dc13235adf42770ec320b6e8096e741128edadbc864d5cd07f71acadd25e
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dedd3d1b042b0a57325154a8979b412b5025b8fbc3b1e652d84fda0d0ab14025
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
dfc983293c9baf693a719da3c69be679cbe8aea18c8f35a7abfef41f14800e9c
e038dff62440b626103b2b81adcbb64b5cb3bd80433d1a710f37162cd7c0cc17
e0ee26062231c0b50ed8172b682b9849d9e5b25b258355caca131b884fe2efe6
e1df881dfa3c790fb46a3ab0d0edd13cfaf25c0c369cca89ec8115cfdf338236
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e50b3437118e3987bcf15bbe18094b785119f764d2af29be181b531de3b1bb08
e5db57b12755397cb6c40f4319862beece6fb74c0764861b8b01447ba662abb2
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
eac810283a09ee72b754e02f1eff87cbaba4b297afdee33f7e453d559b6bade1
eb2f6a928a8fd7ff273918bd40284f2f182bdc04c40e5c8a16def7eb9ae1e127
eb5d2703f407214a276ff1b34a0b1844ab5ae925735deb868a11590c2a5207a1
ec39679b1074bca6b0f2048ea385a49a3db047df9d3f8e5dfade34d392a83a68
eddc11d8be0ae5311acc08d5f2ebe7ff9426384f6408ecbb56abbd7fb5e03743
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef45c21f7e054481c81992c1a46293a28c9bb8b3722bc566479326187f473c8c
f0ea7d6bc25fd0d6b24f2be614e02b46cbcf24ba58e180b189ba7667370f39e1
f1999206051534c886e13fb23a24980bf7e3cfd83a388f4cf2c81e3e7d7c03ad
f34c6a3c394365248df5229025f8b77cd254160fe7c97d66a4ed70cb2121ee95
f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6
f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6
f68073f49c7ef260ff7449f77367ebe5863bc313d44391857eb952d2ebd1885d
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616