urlscan.io logo urlscan.io
SecurityTrails logo

www.elfcosmetics.com Open in urlscan Pro
165.254.56.99  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.cosmeticcriminals.com/
Effective URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Submission: On March 06 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 77 IPs in 3 countries across 62 domains to perform 296 HTTP transactions. The main IP is 165.254.56.99, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 60012.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.
This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 204.2.49.62 393259 (YOTTAA-AS-1)
1 12 165.254.56.99 393259 (YOTTAA-AS-1)
5 11 2606:4700:440... 13335 (CLOUDFLAR...)
5 2606:4700:440... 13335 (CLOUDFLAR...)
18 2607:f8b0:400... 15169 (GOOGLE)
1 2a04:4e42::649 54113 (FASTLY)
3 151.101.130.133 54113 (FASTLY)
4 2607:f8b0:400... 15169 (GOOGLE)
5 35.190.10.96 15169 (GOOGLE)
11 2606:4700::68... 13335 (CLOUDFLAR...)
7 2607:f8b0:400... 15169 (GOOGLE)
3 2600:9000:21d... 16509 (AMAZON-02)
2 104.26.13.205 13335 (CLOUDFLAR...)
6 151.101.194.133 54113 (FASTLY)
4 7 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
8 2607:f8b0:400... 15169 (GOOGLE)
1 6 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2600:9000:24f... 16509 (AMAZON-02)
4 2001:4860:480... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
6 13.225.214.129 16509 (AMAZON-02)
1 2600:9000:210... 16509 (AMAZON-02)
2 2 34.224.76.204 14618 (AMAZON-AES)
1 3 52.87.64.131 14618 (AMAZON-AES)
2 4 68.67.181.211 29990 (ASN-APPNEX)
7 8 3.33.220.150 16509 (AMAZON-02)
1 1 23.44.201.207 20940 (AKAMAI-ASN1)
1 1 8.43.72.97 26667 (RUBICONPR...)
1 1 142.250.176.194 15169 (GOOGLE)
1 2 2606:4700:440... 13335 (CLOUDFLAR...)
1 204.2.50.19 393259 (YOTTAA-AS-1)
1 104.102.136.211 16625 (AKAMAI-AS)
1 34.102.147.248 396982 (GOOGLE-CL...)
9 151.101.65.21 54113 (FASTLY)
1 2600:141b:1c0... 20940 (AKAMAI-ASN1)
1 18.238.80.5 16509 (AMAZON-02)
3 2600:9000:23c... 16509 (AMAZON-02)
2 18.238.74.246 16509 (AMAZON-02)
2 2600:141b:1c0... 20940 (AKAMAI-ASN1)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 2a04:4e42:600... 54113 (FASTLY)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
10 23.48.224.114 20940 (AKAMAI-ASN1)
4 2600:9000:24f... 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
4 8 142.250.80.102 15169 (GOOGLE)
2 34.120.253.250 396982 (GOOGLE-CL...)
5 44.208.222.212 14618 (AMAZON-AES)
2 34.98.67.3 396982 (GOOGLE-CL...)
15 34.234.123.28 14618 (AMAZON-AES)
6 35.190.43.134 15169 (GOOGLE)
3 2606:4700:440... 13335 (CLOUDFLAR...)
4 2607:f8b0:400... 15169 (GOOGLE)
2 2 108.138.128.39 16509 (AMAZON-02)
2 3.232.18.169 14618 (AMAZON-AES)
2 142.250.72.98 15169 (GOOGLE)
2 151.101.193.140 54113 (FASTLY)
1 44.208.207.37 14618 (AMAZON-AES)
3 151.101.1.35 54113 (FASTLY)
1 104.126.118.227 20940 (AKAMAI-ASN1)
4 23.56.163.9 16625 (AKAMAI-AS)
2 2a03:2880:f11... 32934 (FACEBOOK)
3 192.229.210.155 15133 (EDGECAST)
22 34.98.72.95 396982 (GOOGLE-CL...)
1 54.229.107.156 16509 (AMAZON-02)
6 18.238.49.105 16509 (AMAZON-02)
1 34.98.126.122 396982 (GOOGLE-CL...)
1 34.96.102.181 396982 (GOOGLE-CL...)
1 34.102.206.216 396982 (GOOGLE-CL...)
2 108.138.106.128 16509 (AMAZON-02)
12 192.225.157.157 30286 (THM)
1 2600:1901:0:5... 396982 (GOOGLE-CL...)
2 34.149.130.207 396982 (GOOGLE-CL...)
2 2 35.244.154.8 396982 (GOOGLE-CL...)
7 34.111.8.32 396982 (GOOGLE-CL...)
2 192.225.158.1 30286 (THM)
1 192.225.158.3 30286 (THM)
1 2 34.149.254.212 396982 (GOOGLE-CL...)
1 1 107.178.254.65 396982 (GOOGLE-CL...)
1 52.50.33.182 ()
1 1 8.28.7.83 ()
2 2 35.211.178.172 ()
296 77
1    204.2.49.62 (United States)

ASN393259 (YOTTAA-AS-1, US)
www.cosmeticcriminals.com
12    165.254.56.99 (United States)

ASN393259 (YOTTAA-AS-1, US)
www.elfcosmetics.com
11    2606:4700:4400::6812:205a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.media.amplience.net
5    2606:4700:4400::ac40:952f (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.static.amplience.net
18    2607:f8b0:4006:807::200e (United States)

ASN15169 (GOOGLE, US)
www.youtube.com
1    2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
3    151.101.130.133 (United States)

ASN54113 (FASTLY, US)
cdn-fsly.yottaa.net
4    2607:f8b0:4006:81d::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
5    35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com
collector-pxxt4gy2ig.px-cloud.net
11    2606:4700::6812:82ec (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
7    2607:f8b0:4006:820::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2600:9000:21dd:8000:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.dynamicyield.com
2    104.26.13.205 (None, )

ASN13335 (CLOUDFLARENET, US)
api.ipify.org
6    151.101.194.133 (United States)

ASN54113 (FASTLY, US)
sdk.iad-05.braze.com
7    2607:f8b0:4006:807::2002 (United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2607:f8b0:4006:81f::2006 (United States)

ASN15169 (GOOGLE, US)
static.doubleclick.net
8    2607:f8b0:4006:822::200a (United States)

ASN15169 (GOOGLE, US)
jnn-pa.googleapis.com
6    2607:f8b0:4006:80f::2004 (United States)

ASN15169 (GOOGLE, US)
www.google.com
2    2607:f8b0:4006:823::2016 (United States)

ASN15169 (GOOGLE, US)
i.ytimg.com
1    2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
1    2600:9000:24f1:4400:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)
st.dynamicyield.com
4    2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    2607:f8b0:4006:80c::2003 (United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2607:f8b0:4004:c09::9b (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
6    13.225.214.129 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-214-129.ewr50.r.cloudfront.net
async-px.dynamicyield.com
1    2600:9000:210b:7600:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.cnnx.link
2    34.224.76.204 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-76-204.compute-1.amazonaws.com
pixel.pointmediatracker.com
3    52.87.64.131 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-87-64-131.compute-1.amazonaws.com
cnv.event.prod.bidr.io
4    68.67.181.211 (North Bergen, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
ib.adnxs.com
8    3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
insight.adsrvr.org
match.adsrvr.org
1    23.44.201.207 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-44-201-207.deploy.static.akamaitechnologies.com
hb.yahoo.net
1    8.43.72.97 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
1    142.250.176.194 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f2.1e100.net
cm.g.doubleclick.net
2    2606:4700:4400::6812:249b (United States)

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
1    204.2.50.19 (United States)

ASN393259 (YOTTAA-AS-1, US)
qoe-1.yottaa.net
1    104.102.136.211 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-136-211.deploy.static.akamaitechnologies.com
static.ordergroove.com
1    34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com
tag.rmp.rakuten.com
9    151.101.65.21 (United States)

ASN54113 (FASTLY, US)
www.paypal.com
1    2600:141b:1c00:10::172c:c9b3 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
websdk.appsflyer.com
1    18.238.80.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-80-5.jfk52.r.cloudfront.net
t.contentsquare.net
3    2600:9000:23cb:f200:13:d6f4:3240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.usehero.com
2    18.238.74.246 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-74-246.jfk52.r.cloudfront.net
sc-static.net
2    2600:141b:1c00:1a89::1931 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
s.pinimg.com
2    2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
10    23.48.224.114 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-48-224-114.deploy.static.akamaitechnologies.com
analytics.tiktok.com
4    2600:9000:24f1:e800:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.jebbit.com
1    2607:f8b0:4006:81d::200e (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
8    142.250.80.102 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s36-in-f6.1e100.net
10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
2    34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com
tag.wknd.ai
5    44.208.222.212 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-208-222-212.compute-1.amazonaws.com
c.contentsquare.net
2    34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com
ut.rd.linksynergy.com
tags.rd.linksynergy.com
15    34.234.123.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-234-123-28.compute-1.amazonaws.com
api.usehero.com
6    35.190.43.134 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com
tr.snapchat.com
tr6.snapchat.com
3    2606:4700:4400::ac40:91b7 (United States)

ASN13335 (CLOUDFLARENET, US)
elfcosmetics.a.bigcontent.io
4    2607:f8b0:4006:80f::2002 (United States)

ASN15169 (GOOGLE, US)
adservice.google.com
2    108.138.128.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-39.jfk50.r.cloudfront.net
ads.undertone.com
2    3.232.18.169 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-18-169.compute-1.amazonaws.com
evt.undertone.com
2    142.250.72.98 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f2.1e100.net
www.googleadservices.com
2    151.101.193.140 (United States)

ASN54113 (FASTLY, US)
alb.reddit.com
1    44.208.207.37 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-208-207-37.compute-1.amazonaws.com
external-api.jebbit.com
3    151.101.1.35 (United States)

ASN54113 (FASTLY, US)
t.paypal.com
1    104.126.118.227 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-118-227.deploy.static.akamaitechnologies.com
analytics.pangle-ads.com
4    23.56.163.9 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-163-9.deploy.static.akamaitechnologies.com
ct.pinterest.com
2    2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
3    192.229.210.155 (United States)

ASN15133 (EDGECAST, US)
www.paypalobjects.com
22    34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com
assets.bounceexchange.com
1    54.229.107.156 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-107-156.eu-west-1.compute.amazonaws.com
srm.ba.contentsquare.net
6    18.238.49.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-49-105.jfk52.r.cloudfront.net
upload.usehero.com
1    34.98.126.122 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 122.126.98.34.bc.googleusercontent.com
data.cdnbasket.net
1    34.96.102.181 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 181.102.96.34.bc.googleusercontent.com
page.cdnbasket.net
1    34.102.206.216 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 216.206.102.34.bc.googleusercontent.com
view.cdnbasket.net
2    108.138.106.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-128.jfk50.r.cloudfront.net
cdn-scripts.signifyd.com
12    192.225.157.157 (United States)

ASN30286 (THM, US)
imgs.signifyd.com
1    2600:1901:0:56e0:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
ids.cdnwidget.com
2    34.149.130.207 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 207.130.149.34.bc.googleusercontent.com
pd.cdnwidget.com
idr.cdnwidget.com
2    35.244.154.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com
idsync.rlcdn.com
7    34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com
api.bounceexchange.com
events.bouncex.net
2    192.225.158.1 (United States)

ASN30286 (THM, US)
h.online-metrix.net
1    192.225.158.3 (United States)

ASN30286 (THM, US)
w2txo5aanf2md3hkgco6xex6u3tcyjd44x5c4hcy0e0aeaa6bbf08677sac.d.aa.online-metrix.net
2    34.149.254.212 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 212.254.149.34.bc.googleusercontent.com
pix.cdnwidget.com
1    107.178.254.65 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 65.254.178.107.bc.googleusercontent.com
pippio.com
1    52.50.33.182 (None, )

ASN- ()
k-aeu1.contentsquare.net
1    8.28.7.83 (None, )

ASN- ()
simage2.pubmatic.com
2    35.211.178.172 (None, )

ASN- ()
x.bidswitch.net
Apex Domain
Subdomains		 Transfer
24 usehero.com
cdn.usehero.com — Cisco Umbrella Rank: 56127
api.usehero.com — Cisco Umbrella Rank: 52263
upload.usehero.com — Cisco Umbrella Rank: 81808
348 KB
23 bounceexchange.com
assets.bounceexchange.com — Cisco Umbrella Rank: 2407
api.bounceexchange.com — Cisco Umbrella Rank: 2693
997 KB
20 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 35
static.doubleclick.net — Cisco Umbrella Rank: 259
stats.g.doubleclick.net — Cisco Umbrella Rank: 84
cm.g.doubleclick.net — Cisco Umbrella Rank: 271
10742279.fls.doubleclick.net — Cisco Umbrella Rank: 322334
9231397.fls.doubleclick.net — Cisco Umbrella Rank: 272055
5 KB
18 youtube.com
www.youtube.com — Cisco Umbrella Rank: 66
2 MB
16 amplience.net
cdn.media.amplience.net — Cisco Umbrella Rank: 14862
cdn.static.amplience.net — Cisco Umbrella Rank: 47800
9 MB
14 signifyd.com
cdn-scripts.signifyd.com — Cisco Umbrella Rank: 8695
imgs.signifyd.com — Cisco Umbrella Rank: 7215
96 KB
12 paypal.com
www.paypal.com — Cisco Umbrella Rank: 2952
t.paypal.com — Cisco Umbrella Rank: 3463
243 KB
12 elfcosmetics.com
www.elfcosmetics.com — Cisco Umbrella Rank: 60012
314 KB
11 google.com
www.google.com — Cisco Umbrella Rank: 2
analytics.google.com — Cisco Umbrella Rank: 148
adservice.google.com — Cisco Umbrella Rank: 92
40 KB
11 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 334
170 KB
10 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 693
269 KB
10 dynamicyield.com
cdn.dynamicyield.com — Cisco Umbrella Rank: 9260
st.dynamicyield.com — Cisco Umbrella Rank: 8587
async-px.dynamicyield.com — Cisco Umbrella Rank: 8602
239 KB
8 contentsquare.net
t.contentsquare.net — Cisco Umbrella Rank: 3542
c.contentsquare.net — Cisco Umbrella Rank: 4010
srm.ba.contentsquare.net — Cisco Umbrella Rank: 19150
k-aeu1.contentsquare.net
73 KB
8 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 625
match.adsrvr.org — Cisco Umbrella Rank: 364
4 KB
8 googleapis.com
jnn-pa.googleapis.com — Cisco Umbrella Rank: 218
80 KB
8 gstatic.com
fonts.gstatic.com
www.gstatic.com
95 KB
7 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
574 KB
6 bouncex.net
events.bouncex.net — Cisco Umbrella Rank: 2246
572 B
6 snapchat.com
tr.snapchat.com — Cisco Umbrella Rank: 897
tr6.snapchat.com — Cisco Umbrella Rank: 1339
2 KB
6 braze.com
sdk.iad-05.braze.com — Cisco Umbrella Rank: 3272
878 B
5 cdnwidget.com
ids.cdnwidget.com — Cisco Umbrella Rank: 4091
pd.cdnwidget.com — Cisco Umbrella Rank: 4063
pix.cdnwidget.com — Cisco Umbrella Rank: 5994
idr.cdnwidget.com — Cisco Umbrella Rank: 8446
2 KB
5 jebbit.com
js.jebbit.com — Cisco Umbrella Rank: 35631
external-api.jebbit.com — Cisco Umbrella Rank: 49623
121 KB
5 px-cloud.net
collector-pxxt4gy2ig.px-cloud.net — Cisco Umbrella Rank: 248275
2 KB
4 pinterest.com
ct.pinterest.com — Cisco Umbrella Rank: 876
4 KB
4 undertone.com
ads.undertone.com — Cisco Umbrella Rank: 8712
evt.undertone.com — Cisco Umbrella Rank: 10759
2 KB
4 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 500
ib.adnxs.com — Cisco Umbrella Rank: 256
4 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 29
21 KB
4 yottaa.net
cdn-fsly.yottaa.net — Cisco Umbrella Rank: 24616 Failed
qoe-1.yottaa.net — Cisco Umbrella Rank: 10482
1 MB
3 online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 2615
w2txo5aanf2md3hkgco6xex6u3tcyjd44x5c4hcy0e0aeaa6bbf08677sac.d.aa.online-metrix.net
16 KB
3 cdnbasket.net
data.cdnbasket.net — Cisco Umbrella Rank: 5130
page.cdnbasket.net — Cisco Umbrella Rank: 5136
view.cdnbasket.net — Cisco Umbrella Rank: 5137
1014 B
3 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2598
33 KB
3 bigcontent.io
elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 101445
8 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 375
14 KB
3 bidr.io
cnv.event.prod.bidr.io — Cisco Umbrella Rank: 10171
2 KB
2 bidswitch.net
x.bidswitch.net
1 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 483
837 B
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 100
239 B
2 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1415
735 B
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 124
4 KB
2 linksynergy.com
ut.rd.linksynergy.com — Cisco Umbrella Rank: 8738
tags.rd.linksynergy.com — Cisco Umbrella Rank: 5606
701 B
2 wknd.ai
tag.wknd.ai — Cisco Umbrella Rank: 4791
12 KB
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1245
10 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
72 KB
2 pinimg.com
s.pinimg.com — Cisco Umbrella Rank: 865
20 KB
2 sc-static.net
sc-static.net — Cisco Umbrella Rank: 1180
38 KB
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 631
1 KB
2 pointmediatracker.com
pixel.pointmediatracker.com — Cisco Umbrella Rank: 4574
1 KB
2 ytimg.com
i.ytimg.com — Cisco Umbrella Rank: 89
6 KB
2 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2821
225 B
1 pubmatic.com
simage2.pubmatic.com
517 B
1 pippio.com
pippio.com — Cisco Umbrella Rank: 817
577 B
1 pangle-ads.com
analytics.pangle-ads.com — Cisco Umbrella Rank: 2797
825 B
1 appsflyer.com
websdk.appsflyer.com — Cisco Umbrella Rank: 4631
12 KB
1 rakuten.com
tag.rmp.rakuten.com — Cisco Umbrella Rank: 8375
15 KB
1 ordergroove.com
static.ordergroove.com — Cisco Umbrella Rank: 27578
43 KB
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 388
913 B
1 yahoo.net
hb.yahoo.net — Cisco Umbrella Rank: 692
616 B
1 cnnx.link
js.cnnx.link — Cisco Umbrella Rank: 9941
1 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 541
314 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 760
24 KB
1 cosmeticcriminals.com
www.cosmeticcriminals.com
328 B
0 tapad.com Failed
pixel.tapad.com — Cisco Umbrella Rank: 526 Failed
296 62
Domain Requested by
22 assets.bounceexchange.com www.elfcosmetics.com
18 www.youtube.com www.elfcosmetics.com
www.youtube.com
15 api.usehero.com cdn.usehero.com
analytics.tiktok.com
12 imgs.signifyd.com www.elfcosmetics.com
imgs.signifyd.com
12 www.elfcosmetics.com 1 redirects www.elfcosmetics.com
cdn-fsly.yottaa.net
11 cdn.cookielaw.org cdn-fsly.yottaa.net
cdn.cookielaw.org
www.elfcosmetics.com
11 cdn.media.amplience.net 5 redirects www.elfcosmetics.com
10 analytics.tiktok.com www.elfcosmetics.com
analytics.tiktok.com
9 www.paypal.com www.elfcosmetics.com
www.paypal.com
www.paypalobjects.com
analytics.tiktok.com
8 jnn-pa.googleapis.com www.youtube.com
7 googleads.g.doubleclick.net 4 redirects www.youtube.com
www.elfcosmetics.com
7 www.googletagmanager.com www.elfcosmetics.com
6 events.bouncex.net
6 upload.usehero.com cdn.usehero.com
6 match.adsrvr.org 5 redirects
6 async-px.dynamicyield.com cdn.dynamicyield.com
6 www.google.com 1 redirects www.youtube.com
www.elfcosmetics.com
6 sdk.iad-05.braze.com cdn-fsly.yottaa.net
5 tr.snapchat.com www.elfcosmetics.com
sc-static.net
5 c.contentsquare.net t.contentsquare.net
5 collector-pxxt4gy2ig.px-cloud.net www.elfcosmetics.com
analytics.tiktok.com
5 cdn.static.amplience.net www.elfcosmetics.com
4 ct.pinterest.com analytics.tiktok.com
www.elfcosmetics.com
4 adservice.google.com 10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
4 9231397.fls.doubleclick.net 2 redirects www.googletagmanager.com
4 10742279.fls.doubleclick.net 2 redirects www.googletagmanager.com
4 js.jebbit.com www.elfcosmetics.com
4 www.gstatic.com www.youtube.com
www.gstatic.com
4 www.google-analytics.com www.elfcosmetics.com
www.google-analytics.com
4 fonts.gstatic.com www.youtube.com
3 www.paypalobjects.com www.elfcosmetics.com
www.paypalobjects.com
3 t.paypal.com
3 elfcosmetics.a.bigcontent.io
3 bat.bing.com www.elfcosmetics.com
3 cdn.usehero.com www.elfcosmetics.com
cdn.usehero.com
3 secure.adnxs.com 1 redirects
3 cnv.event.prod.bidr.io 1 redirects
3 cdn.dynamicyield.com www.elfcosmetics.com
3 cdn-fsly.yottaa.net www.elfcosmetics.com
2 x.bidswitch.net 2 redirects
2 pix.cdnwidget.com 1 redirects
2 h.online-metrix.net imgs.signifyd.com
2 idsync.rlcdn.com 2 redirects
2 cdn-scripts.signifyd.com www.elfcosmetics.com
2 www.facebook.com
2 alb.reddit.com
2 www.googleadservices.com www.elfcosmetics.com
2 evt.undertone.com 9231397.fls.doubleclick.net
2 ads.undertone.com 2 redirects
2 tag.wknd.ai www.elfcosmetics.com
2 www.redditstatic.com www.elfcosmetics.com
www.redditstatic.com
2 connect.facebook.net www.elfcosmetics.com
2 s.pinimg.com www.elfcosmetics.com
2 sc-static.net www.elfcosmetics.com
tr.snapchat.com
2 dsum-sec.casalemedia.com 1 redirects
2 insight.adsrvr.org 2 redirects
2 pixel.pointmediatracker.com 2 redirects
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 i.ytimg.com www.youtube.com
2 static.doubleclick.net www.youtube.com
2 api.ipify.org cdn-fsly.yottaa.net
1 simage2.pubmatic.com 1 redirects
1 k-aeu1.contentsquare.net t.contentsquare.net
1 idr.cdnwidget.com
1 pippio.com 1 redirects
1 w2txo5aanf2md3hkgco6xex6u3tcyjd44x5c4hcy0e0aeaa6bbf08677sac.d.aa.online-metrix.net
1 api.bounceexchange.com www.elfcosmetics.com
1 tags.rd.linksynergy.com
1 pd.cdnwidget.com analytics.tiktok.com
1 ids.cdnwidget.com analytics.tiktok.com
1 view.cdnbasket.net analytics.tiktok.com
1 page.cdnbasket.net analytics.tiktok.com
1 data.cdnbasket.net analytics.tiktok.com
1 srm.ba.contentsquare.net analytics.tiktok.com
1 tr6.snapchat.com sc-static.net
1 analytics.pangle-ads.com analytics.tiktok.com
1 external-api.jebbit.com js.jebbit.com
1 ut.rd.linksynergy.com www.elfcosmetics.com
1 analytics.google.com www.googletagmanager.com
1 t.contentsquare.net www.elfcosmetics.com
1 websdk.appsflyer.com www.elfcosmetics.com
1 tag.rmp.rakuten.com www.elfcosmetics.com
1 static.ordergroove.com www.elfcosmetics.com
1 qoe-1.yottaa.net www.elfcosmetics.com
1 ib.adnxs.com 1 redirects
1 cm.g.doubleclick.net 1 redirects
1 pixel.rubiconproject.com 1 redirects
1 hb.yahoo.net 1 redirects
1 js.cnnx.link www.googletagmanager.com
1 st.dynamicyield.com www.elfcosmetics.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 code.jquery.com www.elfcosmetics.com
1 www.cosmeticcriminals.com 1 redirects
0 pixel.tapad.com Failed sc-static.net
296 94
Subject Issuer Validity Valid
*.elfcosmetics.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-25 -
2024-10-25		 a year crt.sh
dm.amplience.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-20 -
2024-08-14		 a year crt.sh
*.google.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.yottaa.net
GlobalSign RSA OV SSL CA 2018		 2023-09-13 -
2024-10-14		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
*.px-cloud.net
Sectigo RSA Domain Validation Secure Server CA		 2023-08-15 -
2024-09-13		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2024-03-01 -
2024-12-31		 10 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
*.dynamicyield.com
Amazon RSA 2048 M02		 2023-09-03 -
2024-10-01		 a year crt.sh
ipify.org
GTS CA 1P5		 2024-01-22 -
2024-04-21		 3 months crt.sh
*.iad-05.braze.com
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-07-27 -
2024-08-27		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
www.google.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
edgestatic.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2023-11-13 -
2024-11-12		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
js.cnnx.link
Amazon RSA 2048 M02		 2023-07-11 -
2024-08-07		 a year crt.sh
*.ordergroove.com
Go Daddy Secure Certificate Authority - G2		 2023-08-04 -
2024-08-17		 a year crt.sh
tag.rmp.rakuten.com
GTS CA 1D4		 2024-01-31 -
2024-04-30		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-08 -
2025-02-08		 a year crt.sh
*.appsflyer.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-07-27 -
2024-07-27		 a year crt.sh
t.contentsquare.net
Amazon RSA 2048 M01		 2023-09-13 -
2024-10-11		 a year crt.sh
*.usehero.com
Amazon RSA 2048 M02		 2023-08-28 -
2024-09-24		 a year crt.sh
sc-static.net
Amazon RSA 2048 M03		 2023-12-21 -
2025-01-18		 a year crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-07 -
2024-08-07		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-12-14 -
2024-03-13		 3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-01-08 -
2024-07-06		 6 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 02		 2024-01-21 -
2024-06-27		 5 months crt.sh
*.tiktok.com
RapidSSL ECC CA 2018		 2023-07-14 -
2024-08-13		 a year crt.sh
*.jebbit.com
Amazon RSA 2048 M01		 2023-05-24 -
2024-06-21		 a year crt.sh
tag.wknd.ai
R3		 2024-01-19 -
2024-04-18		 3 months crt.sh
dep.bf.contentsquare.net
Amazon RSA 2048 M03		 2024-02-18 -
2025-03-19		 a year crt.sh
*.rd.linksynergy.com
ZeroSSL RSA Domain Secure Site CA		 2024-01-23 -
2025-01-22		 a year crt.sh
api.usehero.com
Amazon RSA 2048 M03		 2024-01-06 -
2025-02-03		 a year crt.sh
*.snap.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-02-21 -
2025-02-20		 a year crt.sh
*.bigcontent.io
GeoTrust TLS RSA CA G1		 2023-03-14 -
2024-04-13		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-01-15 -
2024-07-13		 6 months crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2023-09-21 -
2024-10-21		 a year crt.sh
*.pangle-ads.com
RapidSSL TLS ECC CA G1		 2023-08-10 -
2024-09-09		 a year crt.sh
assets.bounceexchange.com
GTS CA 1D4		 2024-01-19 -
2024-04-18		 3 months crt.sh
srm.ba.contentsquare.net
Amazon RSA 2048 M02		 2023-11-07 -
2024-12-06		 a year crt.sh
data.cdnbasket.net
GTS CA 1D4		 2024-01-10 -
2024-04-09		 3 months crt.sh
page.cdnbasket.net
GTS CA 1D4		 2024-01-13 -
2024-04-12		 3 months crt.sh
view.cdnbasket.net
GTS CA 1D4		 2024-01-18 -
2024-04-17		 3 months crt.sh
cdn-scripts.signifyd.com
Amazon RSA 2048 M01		 2023-07-03 -
2024-07-31		 a year crt.sh
imgs.signifyd.com
Go Daddy Secure Certificate Authority - G2		 2023-10-20 -
2024-11-20		 a year crt.sh
ids.cdnwidget.com
R3		 2024-01-12 -
2024-04-11		 3 months crt.sh
pd.cdnwidget.com
R3		 2024-01-12 -
2024-04-11		 3 months crt.sh
*.wunderkind.co
R3		 2024-02-04 -
2024-05-04		 3 months crt.sh
online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2023-10-20 -
2024-10-21		 a year crt.sh
*.aa.online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2023-10-20 -
2024-10-21		 a year crt.sh
idr.cdnwidget.com
R3		 2024-01-12 -
2024-04-11		 3 months crt.sh
dep-malka.ba.contentsquare.net
Amazon RSA 2048 M02		 2023-10-11 -
2024-11-08		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2023-02-13 -
2024-03-15		 a year crt.sh

This page contains 19 frames:

Primary Page: https://www.elfcosmetics.com/elf-cosmetic-criminals
Frame ID: 7119D5091546A5A21A707C5F11CD7BDE
Requests: 197 HTTP requests in this frame

Frame: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Frame ID: A628FD380AA7549C5AE04DF12D5F9A6A
Requests: 18 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: 92EDFA89F10601B7816EAF413E5685CE
Requests: 18 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.56.0&integrationType=SDK
Frame ID: D39102FA01CAD7F373623C66F7CBF8E7
Requests: 4 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CM2ktfHw34QDFWq5fwQdpoQPaw;src=10742279;type=elf8j0;cat=glo_flap;ord=4340220447905;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals
Frame ID: 8CBF5363E1CBCE5605C10C15B337C0FA
Requests: 2 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CMevvfHw34QDFWCKfwQd0kYA3g;src=9231397;type=retarget;cat=globa0;ord=6504836100479;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals
Frame ID: 5AC42EEE3030D173CADCCC4CC687C874
Requests: 3 HTTP requests in this frame

Frame: https://cdn.usehero.com/plugin.5.46.0.js
Frame ID: 1B215992AA149BD34338041E1C9D214E
Requests: 13 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=b7221b04-43af-461e-bf6c-20e28d8b28f1&u_sclid=471e0679-f1a7-4e5e-8ee9-52733e1c338f
Frame ID: 554FE634D7D507DD80E4930F17665D4C
Requests: 2 HTTP requests in this frame

Frame: https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1709339041519%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
Frame ID: 6469D24A003397DADEFA4B8D322DF1DD
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 4CA17E2E9942EF5E9D0B26546652818A
Requests: 3 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: E0662185B178EADF2ED35EF25577F86F
Requests: 1 HTTP requests in this frame

Frame: https://upload.usehero.com/avatars/g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
Frame ID: 6154A0B66CACD42F7CE626D5A9A932E2
Requests: 3 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: C6BCCCA055AECF64B12A49F575F4A77A
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/9klEScNBpTXhLvin?e360375e1b843f51=3Te88F7s0Ous79LNxD5Aj6aKDb8WDJ9vyeZwLT9Jwk6n0jntrkZqMAZn6X-XLNSYhV6SlDgvWmoJ8qKZaakH6IbFZaWufEOWUHfyAXTakXcHyu2sNffK-6IENSzNC0W-V3nL-8EiG1Jcx2ygUlvsUZ-_JC3DJxnBYmwGbgqcTQj-RIZkGuFPK80UCmtV6pfIehYKyR4emZBOANLY&jb=3d3b242e60736f77355f616c6c67757b2e687b6f3755616e6c65777b2f3038393b2662736a773f4b62726f6f6d2e62716a3541607a6d65652f3038313a38
Frame ID: 1A10D6603BC21071D58A17F16F4E7531
Requests: 9 HTTP requests in this frame

Frame: https://imgs.signifyd.com/CKtu1rKA-axryNBW?e8d118f88f67f710=5o70AkeM4OCWd95lxZWZ10ePP2mwEowWHLkbKaKPXpaKCfTMOA4loPSKoguyhs1OhTGo-cnLKzrWxj4nF-a3iwa_fQwDBuaLnVBBL6CBQJpycd_LzIZePER38B35_sWWsQbot9ZEbN0g76QDp9mlhzvTUKKUqtC4pwnC1NJ1y_7nPyb5g6q6EJC6jY48u6_ORS7TJ-vgfUMqHcUJiOs
Frame ID: 34D2AADD532E1A342737F025909F5459
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/6dyRUAykQa-OR_q-?349a49bea2245d9f=C97gTcrLnOw_sj-CNr_eAwu_bR7-KNYzBRhTmiffghFWn_bwrLT4bbutE2qTpoP-uZa9cL5BVYB7vAIp7cOTiHkfFEcJ_-w8M1nH9jQTQf_epva4vARmKykIJuJIB18Pl1LspeuSHsy7RgyIpI-_0PctOrAssKpJscWpHwP6aGh8URF-ThAvS6LGq3RxyLC0iw8xGieRJk6r2g6hcf_8
Frame ID: 3276CFEA2549187CA238DB71DFF5D93A
Requests: 2 HTTP requests in this frame

Frame: https://imgs.signifyd.com/eNolPS9CH_cDE8oV?1d5e0f75a976a0b7=MtnJjg0pQ7mlqCd17TnRirnCXEfJtdpax5Zq6ll5Eur76aUnfgRP5hHIigadLYdyMmZ6FQF58ERZ_pgjRfoQOWNyBSpI9RDLrOwYn1aU5v75HqvGSC2ty7o_fxL6Tdc26-dga3Z9u288bFDcw6wW_pUPO048C2-ubPDgS4aLiT_CWTaWQ7KVdldHYlj5S_BBqz3KDXFqL1dxHGSP9gGf
Frame ID: B3A0B9B83274907C1C34B2A31AE272F3
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CMCY4_Xw34QDFS6zfwQdFOcHVw;src=10742279;type=elf8j0;cat=glo_flap;ord=2259864840281;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals
Frame ID: FDCDEC68E1EC12CF52F21F9A9851923F
Requests: 2 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CK-b4_Xw34QDFZqrfwQdviAMxQ;src=9231397;type=retarget;cat=globa0;ord=3970572328678;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals
Frame ID: A11B31FFFC5D963CEA736782D3BAE9F2
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Cosmetic Criminals | e.l.f. CosmeticsBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. https://www.cosmeticcriminals.com/ HTTP 301
    https://www.elfcosmetics.com/elf-cosmetic-criminals Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • cdn\.dynamicyield\.\w+/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • tag\.rmp\.rakuten\.com
Overall confidence: 10%
Detected patterns
  • basket.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

296
Requests

92 %
HTTPS

37 %
IPv6

62
Domains

94
Subdomains

77
IPs

3
Countries

16178 kB
Transfer

32047 kB
Size

96
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.cosmeticcriminals.com/ HTTP 301
    https://www.elfcosmetics.com/elf-cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Request Chain 16
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Request Chain 17
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
Request Chain 18
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
Request Chain 19
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4
Request Chain 42
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=IYJ2DxWT7GmcIXwn926QBs50hChm-DTPMxDEwqzLjQQ HTTP 303
  • https://www.elfcosmetics.com/callback?usid=32e5444b-97f5-4dfe-84a0-34876b3e044e&code=texS4QfdoqXIh0NPv9X9VIQZzA1Z4ZAvCpj2S6b8kK8
Request Chain 45
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Request Chain 52
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Request Chain 71
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=249596953.1709736521&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4340n81WL3STMXv896608294za200&auid=762808258.1709736521 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=249596953.1709736521&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4340n81WL3STMXv896608294za200&auid=762808258.1709736521
Request Chain 101
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=8dcde102-dd54-45b8-a4e5-3c71f91dff92&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=1453608007 HTTP 302
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=41c7ac33-2597-44d0-82af-11dd6d905a2d.&ord=1511220124543717947 HTTP 303
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=41c7ac33-2597-44d0-82af-11dd6d905a2d.&ord=1511220124543717947&_bee_ppp=1
Request Chain 102
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Request Chain 103
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
  • https://hb.yahoo.net/cksync.php?cs=3&type=55953&gdpr=%24%7bGDPR%7d&gdpr_consent=%24%7bGDPR_CONSENT%7d&gpp=%24%7bGPP_STRING%7d&gpp_sid=%24%7bGPP_SID%7d&ovsid=rightmedia&redirect=https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fgeneric%3fttd_pid%3drightmedia&ttd_tdid=1039f81f-4a20-4172-9151-964819f7b760 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=1039f81f-4a20-4172-9151-964819f7b760&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=MTAzOWY4MWYtNGEyMC00MTcyLTkxNTEtOTY0ODE5ZjdiNzYw&gdpr=0&gdpr_consent=&ttd_tdid=1039f81f-4a20-4172-9151-964819f7b760 HTTP 302
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=1039f81f-4a20-4172-9151-964819f7b760&google_gid=CAESEP6gRGCdRjhxLmbAdLhpbF8&google_cver=1 HTTP 302
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=1039f81f-4a20-4172-9151-964819f7b760 HTTP 302
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=1022538471947984002&ttd_tdid=1039f81f-4a20-4172-9151-964819f7b760 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=1039f81f-4a20-4172-9151-964819f7b760&expiration=1712328524&gdpr=0&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=1039f81f-4a20-4172-9151-964819f7b760&expiration=1712328524&gdpr=0&gdpr_consent=&C=1
Request Chain 139
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=4340220447905;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CM2ktfHw34QDFWq5fwQdpoQPaw;src=10742279;type=elf8j0;cat=glo_flap;ord=4340220447905;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals
Request Chain 145
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=6504836100479;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CMevvfHw34QDFWCKfwQd0kYA3g;src=9231397;type=retarget;cat=globa0;ord=6504836100479;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals
Request Chain 153
  • https://ads.undertone.com/t?trackerid=7729&cb=685238072 HTTP 307
  • https://evt.undertone.com/t?trackerid=7729&cb=685238072
Request Chain 182
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1686884066&cv=11&fst=1709736524207&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&npa=1&pscdl=noapi&auid=762808258.1709736521&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&eitems=ChAIgMWgrwYQpbDbu5_zq-N0Eh0AhfHvbrSfTveRb8jxq2WIm1dCFUUuD9OJZNRQ4g&pscrd=EkxDaEFJZ01XZ3J3WVF0NTZmc3FLU2o2aEJFaVVBUlBGRFNreDFGTTdrZncyNUxxektwT2JXNjJ6QlJkbmx4V2paQUtyaVdILU5jY0JfGldDaEFJZ01XZ3J3WVFsWm1jNHZUaWdJd3ZFaTBBZDVSVmZ5QmxaUG9LXzBLNlVsZkJueDNSSFZ1aGRsZFpzbWVYSFhTOEtEQmh1RWJxQU5CdXpiQk1DTUEiEwjdhfvx8N-EAxUBjVoFHajQBpUyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC HTTP 302
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1686884066&cv=11&fst=1709736524207&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&npa=1&pscdl=noapi&auid=762808258.1709736521&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=EkxDaEFJZ01XZ3J3WVF0NTZmc3FLU2o2aEJFaVVBUlBGRFNreDFGTTdrZncyNUxxektwT2JXNjJ6QlJkbmx4V2paQUtyaVdILU5jY0JfGldDaEFJZ01XZ3J3WVFsWm1jNHZUaWdJd3ZFaTBBZDVSVmZ5QmxaUG9LXzBLNlVsZkJueDNSSFZ1aGRsZFpzbWVYSFhTOEtEQmh1RWJxQU5CdXpiQk1DTUEiEwjdhfvx8N-EAxUBjVoFHajQBpUyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSKQB7FLtqg2_6W_8JGqawaLqQiMvVeFbUrFc0cnVzW_NHQuy9hHrYsHJM&eitems=ChAIgMWgrwYQpbDbu5_zq-N0Eh0AhfHvbumUkkF8EROLZgNKzcZfMmFhYQe1_PTteA&random=1992985855
Request Chain 186
  • https://tr.snapchat.com/cm/s?bt=1d53c387&pnid=140&cb=1709736525678&u_scsid=31d8c0ad-17f0-42bf-9b3e-ea6d97b0ac6d&u_sclid=22d99b20-3dc6-44cc-b9b9-41ecafdbc6b7 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1709339041519%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1709339041519%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
Request Chain 232
  • https://idsync.rlcdn.com/458359.gif?partner_uid=bc74edfc-18d6-46f8-b89c-4f89719dd46e HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGJjNzRlZGZjLTE4ZDYtNDZmOC1iODljLTRmODk3MTlkZDQ2ZRAAGg0Iz4SirwYSBQjoBxAAQgBKAA HTTP 307
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=81284d164479db9b681ec88b4036798f33d8887309eb5af5240aad0b1d5e02196ac34734d8e453ee
Request Chain 248
  • https://pix.cdnwidget.com/redirect?CID=2dJqSQ3wuFM9DaojZgn0dZYeAik&DID=2dJqSM9L2gmnoL20KhBhb49UJuQ&v=&iv=&deviceid=8723199298549469282&visitid=1709736527499809&wsid=4142&apikey=2^HIykD HTTP 302
  • https://pippio.com/api/sync?pid=5749 HTTP 307
  • https://pix.cdnwidget.com/hash.gif?md5=none&sha1=none&sha256=none
Request Chain 278
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=2259864840281;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CMCY4_Xw34QDFS6zfwQdFOcHVw;src=10742279;type=elf8j0;cat=glo_flap;ord=2259864840281;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals
Request Chain 279
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=3970572328678;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CK-b4_Xw34QDFZqrfwQdviAMxQ;src=9231397;type=retarget;cat=globa0;ord=3970572328678;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals
Request Chain 284
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=8dcde102-dd54-45b8-a4e5-3c71f91dff92&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=New&gtmcb=611884834 HTTP 302
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=cca21d34-cbe3-4aaf-84f5-ffe280973a69.&ord=6722453524154097043
Request Chain 288
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1039f81f-4a20-4172-9151-964819f7b760&r=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dpubmatic HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic HTTP 302
  • https://x.bidswitch.net/syncd?dsp_id=93&user_group=1&user_id=1039f81f-4a20-4172-9151-964819f7b760&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch HTTP 302
  • https://x.bidswitch.net/ul_cb/syncd?dsp_id=93&user_group=1&user_id=1039f81f-4a20-4172-9151-964819f7b760&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch
Request Chain 292
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=803769380&cv=11&fst=1709736532975&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&npa=1&pscdl=noapi&auid=762808258.1709736521&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&eitems=ChAIgMWgrwYQpbDbu5_zq-N0Eh0AhfHvbmlBDTcjWlXnKQyyVECRLyOsPOBmhHtzuQ&pscrd=EkxDaEFJZ01XZ3J3WVF0NTZmc3FLU2o2aEJFaVVBUlBGRFNreDFGTTdrZncyNUxxektwT2JXNjJ6QlJkbmx4V2paQUtyaVdILU5jY0JfGldDaEFJZ01XZ3J3WVFsWm1jNHZUaWdJd3ZFaTBBZDVSVmYyVnk3dG9lMG5XTHdrTzBWMGxWdTdacGwxWmZVVVdVdjVZd040Q2Fsa2puN3M1U0gyOG9CWFEiEwjJr9b18N-EAxVTs1oFHX_gBZQyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC HTTP 302
  • https://www.google.com/pagead/1p-conversion/698270988/?random=803769380&cv=11&fst=1709736532975&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&npa=1&pscdl=noapi&auid=762808258.1709736521&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=EkxDaEFJZ01XZ3J3WVF0NTZmc3FLU2o2aEJFaVVBUlBGRFNreDFGTTdrZncyNUxxektwT2JXNjJ6QlJkbmx4V2paQUtyaVdILU5jY0JfGldDaEFJZ01XZ3J3WVFsWm1jNHZUaWdJd3ZFaTBBZDVSVmYyVnk3dG9lMG5XTHdrTzBWMGxWdTdacGwxWmZVVVdVdjVZd040Q2Fsa2puN3M1U0gyOG9CWFEiEwjJr9b18N-EAxVTs1oFHX_gBZQyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSKQB7FLtqTrQWqfRzJoxZSxSIpSCWhiBzJMrnQnusyUHCNfBDFAeFGUxW&eitems=ChAIgMWgrwYQpbDbu5_zq-N0Eh0AhfHvbg-Dv0JzgWX-u1R8VcK9FO0Hc7DxXrwHoQ&random=756741644
Request Chain 296
  • https://ads.undertone.com/t?trackerid=7729&cb=1128007421 HTTP 307
  • https://evt.undertone.com/t?trackerid=7729&cb=1128007421

296 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request elf-cosmetic-criminals
www.elfcosmetics.com/
Redirect Chain
  • https://www.cosmeticcriminals.com/
  • https://www.elfcosmetics.com/elf-cosmetic-criminals
938 KB
237 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.99 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
917d730202549036e0e6b04929f620a127c48a258d789abe29f7d88fe721f0f5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

age
0
cache-control
public, must-revalidate, s-maxage=900
content-encoding
gzip
content-length
241467
content-type
text/html; charset=utf-8
date
Wed, 06 Mar 2024 14:48:35 GMT
etag
W/"cd9e9-cSkUMNkf5BiATsQrlb9+Daa4J+E"
vary
Accept-Encoding
via
1.1 8bdb05fbf74c6dd0d9d93215e88dbeee.cloudfront.net (CloudFront)
x-amz-apigw-id
UNlKTEAzCYcEGcg=
x-amz-cf-id
i0JsbJo7oRhqa59GhOUK2_JO1xFJP6qmkRJYuu_Wch2rXO_iqh3dcw==
x-amz-cf-pop
LHR62-C3
x-amzn-remapped-connection
close
x-amzn-remapped-content-length
842217
x-amzn-remapped-date
Wed, 06 Mar 2024 14:48:34 GMT
x-amzn-requestid
a09ace74-ec31-4e0a-96c5-1e0f02f5fea4
x-amzn-trace-id
Root=1-65e88241-7c13093a53253d414d7ecda2;Parent=569e9c40230d7aef;Sampled=0;lineage=2b75b0e9:0
x-cache
Miss from cloudfront
x-yottaa-metrics
3421a5fe382e/[2165,1986,-] 34D1a5fe3863/[-,2348.612]
x-yottaa-optimizations
ob/1000000100001000 si/34D1a5fe3863-1709730801-21776009 tts/1707668314613 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os
200

Redirect headers

age
0
content-length
1197
content-type
text/html; charset=utf-8
date
Wed, 06 Mar 2024 14:48:33 GMT
location
https://www.elfcosmetics.com/elf-cosmetic-criminals
vary
User-Agent
x-yottaa-fw
fb/100000 tid/658dc44fd93140973bd48a52 rid/658dc848d93140973bd496fa stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics
38D1cc02313e/[-,0.245]
x-yottaa-optimizations
ob/0 si/38D1cc02313e-1709730801-3367356801 tts/1709736513084 ti/0 ai/658dc44fd93140973bd48a52
init.js
www.elfcosmetics.com/XT4Gy2ig/ 		167 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/XT4Gy2ig/init.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.99 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
37ddd739dbf47fdb07064f47f42c862e6c764387a6da735b937373555be6cc1b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:36 GMT
via
1.1 varnish
content-encoding
gzip
age
69
active-cdn
fastly
etag
"29dc4-gNSkeRguwpBhr5lX8AUipQ1Y1ZA"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
active-cdn,x-served-by
cache-control
max-age=600
x-yottaa-metrics
34D1a5fe3863/[-,5.349]
x-px-hash
MmVkZjQ1YjcxOGVlZjIyYmM4ZDA0YTRlYWYyYTRlZDA0ZDVkZjcyMjIxZTRmZThlZTU3NGFkODE1ZGRhNzRlMg==
accept-ranges
bytes
x-yottaa-optimizations
ob/0 si/34D1a5fe3863-1709730801-21776092 tts/1709736516162 ti/0 ai/5a0c9b7632f01c35d42101b2
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/ 		0
0
PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 		630 KB
631 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:205a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:36 GMT
cf-cache-status
HIT
age
41013
x-amp-srv
CF
edge-cache-tag
Ql76-7OeY,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
D0E6J_m6YR
alt-svc
h3=":443"; ma=86400
content-length
644728
x-xss-protection
1; mode=block
x-amp-source-height
1249
last-modified
Wed, 06 Mar 2024 03:25:03 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/jpeg
access-control-allow-origin
*
x-amp-source-width
3199
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
860325cc6d315e82-EWR
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 		205 KB
205 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:205a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:36 GMT
cf-cache-status
HIT
age
41013
x-amp-srv
CF
edge-cache-tag
XROlcgt46,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
XDzmGTIDW-
alt-svc
h3=":443"; ma=86400
content-length
209440
x-xss-protection
1; mode=block
x-amp-source-height
340
last-modified
Wed, 06 Mar 2024 03:25:03 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/png
access-control-allow-origin
*
x-amp-source-width
800
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
860325cc6d335e82-EWR
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Content-Type
image/gif
8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:37 GMT
x-amz-version-id
null
cf-cache-status
MISS
x-amz-request-id
SWBQR1DX6QXWN0D4
Content-Range
bytes 0-1060947/1060948
Content-Length
1060948
x-amz-id-2
8K2RfW+XVz/T7sg9quMKtIa/tYVdsV8H8MMMzK84yzSWmTMKJyteOJIgbzgmpYzoZPHACWepyDE=
last-modified
Fri, 22 Dec 2023 15:50:27 GMT
server
cloudflare
etag
"dd3676819bd88a250c875a11e38c307d"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
video/mp4
cf-ray
860325ce391f0c88-EWR

Redirect headers

date
Wed, 06 Mar 2024 14:48:36 GMT
cf-cache-status
HIT
age
45113
x-amp-srv
CF
edge-cache-tag
q0RIzSua3,l4p5bDg2e,bgWw7nQ29
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
server
cloudflare
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
860325cc6d385e82-EWR
bxGKZ6lfJ7A
www.youtube.com/embed/ Frame A628 		90 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
922c64e558220259f4977d026b43d7e42db91c7cd92fae1f2ee7c45c188527a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 14:48:36 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
rZPCKoUReO0
www.youtube.com/embed/ Frame 92ED 		90 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4479278d3fa462f1ae928ff764df2b34b620c2942a3b3f276853f6c454a6e879
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 14:48:36 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:205a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:36 GMT
cf-cache-status
HIT
age
41013
x-amp-srv
CF
edge-cache-tag
pFa_T_RlD,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
IZp1kLTThM
alt-svc
h3=":443"; ma=86400
content-length
2085695
x-xss-protection
1; mode=block
x-amp-source-height
1484
last-modified
Wed, 06 Mar 2024 03:25:03 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/png
access-control-allow-origin
*
x-amp-source-width
3080
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
860325cc6d355e82-EWR
x-amp-published
Wed, 03 Jan 2024 21:02:28 GMT
PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 		330 KB
331 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:205a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:36 GMT
cf-cache-status
HIT
age
41013
x-amp-srv
CF
edge-cache-tag
YOdGtw2Ga,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
OIDf0f3nK2
alt-svc
h3=":443"; ma=86400
content-length
338113
x-xss-protection
1; mode=block
x-amp-source-height
1062
last-modified
Wed, 06 Mar 2024 03:25:03 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/jpeg
access-control-allow-origin
*
x-amp-source-width
2806
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
860325cc6d345e82-EWR
x-amp-published
Wed, 27 Dec 2023 17:21:33 GMT
PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 		180 KB
180 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:205a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:36 GMT
cf-cache-status
HIT
age
41013
x-amp-srv
CF
edge-cache-tag
2YGwlfvlf,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
E8K8LmmGB6
alt-svc
h3=":443"; ma=86400
content-length
184181
x-xss-protection
1; mode=block
x-amp-source-height
1108
last-modified
Wed, 06 Mar 2024 03:25:03 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/jpeg
access-control-allow-origin
*
x-amp-source-width
1952
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
860325cc6d375e82-EWR
x-amp-published
Fri, 29 Dec 2023 07:51:47 GMT
PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 		614 KB
614 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:205a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:36 GMT
cf-cache-status
HIT
age
41013
x-amp-srv
CF
edge-cache-tag
iXaneMORU,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
6Rmjo0-Cyy
alt-svc
h3=":443"; ma=86400
content-length
628288
x-xss-protection
1; mode=block
x-amp-source-height
525
last-modified
Wed, 06 Mar 2024 03:25:03 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/png
access-control-allow-origin
*
x-amp-source-width
3200
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
860325cc7d565e82-EWR
x-amp-published
Thu, 28 Dec 2023 16:15:28 GMT
jquery-3.7.1.slim.min.js
code.jquery.com/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:36 GMT
content-encoding
gzip
via
1.1 varnish
age
1152388
x-cache
HIT
content-length
24036
x-served-by
cache-lga21936-LGA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1709736516.464944,VS0,VE0
etag
W/"28feccc0-11278"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
2370
player_api
www.youtube.com/ 		993 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/player_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a57c870a576b433cd110ddb6a6f86ce922e7ed0758c1da9e7e3190ff42c45fa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:36 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type
text/javascript; charset=utf-8
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Wed, 06 Mar 2024 14:48:36 GMT
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d

Request headers

Referer
Origin
https://www.elfcosmetics.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac

Request headers

Referer
Origin
https://www.elfcosmetics.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:37 GMT
x-amz-version-id
null
cf-cache-status
MISS
x-amz-request-id
SWBV0N4WQEAXX39M
Content-Range
bytes 0-1262366/1262367
Content-Length
1262367
x-amz-id-2
S4AaEaJ1Vx5oVWSwUgUYLZ6iea2oKXn4B/Fx0fK2dcg+XQ59aqlMRpv7B3yFlGJRSbtsGELtp8Q=
last-modified
Fri, 22 Dec 2023 17:43:50 GMT
server
cloudflare
etag
"91a2cbc7ca143aac79d0312d84bb77fb"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
video/mp4
cf-ray
860325ce391b0c88-EWR

Redirect headers

date
Wed, 06 Mar 2024 14:48:36 GMT
cf-cache-status
HIT
age
45113
x-amp-srv
CF
edge-cache-tag
rT1xWfLBp,l4p5bDg2e,fH6Lo3_5e
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
server
cloudflare
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
860325cc7d575e82-EWR
4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
952 KB
954 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a92babe0280635e6b8a8cd8b631230f248bfa16bfb2ae7a7e04d404df5518ccb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:37 GMT
x-amz-version-id
null
cf-cache-status
MISS
x-amz-request-id
SWBWWR7KM95Z62Z1
Content-Range
bytes 0-975135/975136
Content-Length
975136
x-amz-id-2
rR4VLtEW6cSKUt0+EQFP86f9abjTyHSMQzkb4Dg03Gb2hyTdzSM3BM4pdWVWbhkaiyK+tW2gGzo=
last-modified
Fri, 29 Dec 2023 07:23:44 GMT
server
cloudflare
etag
"d7fdef501f28cd925baedd782b4e6464"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
video/mp4
cf-ray
860325ce391c0c88-EWR

Redirect headers

date
Wed, 06 Mar 2024 14:48:36 GMT
cf-cache-status
HIT
age
45113
x-amp-srv
CF
edge-cache-tag
P7GRg8pom,l4p5bDg2e,6oVxns4D8
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
server
cloudflare
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
location
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
860325cc7d595e82-EWR
45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
850 KB
851 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b78b9170d1e1da68dd52e57d79c9e906137b28f87eca1f17b2c350f73d1f3ba

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:37 GMT
x-amz-version-id
null
cf-cache-status
MISS
x-amz-request-id
FR87NK7YNPR7T54X
Content-Range
bytes 0-869943/869944
Content-Length
869944
x-amz-id-2
a8+iY2NT+/yIE0LGuBSWdWeBGYKdz1zwZqkxlmxO1GCPrihZObj0OuoYPZ9IyKYd+pFFIgVoJ2I=
last-modified
Tue, 02 Jan 2024 17:30:06 GMT
server
cloudflare
etag
"f6c9e900cbfcff8b9f465043b51061d1"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
video/mp4
cf-ray
860325ce391d0c88-EWR

Redirect headers

date
Wed, 06 Mar 2024 14:48:36 GMT
cf-cache-status
HIT
age
45113
x-amp-srv
CF
edge-cache-tag
0_qCkGJEE,l4p5bDg2e,tO41Cj3M_
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
server
cloudflare
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
location
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
860325cc9d755e82-EWR
9c45925d-0761-4101-9a41-aec1046b0de8.mp4
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4
865 KB
866 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea7c1612005824699aa4574b764875370605733abc4d06f0650d309772423239

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:37 GMT
x-amz-version-id
null
cf-cache-status
MISS
x-amz-request-id
FR850CSCJPM0522V
Content-Range
bytes 0-885663/885664
Content-Length
885664
x-amz-id-2
vj07x/BKsniq7mMXsNyWcxjF5ik7VwnLUcsRIthg+CRudj/5O1heCzO8lNriD05ELBtYwYKivYc=
last-modified
Tue, 02 Jan 2024 17:20:49 GMT
server
cloudflare
etag
"78a50c5b4ac482dcd7b7323f59feb0b9"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
video/mp4
cf-ray
860325ce391e0c88-EWR

Redirect headers

date
Wed, 06 Mar 2024 14:48:36 GMT
cf-cache-status
HIT
age
45113
x-amp-srv
CF
edge-cache-tag
MUokJT_UN,l4p5bDg2e,nvYvyivv1
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
server
cloudflare
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
location
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
860325cc9d775e82-EWR
vendor.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/ 		2 MB
621 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
65a3f669b13f6b35a9e6bd0788784a1bb3b82ead49598684dcfaeda3b15d78bc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id
GCxlc3W3kSRnRexacgU45VQk0Ac59RAy
via
1.1 a3553fd14d7dc73d33a5426ee64abf1c.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Wed, 06 Mar 2024 14:48:36 GMT
x-amz-cf-pop
PHL50-C1
age
700987
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1000 si/23114047a17c-1706807745-1388962150 tts/1707668314613 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
679720
content-length
634417
x-amz-meta-bundle
10720
x-served-by
cache-yyz4529-YYZ
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1709736517.552772,VS0,VE0
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
2321cc8d59d6/[100,31,-] 23114047a17c/[-,393.834]
accept-ranges
bytes
x-amz-cf-id
TRuAVOluhB0GgczxpchZz0MeFqIPAu1EeTd8x2oxHDayS3TWeVwvTw==
x-cache-hits
2
main.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/ 		2 MB
471 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/main.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3647c672a453341430a3684a219414cb50fad3fc9c008e00bb22eb1427fafd00

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id
bJh1tZ9Tbxypc6uWFa8c9IlwFeGF3NTE
via
1.1 57827d2e1d333a2c5c0e53aa1e31a894.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Wed, 06 Mar 2024 14:48:36 GMT
x-amz-cf-pop
ORD52-C3
age
634196
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1000 si/2611cc028373-1708617475-725095990 tts/1707668314613 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
679720
content-length
481410
x-amz-meta-bundle
10720
x-served-by
cache-yyz4529-YYZ
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1709736517.553125,VS0,VE0
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
2621cc8d5878/[143,85,-] 2611cc028373/[-,403.383]
accept-ranges
bytes
x-amz-cf-id
7FOLOP6gsygBnsqTlx9j-Y6Q3xtmx9sxHawZaQ7Umf2U58sMr8NTYQ==
x-cache-hits
2
pages-product-list-product-list-page.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/ 		41 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/pages-product-list-product-list-page.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
24ac4da29c53564ae8c82180e85921818ad3fef0311e627f08b6edddf79a3b34

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id
bRrLawQugpt6mdynDUxbdmXMYQ6k6XCW
via
1.1 ff19078dad8e3d604a159e031d41dba0.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Wed, 06 Mar 2024 14:48:36 GMT
x-amz-cf-pop
ORD52-C3
age
1105653
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1001 si/2611cc028372-1708617476-1374304065 tts/1707668314613 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Miss from cloudfront, HIT
x-amz-meta-deploy
679720
content-length
11524
x-amz-meta-bundle
10720
x-served-by
cache-yyz4529-YYZ
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1709736517.553100,VS0,VE0
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
2621cc0283f0/[142,136,-] 2611cc028372/[hit]
accept-ranges
bytes
x-amz-cf-id
BOh-mB4nVgR47kPNrVrSSabvcopoYL-6bwucCPdUEE5y4KqrR18n2w==
x-cache-hits
7
www-player.css
www.youtube.com/s/player/f07d053d/ Frame 92ED 		368 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/www-player.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
af7106cddc57cb9c88803c862459e1b11041ad970cc9719c092a328352f53252
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Mon, 04 Mar 2024 08:25:40 GMT
content-encoding
br
x-content-type-options
nosniff
age
195776
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47774
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 04 Mar 2025 08:25:40 GMT
embed.js
www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/ Frame 92ED 		53 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
694cf59c4851392846a4f01d91cb087daff67535111e104158264a0f53ba6bdf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Mon, 04 Mar 2024 08:25:40 GMT
content-encoding
br
x-content-type-options
nosniff
age
195776
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16771
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 04 Mar 2025 08:25:40 GMT
www-embed-player.js
www.youtube.com/s/player/f07d053d/www-embed-player.vflset/ Frame 92ED 		319 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08d023c583036b4414546ec093ffc7335a1e18cbf4f3b1422027217ae9a8dc78
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Mon, 04 Mar 2024 08:24:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
195848
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
97331
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 04 Mar 2025 08:24:28 GMT
base.js
www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/ Frame 92ED 		2 MB
778 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8db85ac8c01a74779a703eca257950a05237337f40b1c21d5e65b1f67a18ff9d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Mon, 04 Mar 2024 08:25:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
195776
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
796183
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 04 Mar 2025 08:25:40 GMT
www-player.css
www.youtube.com/s/player/f07d053d/ Frame A628 		368 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/www-player.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
af7106cddc57cb9c88803c862459e1b11041ad970cc9719c092a328352f53252
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Mon, 04 Mar 2024 08:25:40 GMT
content-encoding
br
x-content-type-options
nosniff
age
195776
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47774
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 04 Mar 2025 08:25:40 GMT
embed.js
www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/ Frame A628 		53 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
694cf59c4851392846a4f01d91cb087daff67535111e104158264a0f53ba6bdf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Mon, 04 Mar 2024 08:25:40 GMT
content-encoding
br
x-content-type-options
nosniff
age
195776
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16771
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 04 Mar 2025 08:25:40 GMT
www-embed-player.js
www.youtube.com/s/player/f07d053d/www-embed-player.vflset/ Frame A628 		319 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08d023c583036b4414546ec093ffc7335a1e18cbf4f3b1422027217ae9a8dc78
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Mon, 04 Mar 2024 08:24:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
195848
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
97331
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 04 Mar 2025 08:24:28 GMT
base.js
www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/ Frame A628 		2 MB
778 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8db85ac8c01a74779a703eca257950a05237337f40b1c21d5e65b1f67a18ff9d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Mon, 04 Mar 2024 08:25:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
195776
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
796183
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 04 Mar 2025 08:25:40 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 92ED 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 08:56:40 GMT
x-content-type-options
nosniff
age
21116
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Mar 2025 08:56:40 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 92ED 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 09:09:27 GMT
x-content-type-options
nosniff
age
20349
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Mar 2025 09:09:27 GMT
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		540 B
787 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
c8cc6d1dd1fd1989c0c1366483615d6df15aeece3bafba73a77cbedffeef23d5

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 06 Mar 2024 14:48:36 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
540
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame A628 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 08:56:40 GMT
x-content-type-options
nosniff
age
21116
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Mar 2025 08:56:40 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame A628 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 09:09:27 GMT
x-content-type-options
nosniff
age
20349
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Mar 2025 09:09:27 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d85e4dcb52ce714c7136eb95a32765325205a4aabdb51932bd9024c400be665d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 14:48:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
/RTAD1TAPuPWblD15GN1pg==
age
51344
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6842
x-ms-lease-status
unlocked
last-modified
Mon, 04 Mar 2024 21:04:55 GMT
server
cloudflare
etag
0x8DC3C8EBE4D93D8
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
d00ecef6-601e-004b-47aa-6ec5d0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
860325db8fd915c3-EWR
gtm.js
www.googletagmanager.com/ 		458 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
294887d2665ef1f0e30ec66819de2719ba33dd97356a7b370499308bee1a93f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:39 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
131834
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 06 Mar 2024 14:48:39 GMT
api_dynamic.js
cdn.dynamicyield.com/api/8772046/ 		442 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:8000:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
0fa295c05c5e6929d1ec1c79bafad9472084569d81bdd2c5bf5798edf5060d9f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:13 GMT
content-encoding
gzip
via
1.1 dd50f5bdd8da1cdd9e698cc2d6f8e828.cloudfront.net (CloudFront)
last-modified
Wed, 28 Feb 2024 20:56:51 GMT
server
DYCDN
age
27
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
etag
W/"139a03dbd8b331a6c332a80d4b888537"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=30
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
P4bK7z8iKynaoQrJcRDzT4CUMGSOJ9GprhzGm_v8FFExc-RxrBGKiw==
api_static.js
cdn.dynamicyield.com/api/8772046/ 		390 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:8000:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
8b4baed685e61c19084227c70d48e2795b3df77fa784767ad956f35ac73fa358

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 07:19:54 GMT
content-encoding
gzip
via
1.1 dd50f5bdd8da1cdd9e698cc2d6f8e828.cloudfront.net (CloudFront)
last-modified
Wed, 28 Feb 2024 20:56:51 GMT
server
DYCDN
age
26926
x-amz-cf-pop
EWR53-C2
etag
W/"b84779386dcc68d57f955d451d7dfc78"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
qHdm7lGheBep7cV0AuZE1jM9EkRcWAA7FSWyYnIA8qwEtoRACmQ8aw==
/
api.ipify.org/ 		20 B
153 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9858970d3451dfd889b9d2b610f5d10657099ec8ce7dd61aebab762884d40fdf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:39 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
860325dbbac75467-YYZ
content-length
20
/
api.ipify.org/ 		20 B
72 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9858970d3451dfd889b9d2b610f5d10657099ec8ce7dd61aebab762884d40fdf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:39 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
860325dbbac85467-YYZ
content-length
20
callback
www.elfcosmetics.com/
Redirect Chain
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
  • https://www.elfcosmetics.com/callback?usid=32e5444b-97f5-4dfe-84a0-34876b3e044e&code=texS4QfdoqXIh0NPv9X9VIQZzA1Z4ZAvCpj2S6b8kK8
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/callback?usid=32e5444b-97f5-4dfe-84a0-34876b3e044e&code=texS4QfdoqXIh0NPv9X9VIQZzA1Z4ZAvCpj2S6b8kK8
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Server
165.254.56.99 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:41 GMT
via
1.1 68589ba2b1a9a54786dcb97934f8038c.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
0
x-amz-cf-pop
LHR62-C3
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
4837be33-d99a-4ec5-a3cb-66531dc73ced
x-yottaa-optimizations
ob/1000 si/34D1a5fe3863-1709730801-21776138 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
UNlLdHLUiYcEMTw=
content-length
0
x-yottaa-forcecache
true
x-amzn-trace-id
Root=1-65e88249-52b7da77664045ed5b1ba432;Parent=557445c38317d2e4;Sampled=0;lineage=2b75b0e9:0
content-type
application/json
cache-control
public, max-age=604800
x-yottaa-os
200
x-yottaa-metrics
3421a5fe3893/[462,455,-] 34D1a5fe3863/[-,465.121]
x-amzn-remapped-date
Wed, 06 Mar 2024 14:48:41 GMT
x-amz-cf-id
XH5hXFvW_sg27fd6l9f82da8HnBupvkZrax9jHa72LmBPGcoEBLcRw==

Redirect headers

date
Wed, 06 Mar 2024 14:48:39 GMT
x-correlation-id
860325e0be856359
via
1.1 1b05f9178c1c0be702b00f1d1f0bcff6.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/0 si/34D1a5fe3863-1709730801-21776135 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
content-length
0
pragma
no-cache
x-ratelimit-1m-remaining
23054, 1960798
x-ratelimit-1m-reset
20130, 20129
x-ratelimit-1m-limit
24000, 2000000
vary
Accept-Encoding
location
https://www.elfcosmetics.com/callback?usid=32e5444b-97f5-4dfe-84a0-34876b3e044e&code=texS4QfdoqXIh0NPv9X9VIQZzA1Z4ZAvCpj2S6b8kK8
cache-control
no-store
x-yottaa-os
303
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=IYJ2DxWT7GmcIXwn926QBs50hChm-DTPMxDEwqzLjQQ
x-yottaa-metrics
3421a5fe3895/[170,167,-] 34D1a5fe3863/[-,174.226]
cf-ray
860325e0be856359-LHR
x-amz-cf-id
a3LgxQyVbUtpA8evZBnryJxSHeQvkJa8wv3adVjwg-2fVdYuXbBW-Q==
/
sdk.iad-05.braze.com/api/v3/data/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Wed, 06 Mar 2024 14:48:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-yyz4553-YYZ
/
sdk.iad-05.braze.com/api/v3/data/ 		323 B
478 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2f3f08989d311e2a5e808fb023778e1f3735cfc0e28f345a4f5194b8b40eb1f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest
true
X-Braze-DataRequest
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/json
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest

Response headers

date
Wed, 06 Mar 2024 14:48:40 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
f20f0fd9-33b2-43f9-9d75-54d6f29ae181
x-served-by
cache-yyz4553-YYZ
x-runtime
0.507490
etag
W/"2f3f08989d311e2a5e808fb023778e1f"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
id
googleads.g.doubleclick.net/pagead/ Frame 92ED
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
100 B
146 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H3
Server
2607:f8b0:4006:807::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a8a843f9da62fae7883096d53da84480440d9ddf656c05a3b27efa26c6dd33a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Wed, 06 Mar 2024 14:48:39 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame 92ED 		29 B
495 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:36:25 GMT
x-content-type-options
nosniff
age
734
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 06 Mar 2024 14:51:25 GMT
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Wed, 06 Mar 2024 14:48:39 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 92ED 		86 KB
40 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a22e0c080eb42f4fe9b03b683379e7a0cee50d7b253bc16068c5b2879e766167
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Wed, 06 Mar 2024 14:48:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40581
x-xss-protection
0
remote.js
www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/ Frame 92ED 		117 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a922d69396a01553b649bb1dbe6984deff25f41f484417f801da5d04efe0bc8f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Mon, 04 Mar 2024 08:26:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
195710
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33827
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 04 Mar 2025 08:26:49 GMT
fSwQ49dNtQ0TRgWZKHlAIhVKPl4K4-2hZ-2qmgklZeM.js
www.google.com/js/th/ Frame 92ED 		50 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/fSwQ49dNtQ0TRgWZKHlAIhVKPl4K4-2hZ-2qmgklZeM.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d2c10e3d74db50d1346059928794022154a3e5e0ae3eda167edaa9a092565e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 00:10:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
398317
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19770
x-xss-protection
0
last-modified
Mon, 19 Feb 2024 17:30:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 02 Mar 2025 00:10:02 GMT
default.jpg
i.ytimg.com/vi/rZPCKoUReO0/ Frame 92ED 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi/rZPCKoUReO0/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB_gmAAtAFigIMCAAQARhyIFYoPTAP&rs=AOn4CLCM5ONTEJwdjxOrSlWBNC86VGolng
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2016 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a36655e9de608636a4c3262639b79321a93bdd9ad275e4e130a07719094146f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:43:38 GMT
x-content-type-options
nosniff
age
301
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2380
x-xss-protection
0
server
sffe
etag
"1703117772"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 06 Mar 2024 16:43:38 GMT
id
googleads.g.doubleclick.net/pagead/ Frame A628
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
100 B
146 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Server
2607:f8b0:4006:807::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4ccbe3b5b2dd9aa51c527f656d54d5e9a7a47908032a3503de66b2ff83af634c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Wed, 06 Mar 2024 14:48:39 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame A628 		29 B
89 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:36:25 GMT
x-content-type-options
nosniff
age
734
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 06 Mar 2024 14:51:25 GMT
6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8a6566c7e926c37c010dc811a5e82d5eddad8b10057bf711f0f644be60707d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 14:48:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
81112
content-md5
4swZDWVp4C0QChiGUbrcTg==
content-length
1746
x-ms-lease-status
unlocked
last-modified
Tue, 14 Nov 2023 15:26:04 GMT
server
cloudflare
etag
0x8DBE5260423F079
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
b26488eb-901e-0084-770e-174b82000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
860325e0ea51c46b-EWR
expires
Thu, 07 Mar 2024 14:48:39 GMT
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Wed, 06 Mar 2024 14:48:40 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame A628 		86 KB
40 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9b93edb158cd68a53ed95207c6e60e9415b082f620969e4d6f3d781702971592
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Wed, 06 Mar 2024 14:48:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40762
x-xss-protection
0
remote.js
www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/ Frame A628 		117 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a922d69396a01553b649bb1dbe6984deff25f41f484417f801da5d04efe0bc8f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Mon, 04 Mar 2024 08:26:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
195711
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33827
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 04 Mar 2025 08:26:49 GMT
fSwQ49dNtQ0TRgWZKHlAIhVKPl4K4-2hZ-2qmgklZeM.js
www.google.com/js/th/ Frame A628 		50 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/fSwQ49dNtQ0TRgWZKHlAIhVKPl4K4-2hZ-2qmgklZeM.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d2c10e3d74db50d1346059928794022154a3e5e0ae3eda167edaa9a092565e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 00:10:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
398318
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19770
x-xss-protection
0
last-modified
Mon, 19 Feb 2024 17:30:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 02 Mar 2025 00:10:02 GMT
default.jpg
i.ytimg.com/vi/bxGKZ6lfJ7A/ Frame A628 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi/bxGKZ6lfJ7A/default.jpg
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2016 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ad22b91587a2adec093dc2d911118cac6b363dcaed96b3aaaa3af80d58efa03
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:14:19 GMT
x-content-type-options
nosniff
age
2061
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2965
x-xss-protection
0
server
sffe
etag
"1703142370"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 06 Mar 2024 16:14:19 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		69 B
314 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
860325e50bd642a3-EWR
access-control-allow-headers
Content-Type
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 92ED 		90 B
134 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
68cd58f9fe7d86c825f03dec5076b42bac0fe29d8fb2dd175bb63f7efe06e151
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Wed, 06 Mar 2024 14:48:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110
x-xss-protection
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Wed, 06 Mar 2024 14:48:40 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
st
st.dynamicyield.com/ 		115 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=iqdcqtfarx8kfg7b3bffmi2dtmoanxma&ref=&scriptVersion=2.29.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-US%22%2C%22data%22%3A%5B%5D%7D
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:4400:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
6c27f5f083955575212c2ba5c0635647645fbf9299a5ad08e05b3e58117beab4

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:41 GMT
content-encoding
gzip
via
1.1 e8a811941c8b094e985333a44bc18f46.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P4
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control
no-cache
x-amz-cf-id
O7bUWVR9vZE6SQ01oeEBHQTrq-PkYJcWg5U-HxUgxYYyBcP20BTmTw==
expires
Wed, 06 Mar 2024 14:48:40 GMT
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		600 B
655 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
17fef180238a367cf191577c915d4bb50b0e084cd1260d3d64af740760545986

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 06 Mar 2024 14:48:40 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
600
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 06 Mar 2024 13:51:42 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
3419
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 06 Mar 2024 15:51:42 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202306.1.0/ 		404 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 14:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
XJk1ZZTljtwHFT3qcIJg+w==
age
22986
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
99599
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:36 GMT
server
cloudflare
etag
0x8DB82A15D413626
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
80bad15d-801e-006c-2fda-12d214000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
860325e8c8c915c3-EWR
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame A628 		90 B
134 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
cbd7f2a3628f95c0fee7a090d94467ae77de49323e22dd01b1306e15013a436f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Wed, 06 Mar 2024 14:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110
x-xss-protection
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Wed, 06 Mar 2024 14:48:41 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
200 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9a9e3a0f13bb307e731f5d58018c25f42ae93182d474e5b071741b1f5c63a283
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
X-Braze-ContentCardsRequest
true

Response headers

date
Wed, 06 Mar 2024 14:48:41 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
a5a5a54b-33f9-4206-9d67-7ba48bf5593b
x-served-by
cache-yyz4553-YYZ
x-runtime
0.239189
etag
W/"9a9e3a0f13bb307e731f5d58018c25f4"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Wed, 06 Mar 2024 14:48:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-yyz4553-YYZ
landing
googleads.g.doubleclick.net/pagead/
Redirect Chain
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=249596953.1709736521&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4340n81WL3STMXv896608294za...
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=249596953.1709736521&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4340n81WL3STM...
42 B
65 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=249596953.1709736521&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4340n81WL3STMXv896608294za200&auid=762808258.1709736521
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Server
2607:f8b0:4006:807::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:41 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:41 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=249596953.1709736521&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4340n81WL3STMXv896608294za200&auid=762808258.1709736521
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 92ED 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 06 Mar 2024 14:48:41 GMT
generate_204
www.youtube.com/ Frame 92ED 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?fAIayw
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:41 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame A628 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 06 Mar 2024 14:48:41 GMT
dy-coll-min.js
cdn.dynamicyield.com/scripts/2.29.0/ 		196 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:8000:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
041fae481014a4280437ee1e028f934eadd7590e31f4050c18a57dc4ea7360b3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 09:26:02 GMT
content-encoding
gzip
via
1.1 dd50f5bdd8da1cdd9e698cc2d6f8e828.cloudfront.net (CloudFront)
last-modified
Sun, 18 Feb 2024 18:45:55 GMT
server
DYCDN
age
1315360
x-amz-cf-pop
EWR53-C2
etag
W/"58c235d2bc97e4a30737cb5de9a6eedb"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=31536000
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
K8U5cYpRFIXf4lIM2WAZkt8CLmaATqdxxt-feYFMZWMNMAvZEDrKIw==
collect
www.google-analytics.com/j/ 		4 B
212 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1478285710&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dp=%2Felf-cosmetic-criminals&ul=en-us&de=UTF-8&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgAI~&jid=1987424250&gjid=1393035770&cid=1122711396.1709736521&tid=UA-432816-1&_gid=1570376857.1709736521&_r=1&_slc=1&gtm=45He4340n81WL3STMXv896608294za200&gcs=G111&gcd=13t3t3t3t5&dma=0&z=525632538
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
generate_204
www.youtube.com/ Frame A628 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?7QZ6xg
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:41 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
en.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/fce1bc7f-b7cb-4383-a7e9-8430e48a01d7/ 		202 KB
36 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/fce1bc7f-b7cb-4383-a7e9-8430e48a01d7/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf1b4e2a57de561424fb99aa43ef462868d58d9c205a38ae3f564c10266a4dbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 14:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
81114
content-md5
A+auRPWlNU8wck+viG1D2g==
content-length
36970
x-ms-lease-status
unlocked
last-modified
Tue, 14 Nov 2023 15:26:15 GMT
server
cloudflare
etag
0x8DBE5260AC67F7E
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
45a814af-d01e-005e-170e-17d263000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
860325eb6f71c46b-EWR
expires
Thu, 07 Mar 2024 14:48:41 GMT
token
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.99 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
152f59c2f670fb70bfddd3e67b0e345c046c657d83fba7e083e3ac4fc1d5e869
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
accept-language
en-US,en;q=0.9
x-pwa-request
true
Authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 06 Mar 2024 14:48:41 GMT
content-encoding
gzip
x-correlation-id
860325ebce9506e1
cf-cache-status
DYNAMIC
via
1.1 0632dce52bb4d036890e14a88154db56.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/1000 si/34D1a5fe3863-1709730801-21776139 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
pragma
no-cache
x-ratelimit-1m-remaining
23021, 1958950
x-ratelimit-1m-reset
18201, 18200
vary
Accept-Encoding, User-Agent
x-ratelimit-1m-limit
24000, 2000000
content-type
application/json
cache-control
no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics
3421a5fe382b/[336,333,-] 34D1a5fe3863/[-,338.394]
cf-ray
860325ebce9506e1-LHR
x-amz-cf-id
xr-B7t9TMuBbXGp_1UJgNl6gG9ZOeXKtvREV7Et4ju7kdBs5BF2YBw==
collect
stats.g.doubleclick.net/j/ 		2 B
350 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-432816-1&cid=1122711396.1709736521&jid=1987424250&gjid=1393035770&_gid=1570376857.1709736521&_u=YEBAAEAAAAAAACgAI~&z=450678911
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Wed, 06 Mar 2024 14:48:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
cast_sender.js
www.gstatic.com/eureka/clank/122/ Frame 92ED 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/122/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
765a638d2813ec1b917fc56cf90863f88991ef2550c1a14c99e9e9b243e80f74
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 00:09:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
52764
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14711
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 16:03:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Thu, 07 Mar 2024 00:09:17 GMT
cast_sender.js
www.gstatic.com/eureka/clank/122/ Frame A628 		50 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/122/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
765a638d2813ec1b917fc56cf90863f88991ef2550c1a14c99e9e9b243e80f74
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 00:09:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
52764
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14711
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 16:03:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Thu, 07 Mar 2024 00:09:17 GMT
uia
async-px.dynamicyield.com/ 		0
384 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/uia?cnst=1&_=1709736521850
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-129.ewr50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:41 GMT
via
1.1 a123807296d8a3060657bb737260f994.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
mQKfAv31kPu1Cj0IHaFrXwef_FTOdVWKKePLVUp0VpMBY0hQ3vHNEg==
expires
0
log_event
www.youtube.com/youtubei/v1/ Frame 92ED 		28 B
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
X-Goog-Request-Time
1709736521877
Content-Type
application/json
X-YouTube-Utc-Offset
-600
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
X-YouTube-Client-Version
1.20240303.00.00
X-YouTube-Time-Zone
Pacific/Honolulu
X-Goog-Visitor-Id
Cgs2RTE1R3V2cXA1MCjEhKKvBjIKCgJVUxIEGgAgPw%3D%3D
X-YouTube-Ad-Signals
dt=1709736519388&flash=0&frm=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date
Wed, 06 Mar 2024 14:48:41 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31
x-xss-protection
0
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		32 B
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
92f709e941df3b754df46c209f8b21499ea6c3feb8ad5abdd5c0264a5dcb2595

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 06 Mar 2024 14:48:41 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=1122711396.1709736521&jid=1987424250&_u=YEBAAEAAAAAAACgAI~&z=1793151302
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:41 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=492567&uid=-2008605195874303415&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=81eeb9b46e8cd4d8afddf47ce39bf9ca&expSes=26993&aud=884367.884385.884387.1167402.1324059.1846919.884372.998337.1004392.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=-1092612799938045591&cgtgDecisionId=-1092612799240432820&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1709736521940&rri=2591361
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-129.ewr50.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:41 GMT
via
1.1 a123807296d8a3060657bb737260f994.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
9IGe8FgqzFPIL_v-IHPNiM5nSvY3Fid0MKgSD_-9gAPiWuZfMvhMYg==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=406756&uid=-2008605195874303415&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=81eeb9b46e8cd4d8afddf47ce39bf9ca&expSes=26993&aud=884367.884385.884387.1167402.1324059.1846919.884372.998337.1004392.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=-1092612800292539275&cgtgDecisionId=-1092612800180840833&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1709736521943&rri=698622
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-129.ewr50.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:41 GMT
via
1.1 a123807296d8a3060657bb737260f994.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
py2OPSm8RpZJeZgBmzevpq-1z9hv_YG3tIA4a0TCCNFlPl0K3JVxPA==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=998571&uid=-2008605195874303415&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=81eeb9b46e8cd4d8afddf47ce39bf9ca&expSes=26993&aud=884367.884385.884387.1167402.1324059.1846919.884372.998337.1004392.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=-1092612798499106523&cgtgDecisionId=-1092612798041290963&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1709736521945&rri=4643541
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-129.ewr50.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:41 GMT
via
1.1 a123807296d8a3060657bb737260f994.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
2Ska0GFjeDMLcZBOZbr1UhjzOkOaM5lndKnnAgKaxdilrzRumV7M_Q==
expires
0
otFlat.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 14:48:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
5mNZducabMgxSDzBo+ZI8w==
age
79385
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3017
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:30 GMT
server
cloudflare
etag
0x8DB82A159AF8EA6
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
0c718e4e-201e-0081-6f27-129959000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
860325eebb62c46b-EWR
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/ 		61 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 14:48:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sXFDxCJwbPEMIT/8f5Prwg==
age
11790
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12544
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:33 GMT
server
cloudflare
etag
0x8DB82A15AFF8646
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
d3dc8d97-601e-0029-71cc-0b07f7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
860325eebb63c46b-EWR
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 14:48:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
oWkBTLgDDXvrUsd93y/Zxg==
age
4672
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:41 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
b54dfe3f-901e-004f-6264-2348d7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
860325eebb65c46b-EWR
batch
async-px.dynamicyield.com/ 		0
385 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1709736522028_975820
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-129.ewr50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:42 GMT
via
1.1 f91b1dd39ce8309d7fc575add365607e.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
BODhIB8Ejhf-zuUNl4MSTlheSOwUD96Isqv4cl3yiBGtEYP7Jmk3Nw==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=477365&uid=-2008605195874303415&sec=8772046&t=ri&e=1575901&p=1&ve=12991774&va=%5B28207095%5D&ses=81eeb9b46e8cd4d8afddf47ce39bf9ca&expSes=26993&aud=884367.884385.884387.1167402.1324059.1846919.884372.998337.1004392.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=-1092612798458892954&cgtgDecisionId=-1092612799287353056&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1709736522033&rri=2158550
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.29.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-129.ewr50.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:42 GMT
via
1.1 a123807296d8a3060657bb737260f994.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
m_j5Ehd0eDTabyc0i9JCdmPQCg3djjfWA-9rLVG9uk_a1mOoXEFKAA==
expires
0
sessions
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.99 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
accept-language
en-US,en;q=0.9
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjMyZTU0NDRiLTk3ZjUtNGRmZS04NGEwLTM0ODc2YjNlMDQ0ZSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk3MzY0OTEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia1hoSmxyb1lsZWdSbXJCS2xxWVl4ZXhKOjpjaGlkOiAiLCJleHAiOjE3MDk3MzgzMjEsImlhdCI6MTcwOTczNjUyMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTA2Mzc1Njk2ODU3NDAyOCJ9.1EVxpaN3F-Klk2m7PuTSFl46e4NoOOqfkgzTYuMq5hBYdFBKY61FBe1utDDdocrMqsFjiufsB4DpgmAEOtAygw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
via
1.1 8583d317c3b0492356857e1a1a67d192.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/0 si/34D1a5fe3863-1709730801-21776142 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
pragma
no-cache
allow
OPTIONS,POST
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
3421a5fe382f/[153,151,-] 34D1a5fe3863/[-,155.694]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges
bytes
cf-ray
860325ef9c1623cb-LHR
x-dw-request-base-id
ortjO0qC6GUBAAB_
x-amz-cf-id
z5ylPwNWgXSeEMyzqQ23hqJoejUIiN2-gy-dM1K-g4QPiUWhGh3oow==
x-yottaa-os
204
expires
Thu, 01 Dec 1994 16:00:00 GMT
shoppercontext
www.elfcosmetics.com/api/v1/ 		114 B
804 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.99 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
6b42a56b231d70ea3691b9f46363b9f8ed6ca35f6b50084718669b8beac1e57d

Request headers

Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
accept-language
en-US,en;q=0.9
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjMyZTU0NDRiLTk3ZjUtNGRmZS04NGEwLTM0ODc2YjNlMDQ0ZSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk3MzY0OTEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia1hoSmxyb1lsZWdSbXJCS2xxWVl4ZXhKOjpjaGlkOiAiLCJleHAiOjE3MDk3MzgzMjEsImlhdCI6MTcwOTczNjUyMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTA2Mzc1Njk2ODU3NDAyOCJ9.1EVxpaN3F-Klk2m7PuTSFl46e4NoOOqfkgzTYuMq5hBYdFBKY61FBe1utDDdocrMqsFjiufsB4DpgmAEOtAygw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
via
1.1 6b8db06427c7e39e9e30be778e233838.cloudfront.net (CloudFront)
content-encoding
gzip
x-amzn-remapped-content-length
114
x-amz-cf-pop
LHR62-C3
age
0
x-amzn-remapped-connection
close
x-yottaa-optimizations
ob/1000 si/34D1a5fe3863-1709730801-21776143 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-amzn-requestid
e25bdc80-09b7-4f01-8a7d-bbd6651357db
x-cache
Miss from cloudfront
x-amz-apigw-id
UNlLpE2xCYcELcw=
content-length
108
etag
W/"72-HgdmTgyCF/DQfqnMU3u+4UstAzI"
x-amzn-trace-id
Root=1-65e8824a-03a58f3a16863292465ef617;Parent=5a7333a91eb59bd5;Sampled=0;lineage=2b75b0e9:0
content-type
application/json; charset=utf-8
x-yottaa-os
200
x-yottaa-metrics
3421a5fe382e/[634,631,-] 34D1a5fe3863/[-,637.183]
x-amzn-remapped-date
Wed, 06 Mar 2024 14:48:42 GMT
x-amz-cf-id
3GMabnpOBVhyomEx9Rsg-xwDWk0K4MGwEhkRLoGTPwiOIy6CMf_vNA==
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		199 B
870 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.35
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.99 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
en-US,en;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 94754897c61a4836a4b1e9a0ae5eb4d6.cloudfront.net (CloudFront)
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/1000 si/34D1a5fe3863-1709730801-21776145 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.35
x-yottaa-metrics
3421a5fe3831/[259,258,-] 34D1a5fe3863/[-,262.172]
cf-ray
860325f188ad77ac-LHR
x-dw-request-base-id
_8GFCEqC6GUBAAB_
x-amz-cf-id
MAO6UQBY8Fg4ScwKHc4RXQanQcuxIg5pHXzMWpCBL7LHKoTgm97DSA==
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		199 B
868 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.35
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.99 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
en-US,en;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 923ac43221a6100d93549f6522acb664.cloudfront.net (CloudFront)
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/1000 si/34D1a5fe3863-1709730801-21776146 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.35
x-yottaa-metrics
3421a5fe3832/[296,293,-] 34D1a5fe3863/[-,299.348]
cf-ray
860325f18f770691-LHR
x-dw-request-base-id
79K4pEqC6GUBAAB_
x-amz-cf-id
ms98vQkjE6_CkSLIJY_Kyn1Ws7wfn8seEagcWDaPryOAOAXgfhtC4Q==
baskets
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkXhJlroYlegRmrBKlqYYxexJ/ 		11 B
831 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkXhJlroYlegRmrBKlqYYxexJ/baskets?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.99 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
accept-language
en-US,en;q=0.9
x-pwa-request
true
Authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjMyZTU0NDRiLTk3ZjUtNGRmZS04NGEwLTM0ODc2YjNlMDQ0ZSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk3MzY0OTEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia1hoSmxyb1lsZWdSbXJCS2xxWVl4ZXhKOjpjaGlkOiAiLCJleHAiOjE3MDk3MzgzMjEsImlhdCI6MTcwOTczNjUyMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTA2Mzc1Njk2ODU3NDAyOCJ9.1EVxpaN3F-Klk2m7PuTSFl46e4NoOOqfkgzTYuMq5hBYdFBKY61FBe1utDDdocrMqsFjiufsB4DpgmAEOtAygw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
x-correlation-id
860325f178de8865
dnt
0
cf-cache-status
DYNAMIC
via
1.1 839063342624c89d4f9d50b54d1d62dc.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/1000 si/34D1a5fe3863-1709730801-21776147 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-cache
Miss from cloudfront
content-length
37
allow
GET,HEAD,OPTIONS
x-ratelimit-remaining
999
content-type
application/json;charset=UTF-8
vary
Accept-Encoding
sfdc_load
3
cache-control
max-age=0,no-cache,no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkXhJlroYlegRmrBKlqYYxexJ/baskets?siteId=elf-us
x-ratelimit-limit
99999
accept-ranges
bytes
cf-ray
860325f178de8865-LHR
x-amz-cf-id
IStlJA8ddijbZioJILSMPlfQT6aIaw94A6cMTwo5AiQ3le6I4QCS5Q==
x-yottaa-metrics
3421a5fe3833/[184,181,-] 34D1a5fe3863/[-,186.421]
cnxtag-min.js
js.cnnx.link/roi/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:210b:7600:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:44:32 GMT
via
1.1 google, 1.1 977bceb85b0d96fff42219b533149c4c.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
EWR53-C3
age
249
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
cache-control
max-age=600
x-amz-cf-id
PsvZ4f9uXbhrHbCcuKrm_x2aEjsf0ptilIxG3BnYvyZdsb0XhLJhtQ==
cnv
cnv.event.prod.bidr.io/log/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=8dcde102-dd54-45b8-a4e5-3c71f91dff92&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=un...
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=41c7ac33-2597-44d0-82af-11dd6d905a2d.&ord=1511220124543717947
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=41c7ac33-2597-44d0-82af-11dd6d905a2d.&ord=1511220124543717947&_bee_ppp=1
43 B
796 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=41c7ac33-2597-44d0-82af-11dd6d905a2d.&ord=1511220124543717947&_bee_ppp=1
Protocol
HTTP/1.1
Server
52.87.64.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-87-64-131.compute-1.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
Date
Wed, 06 Mar 2024 14:48:43 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=41c7ac33-2597-44d0-82af-11dd6d905a2d.&ord=1511220124543717947&_bee_ppp=1
Date
Wed, 06 Mar 2024 14:48:43 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Protocol
H2
Server
68.67.181.211 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:42 GMT
an-x-request-uuid
adeb9705-1821-438c-b26c-d654e6d75e9c
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
96.9.249.35; 96.9.249.35; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:42 GMT
an-x-request-uuid
7d869996-69d3-4752-9423-7ef6d311d288
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
location
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
cache-control
no-store, no-cache, private
x-proxy-origin
96.9.249.35; 96.9.249.35; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
  • https://hb.yahoo.net/cksync.php?cs=3&type=55953&gdpr=%24%7bGDPR%7d&gdpr_consent=%24%7bGDPR_CONSENT%7d&gpp=%24%7bGPP_STRING%7d&gpp_sid=%24%7bGPP_SID%7d&ovsid=rightmedia&redirect=https%3a%2f%2fmatch....
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=1039f81f-4a20-4172-9151-964819f7b760&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=MTAzOWY4MWYtNGEyMC00MTcyLTkxNTEtOTY0ODE5ZjdiNzYw&gdpr=0&gdpr_consent=&ttd_tdid=1039f81f-4a20-4172-9151-96481...
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=1039f81f-4a20-4172-9151-964819f7b760&google_gid=CAESEP6gRGCdRjhxLmbAdLhpbF8&google_cver=1
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=1039f81f-4a20-4172-9151-964819f7b760
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=1022538471947984002&ttd_tdid=1039f81f-4a20-4172-9151-964819f7b760
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=1039f81f-4a20-4172-9151-964819f7b760&expiration=1712328524&gdpr=0&gdpr_consent=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=1039f81f-4a20-4172-9151-964819f7b760&expiration=1712328524&gdpr=0&gdpr_consent=&C=1
43 B
580 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=1039f81f-4a20-4172-9151-964819f7b760&expiration=1712328524&gdpr=0&gdpr_consent=&C=1
Protocol
H2
Server
2606:4700:4400::6812:249b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:45 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RhPmXOeISKbZYboKfVcWcd4eBRow8rLp%2FFhRK6qLBjzCRdu%2BGWqNzMJDQhFwPu6C%2Fgh7kOtOrTo14ZG5FblBpQpKJLCVsdCLrDsUY9DtR6jIZwWcPzEju5G4qzJj7Xr9mUP3FcC%2F5t7MJZS%2BCvI8%2B55%2Bkxov5g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
86032601b94a42da-EWR
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:44 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJTUxRQWdZHPobyuOanLRFdbtADkwsUrc5ow5r4rMx%2BZEy8gkGeaHygz9eO1YX%2B4Tf7k9%2FqWGmnNAHsSnIc%2FqDKrc3g3nuSaJNjEGmjA0TPndul5mshkYurX9vYEmzVg92sAzD7ORyFmnSdckdDj8QK8RDA0Wg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=39&external_user_id=1039f81f-4a20-4172-9151-964819f7b760&expiration=1712328524&gdpr=0&gdpr_consent=&C=1
cache-control
no-cache
cf-ray
860325ff7ed842da-EWR
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
200 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
689f40f631b3a6702753bb07026b69f9c8863e4b2c2c6c06271d3553e900deb6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
X-Braze-ContentCardsRequest
true

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
1fcfa018-9ad3-413c-95e8-1c0a3cda7958
x-served-by
cache-yyz4553-YYZ
x-runtime
0.046147
etag
W/"689f40f631b3a6702753bb07026b69f9"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
log_event
www.youtube.com/youtubei/v1/ Frame A628 		28 B
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f07d053d/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
X-Goog-Request-Time
1709736522463
Content-Type
application/json
X-YouTube-Utc-Offset
-600
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
X-YouTube-Client-Version
1.20240303.00.00
X-YouTube-Time-Zone
Pacific/Honolulu
X-Goog-Visitor-Id
Cgt2RUtoZ0JYbTNqOCjEhKKvBjIKCgJVUxIEGgAgSw%3D%3D
X-YouTube-Ad-Signals
dt=1709736519464&flash=0&frm=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31
x-xss-protection
0
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
623 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 14:48:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
21866
x-ms-lease-status
unlocked
last-modified
Wed, 06 Mar 2024 03:36:41 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
dd384a0a-c01e-007d-7082-6f48a0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
860325f1ae2115c3-EWR
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
493 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 14:48:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
6254
x-ms-lease-status
unlocked
last-modified
Wed, 06 Mar 2024 07:34:33 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
b6602e25-f01e-0092-0da4-6fbd55000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
860325f1cf37c46b-EWR
ot_company_logo.png
cdn.cookielaw.org/logos/static/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 14:48:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
E8+sk/ECzKgTUVtDLikiIA==
age
26632
content-length
4036
x-ms-lease-status
unlocked
last-modified
Mon, 04 Mar 2024 21:04:57 GMT
server
cloudflare
etag
0x8DC3C8EBFAD6AD5
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
b0c728e0-201e-0017-60d5-6e9088000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
860325f1fe4e15c3-EWR
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 06 Mar 2024 14:48:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
29077
x-ms-lease-status
unlocked
last-modified
Wed, 06 Mar 2024 03:36:41 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
501df97e-901e-0002-037a-6f873b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
860325f1fe4f15c3-EWR
event
qoe-1.yottaa.net/log-nt/ 		3 B
191 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://qoe-1.yottaa.net/log-nt/event
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.2.50.19 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 06 Mar 2024 14:48:42 GMT
access-control-expose-headers
X-Results-Data-Source
access-control-allow-credentials
true
cache-control
no-cache
timing-allow-origin
*
content-type
text/json
www-widgetapi.js
www.youtube.com/s/player/f07d053d/www-widgetapi.vflset/ 		215 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f07d053d/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f078959678c0fb456631097af5cfa0dc687b5d4a7936dcdc0f57a4e1cee76a51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 08:21:17 GMT
content-encoding
br
x-content-type-options
nosniff
age
23245
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68297
x-xss-protection
0
last-modified
Mon, 04 Mar 2024 05:15:43 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 06 Mar 2025 08:21:17 GMT
main.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 		145 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.136.211 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-136-211.deploy.static.akamaitechnologies.com
Software
nginx / Express
Resource Hash
f7f7d48fa4ef27a882d9690c581637c5f56c8f0870e7d375a333c6604b54c432
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15768000
Content-Encoding
gzip
Date
Wed, 06 Mar 2024 14:48:42 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"830904c22b8352dcddfd665ccff9e9c3536c5740-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
must-revalidate, max-age=900
Connection
keep-alive
Content-Length
43135
Expires
Wed, 06 Mar 2024 15:03:42 GMT
110221.ct.js
tag.rmp.rakuten.com/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.rmp.rakuten.com/110221.ct.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.147.102.34.bc.googleusercontent.com
Software
/
Resource Hash
9b3632368a9856515572ac89df71707fcef5d58219d9b7c1b1de04a995f30973
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=31536000
last-modified
Wed, 06 Mar 2024 14:48:42 GMT
x-cache
hit
x-samesite
secure
content-type
text/javascript
cache-control
max-age=86400
x-dyn
0
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
js
www.paypal.com/sdk/ 		415 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3ec58d58bd0f1cc7bea24dd08d015272b37c4bab92db44f8900bb784c304a80f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-fpWt+wZ/PVdU3sbnZz46p9YMIb7sVOGt3wMyCEEWcC41xng9' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-fpWt+wZ/PVdU3sbnZz46p9YMIb7sVOGt3wMyCEEWcC41xng9' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-fpWt+wZ/PVdU3sbnZz46p9YMIb7sVOGt3wMyCEEWcC41xng9' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-fpWt+wZ/PVdU3sbnZz46p9YMIb7sVOGt3wMyCEEWcC41xng9' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 06 Mar 2024 14:48:42 GMT
age
6035
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT, HIT, MISS
p3p
true
paypal-debug-id
f4080854c8105
server-timing
"traceparent;desc="00-0000000000000000000f4080854c8105-2135d77e25e5e0a2-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
115976
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200160-BUR, cache-yyz4564-YYZ, cache-yyz4564-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f4080854c8105-b20f3d94063d804f-01
x-timer
S1709736523.715032,VS0,VE6
etag
W/"1c508-NV3G5BWIBpy1GIsToonTS0n3yR0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
93, 1, 0
/
websdk.appsflyer.com/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://websdk.appsflyer.com/?st=banners&
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:10::172c:c9b3 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Wed, 06 Mar 2024 14:48:42 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Jun 2023 06:58:45 GMT
Server
AmazonS3
x-amz-request-id
2YB2S79F7M1AYA0H
ETag
"5a676288bcea03bd05e483bc4ce066ae"
x-amz-server-side-encryption
AES256
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=2496
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
11792
x-amz-id-2
zv8gjwupVIE8rjvpBDLtKTftzWpNC38nKXy5SoA9M4CleAIvm2p/AV+zJcIejoEzSUvSi4VBbsk=
Expires
Wed, 06 Mar 2024 15:30:18 GMT
js
www.googletagmanager.com/gtag/ 		281 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
33a9720bdc3cb427ac133951f12ead3a1a673f704839783f59314681286a7d81
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
95608
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 06 Mar 2024 14:48:42 GMT
1a8bfa042c9c5.js
t.contentsquare.net/uxa/ 		296 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-5.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bf61062f0c0de0f5360e8bf4660c7c3c711aaee42a469c1f310fdee1fda426dc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 10:12:51 GMT
content-encoding
br
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P5
age
0
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
72488
last-modified
Wed, 06 Mar 2024 10:11:17 GMT
server
AmazonS3
etag
"628d6498f627efdbeae694ccfeb19ab7"
vary
Origin
content-type
application/javascript;charset=utf-8
cache-control
max-age=900
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
yjyjsD7Gl6R8r6Pssd4MJ1w4AGrdIEa-VaC_DpvmiMOaQabpqU4Cqg==
loader.js
cdn.usehero.com/ 		98 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/loader.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:f200:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:19:37 GMT
content-encoding
gzip
via
1.1 5b4b6c6517b988a4ff2c794e5583ee02.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P1
age
1746
x-amz-server-side-encryption
AES256
etag
W/"fbf714a58cbac38c0deea519667d9044"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
zMnxy8q9bRtm2L8JTJ_ajv_mqbDT2Z-afbqjdcftiCbNscSn2Cg1fA==
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Wed, 06 Mar 2024 14:48:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-yyz4553-YYZ
destination
www.googletagmanager.com/gtag/ 		159 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-10812184462&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8213e000b7b2f4da50a863873cf0bb6b818e1f31763f6d7177e2751de4dfb7ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61894
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 06 Mar 2024 14:48:42 GMT
destination
www.googletagmanager.com/gtag/ 		216 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-698270988&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a9cc73d73bc220a5bff574a3060e9a0236f58a87c6e9cde3afeb855f1658d954
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79171
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 06 Mar 2024 14:48:42 GMT
destination
www.googletagmanager.com/gtag/ 		190 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5316a7ee75f01622d45e4c7a80757b3bd49fa9f7182fd894fc77fdbe784a533d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
71058
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 06 Mar 2024 14:48:42 GMT
destination
www.googletagmanager.com/gtag/ 		190 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9811f258955412e499808713fb4717900dccb00ec88c21bc511fae494288c32c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
71049
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 06 Mar 2024 14:48:42 GMT
destination
www.googletagmanager.com/gtag/ 		204 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-865242110&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ce3febc316e94ec5a6362f3bdfe9eec8a1be968648f4a324fe7a55babf7773fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
76200
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 06 Mar 2024 14:48:42 GMT
scevent.min.js
sc-static.net/ 		44 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static.net/scevent.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.74.246 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-74-246.jfk52.r.cloudfront.net
Software
CloudFront /
Resource Hash
1eebbe20a7e11128ee261e88cadbc5f467f81690a0bb0a8aa2a529a8f04aee43

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:42 GMT
content-encoding
gzip
via
1.1 43034476d4f59b84d702b480b160bb88.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
JFK52-P5
x-cache
Miss from cloudfront
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
private, s-maxage=0, max-age=600
access-control-allow-headers
Content-Type
content-length
19117
x-amz-cf-id
HF-HG_6cmZsG__dWInIFW52torvfXqzjJ3fXtGDnN88dMOsH99L7Mg==
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		32 B
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
92f709e941df3b754df46c209f8b21499ea6c3feb8ad5abdd5c0264a5dcb2595

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 06 Mar 2024 14:48:41 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
core.js
s.pinimg.com/ct/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:1a89::1931 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5c8c192adca12497452b0a6c25b5913fad79f9afc4760673947377cd81575d81

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

akamai-x-true-ttl
7200
content-encoding
br
x-cdn
akamai
etag
"d9d39f44b74d00726ec92710f4e4c69c"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
access-control-max-age
86400
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET
access-control-expose-headers
X-CDN
cache-control
max-age=7200
accept-ranges
bytes
alt-svc
h3=":443"; ma=600
content-length
1856
fbevents.js
connect.facebook.net/en_US/ 		215 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
50b6e67cfcfe4ac8fe9cee705b681f696065306ee42bcd4e6b37a17dba333ac5
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

permissions-policy-report-only
clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 06 Mar 2024 14:48:43 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57348
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma
public
x-fb-debug
SARHihY8skFdmdMikUsORVjrNB+U0OwcnilgDxpmYYPi1phBaaYJHhpAlpl89swLb+p44+TlJ2OpPBCC5fZSCw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), clipboard-read=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
pixel.js
www.redditstatic.com/ads/ 		28 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:43 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Thu, 15 Feb 2024 20:38:48 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"9a680c8c475d8bba600d4d87b4fa7ee5"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
8702
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Wed, 06 Mar 2024 14:48:42 GMT
last-modified
Thu, 29 Feb 2024 19:58:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 153182A718DB4E4AB9ACA065DA15F8CF Ref B: NYCEDGE1609 Ref C: 2024-03-06T14:48:43Z
etag
"01b4e9c496bda1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13261
sdk.js
analytics.tiktok.com/i18n/pixel/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=BRR4GA0I9JJBU29G8GF0
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.114 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-114.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
29e2a8b03e2559d7345f49f8612893fb07c7d60fcf7fbed556587f2f5fad8b7e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-akamai-request-id
26619f2b
date
Wed, 06 Mar 2024 14:48:43 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240306144843EE0CAC94FA6928F31E9D-680FD44CECE88204-00
x-cache
TCP_MISS from a23-195-36-82.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
server-timing
inner; dur=3, cdn-cache; desc=MISS, edge; dur=1, origin; dur=13
content-length
2526
pragma
no-cache
server
nginx
x-tt-logid
20240306144843EE0CAC94FA6928F31E9D
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
14,23.195.36.82
x-tt-trace-host
011367272af88a3fae6823c0e41bb8c70ad78e93316f581d1b7df695aa7738c1b92a513ef48a9e996b03d42dde00396ee0a033c9598f7a410d60f537ad58bbc3e3e6b0851fee195649dee49dc97f4ce59e8855ff3a8b42e1438c72ce1865264258
expires
Wed, 06 Mar 2024 14:48:43 GMT
events.js
analytics.tiktok.com/i18n/pixel/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.114 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-114.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
7daa4f473c1f3b825470de6988a9df856a299340ecc5f92f347387c1bed23f27

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-akamai-request-id
26619f2c
date
Wed, 06 Mar 2024 14:48:43 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240306144843D2F2050704E676DEBCFD-0DFA715D07573559-00
x-cache
TCP_MISS from a23-195-36-82.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
server-timing
inner; dur=3, cdn-cache; desc=MISS, edge; dur=2, origin; dur=13
content-length
2104
pragma
no-cache
server
nginx
x-tt-logid
20240306144843D2F2050704E676DEBCFD
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
13,23.195.36.82
x-tt-trace-host
011367272af88a3fae6823c0e41bb8c70ad78e93316f581d1b7df695aa7738c1b9aef0843d1e6d57061ed9c920e85ab52eec9e86dc3c98ac878c45769fa41607d0e5ca6ea5b56b19159c4cfc401a6d0df07f93754f0a2007429d61b0c701bf9e02
expires
Wed, 06 Mar 2024 14:48:43 GMT
widget.js
js.jebbit.com/companion/v1/ 		44 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:e800:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a938eea663af09f75118101cf9061107fbef7c4770d7d123c71e33c52c565139

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id
R3KY_K4A_1J6MbzxdLc7TwnPZXsf4837
date
Wed, 06 Mar 2024 14:40:30 GMT
via
1.1 57eada8217c838cfdc4ec177bbe3523c.cloudfront.net (CloudFront)
last-modified
Wed, 21 Feb 2024 21:57:20 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
494
x-amz-server-side-encryption
AES256
etag
"cc4e73d84c409b310a274ca12ee462bc"
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
45249
x-amz-cf-id
eI535kT8zltQ4fxheT_FyBnS_4l0pluZw-nO2vNatEWHyxvNzrQvwg==
baskets
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.99 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
4b86fe35d476bac4f909e05069880b241ef6c9faba38f775492986bff146c736
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
en-US,en;q=0.9
x-pwa-request
true
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjMyZTU0NDRiLTk3ZjUtNGRmZS04NGEwLTM0ODc2YjNlMDQ0ZSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk3MzY0OTEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia1hoSmxyb1lsZWdSbXJCS2xxWVl4ZXhKOjpjaGlkOiAiLCJleHAiOjE3MDk3MzgzMjEsImlhdCI6MTcwOTczNjUyMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTA2Mzc1Njk2ODU3NDAyOCJ9.1EVxpaN3F-Klk2m7PuTSFl46e4NoOOqfkgzTYuMq5hBYdFBKY61FBe1utDDdocrMqsFjiufsB4DpgmAEOtAygw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Wed, 06 Mar 2024 14:48:43 GMT
via
1.1 6301016ccf61750ec7dd668279788376.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/1000 si/34D1a5fe3863-1709730801-21776149 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
content-length
1096
pragma
no-cache
etag
b9e8848468b4d5eaac154b86be8d4bf3d06f94947c50d31079e59f6683a9c2aa
allow
OPTIONS,POST
content-type
application/json;charset=UTF-8
x-dw-resource-state
b9e8848468b4d5eaac154b86be8d4bf3d06f94947c50d31079e59f6683a9c2aa
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
3421a5fe3834/[220,218,-] 34D1a5fe3863/[-,226.422]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges
bytes
cf-ray
860325f55d282406-LHR
x-dw-request-base-id
79LFpEuC6GUBAAB_
x-amz-cf-id
cW6ChraqcJ4zmxwF6yLd-uDAD3Fa2NoWYXq7J7GFCPacMVcuumy7fg==
x-yottaa-os
200
expires
Thu, 01 Dec 1994 16:00:00 GMT
local
www.paypal.com/credit-presentment/experiments/ Frame D391 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.56.0&integrationType=SDK
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
50c938a88e3861313200737a018bc2d4995db885d894905596e060f4aad17683
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
age
60846
cache-control
s-maxage=86400, max-age=0
content-encoding
gzip
content-length
1526
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type
text/html; charset=utf-8
date
Wed, 06 Mar 2024 14:48:43 GMT
dc
ccg11-origin-www-1.paypal.com
edge-cache-tag
up-treatments-zoid
etag
W/"1479-yS+9balPcoACffymI7NOxCL0ycg"
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f9153345e2756
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f9153345e2756-ac63b6363df73887-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f9153345e2756-b9e8a1b3421b3898-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, HIT, MISS
x-cache-hits
133, 4862, 0
x-served-by
cache-bur-kbur8200097-BUR, cache-yyz4564-YYZ, cache-yyz4564-YYZ
x-timer
S1709736524.621950,VS0,VE7
x-xss-protection
1; mode=block
pptm.js
www.paypal.com/tagmanager/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.425&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
724c915904a6a399b4e2c0e07ef9a56ec62002dcf2bb8800f6d0a4f4474498fb
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-Gg7FtHs1nLV4Cd11l8TQI/W442hV5vt5hk+EGMd0RFpi48O6' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-Gg7FtHs1nLV4Cd11l8TQI/W442hV5vt5hk+EGMd0RFpi48O6' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 06 Mar 2024 14:48:43 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
60242
x-cache
HIT, HIT, MISS
paypal-debug-id
f3544249cb534
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
4795
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200043-BUR, cache-yyz4564-YYZ, cache-yyz4564-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f3544249cb534-5c265a6daf3c5dd5-01
x-timer
S1709736523.374893,VS0,VE5
etag
W/"3690-IqaMNHMzpmQyDwZKWGXYdZSOQQg"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=3600
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
69, 8, 0
collect
analytics.google.com/g/ 		0
248 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je4340v879088318z8896608294za220&_gaz=1&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=1122711396.1709736521&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1709736523&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_ss=2&tfd=10600
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:43 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
56 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=1122711396.1709736521&gtm=45je4340v879088318z8896608294za220&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5&npa=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:43 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activityi;dc_pre=CM2ktfHw34QDFWq5fwQdpoQPaw;src=10742279;type=elf8j0;cat=glo_flap;ord=4340220447905;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;...
10742279.fls.doubleclick.net/ Frame 8CBF
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=4340220447905;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-crimina...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CM2ktfHw34QDFWq5fwQdpoQPaw;src=10742279;type=elf8j0;cat=glo_flap;ord=4340220447905;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfco...
604 B
529 B 		Document
General
Check archive.org
Download Go to
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CM2ktfHw34QDFWq5fwQdpoQPaw;src=10742279;type=elf8j0;cat=glo_flap;ord=4340220447905;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.102 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s36-in-f6.1e100.net
Software
cafe /
Resource Hash
d5f4e88a592b623f9b96effebd9729e48e047241356fd69cf6ae6413adf8870f
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
326
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 14:48:44 GMT
expires
Wed, 06 Mar 2024 14:48:44 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 14:48:44 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CM2ktfHw34QDFWq5fwQdpoQPaw;src=10742279;type=elf8j0;cat=glo_flap;ord=4340220447905;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
i.js
tag.wknd.ai/4142/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/4142/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
d973412d326528c3c272948259f245437209138cae41d034f0fe63fc9896f238

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:47:48 GMT
content-encoding
gzip
via
1.1 google
age
56
x-envoy-upstream-service-time
0
x-region
us-central1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5761
server
istio-envoy
etag
d7738e6e28377f
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
pageview
c.contentsquare.net/ 		0
320 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?ex=&pvt=n&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-US&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dr=&dw=1600&dh=7510&ww=1600&wh=1200&sw=1600&sh=1200&uu=fc5ddfe3-edff-a000-c4ea-6e41d03a5ba7&sn=1&hd=1709736523&v=13.99.5&pid=1926&pn=1&r=770889
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.208.222.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-208-222-212.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:44 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
jsp
ut.rd.linksynergy.com/ 		148 B
406 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
e1a41b2ce5fcd6320078c61076968d45ff5b5755840858a747fddef662a62551
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-type
text/plain; charset=utf-8
date
Wed, 06 Mar 2024 14:48:44 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
148
x-samesite
secure
display
api.usehero.com/webplugin/ 		162 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&state=untouched&outboundFeature=
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
f8ea6f7e149ad29010cc98f77695c8c2e91a0c6dd61a41d9ac9bd64e68e03f7e
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
4ef9c13a-fbae-403f-b490-5021cd74f1f4
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
pragma
no-cache
referrer-policy
same-origin
etag
W/"a2-MeKYSNNuCDv61fOQuMYMMBbKkgs"
x-frame-options
SAMEORIGIN
x-geo-zip
14202
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
42.88670
x-accuracy
20
expires
0
date
Wed, 06 Mar 2024 14:48:44 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
America/New_York
x-envoy-upstream-service-time
11
content-length
162
x-xss-protection
0
x-request-id
4ef9c13a-fbae-403f-b490-5021cd74f1f4
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
US
x-geo-city
Buffalo
p
tr.snapchat.com/ 		68 B
459 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.snapchat.com/p?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&ev=PAGE_VIEW&intg=gtm&u_em=&u_pn=&pids=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_c1=450b9bd9-44c7-48e7-817e-cbcacb8e5666&u_sclid=471e0679-f1a7-4e5e-8ee9-52733e1c338f&u_scsid=b7221b04-43af-461e-bf6c-20e28d8b28f1&bt=1d53c387&d_bvs=%5B%5D&df=true&huah=true&m_dcl=4192&m_fcps=3569&m_pi=4189&m_pl=9178&m_pv=2&m_rd=11119&m_sh=1200&m_sl=0&m_sw=1600&pl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&trackId=64f40786-135f-4ca8-bd63-4e63d07deb7f&ts=1709736524022&v=3.12.0-2402271815
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
server
API Gateway
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, no-transform
x-envoy-upstream-service-time
1
alt-svc
clear, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68
activityi;dc_pre=CMevvfHw34QDFWCKfwQd0kYA3g;src=9231397;type=retarget;cat=globa0;ord=6504836100479;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=fals...
9231397.fls.doubleclick.net/ Frame 5AC4
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=6504836100479;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=fa...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CMevvfHw34QDFWCKfwQd0kYA3g;src=9231397;type=retarget;cat=globa0;ord=6504836100479;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals...
726 B
415 B 		Document
General
Check archive.org
Download Go to
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=CMevvfHw34QDFWCKfwQd0kYA3g;src=9231397;type=retarget;cat=globa0;ord=6504836100479;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.102 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s36-in-f6.1e100.net
Software
cafe /
Resource Hash
0376d99f51b9ad9fa26d88847d815779d83e27dbc6a5390f9e6194efbf13ae3f
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
391
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 14:48:44 GMT
expires
Wed, 06 Mar 2024 14:48:44 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 14:48:44 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=CMevvfHw34QDFWCKfwQd0kYA3g;src=9231397;type=retarget;cat=globa0;ord=6504836100479;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:45 GMT
x-amz-version-id
null
cf-cache-status
HIT
age
4081
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
5378
last-modified
Wed, 06 Mar 2024 13:40:44 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
860326030cd103d5-EWR
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%203x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:45 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
HIT
age
48536
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 06 Mar 2024 01:19:49 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
860326030ccf03d5-EWR
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
icon-lips
elfcosmetics.a.bigcontent.io/v1/static/ 		914 B
1023 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-lips?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-lips?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-lips?%24Desktop%24=&fmt=auto%203x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f3989acda5131345cd5dd5f11e9c3c373fd3b09eb1a2a64fb2d6b302ea020a6

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:45 GMT
x-amz-version-id
null
cf-cache-status
HIT
age
74362
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
914
last-modified
Tue, 05 Mar 2024 18:09:23 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
860326030cd003d5-EWR
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
f145c521-88de-4df5-93a1-9b1a710a7e1a
https://www.elfcosmetics.com/ 		7 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.elfcosmetics.com/f145c521-88de-4df5-93a1-9b1a710a7e1a
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
36ff871d9fcff613aae4a44802fc606d1d4838ea4f6efba815f0a1ec95bbd101

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Content-Length
7329
Content-Type
application/javascript
js
www.paypal.com/sdk/ Frame D391 		415 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.56.0&integrationType=SDK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3ec58d58bd0f1cc7bea24dd08d015272b37c4bab92db44f8900bb784c304a80f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-fpWt+wZ/PVdU3sbnZz46p9YMIb7sVOGt3wMyCEEWcC41xng9' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-fpWt+wZ/PVdU3sbnZz46p9YMIb7sVOGt3wMyCEEWcC41xng9' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.56.0&integrationType=SDK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-fpWt+wZ/PVdU3sbnZz46p9YMIb7sVOGt3wMyCEEWcC41xng9' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-fpWt+wZ/PVdU3sbnZz46p9YMIb7sVOGt3wMyCEEWcC41xng9' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 06 Mar 2024 14:48:45 GMT
age
6037
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT, HIT, MISS
p3p
true
paypal-debug-id
f4080854c8105
server-timing
"traceparent;desc="00-0000000000000000000f4080854c8105-2135d77e25e5e0a2-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
115976
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200160-BUR, cache-yyz4564-YYZ, cache-yyz4564-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f4080854c8105-b20f3d94063d804f-01
x-timer
S1709736525.087372,VS0,VE5
etag
W/"1c508-NV3G5BWIBpy1GIsToonTS0n3yR0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
93, 2, 0
plugin.5.46.0.js
cdn.usehero.com/ Frame 1B21 		244 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/plugin.5.46.0.js
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:f200:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
066f884cfd15768801743268a042cc8f5bba3f262b33ff05716b33b9e9550905

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:28:22 GMT
content-encoding
gzip
via
1.1 5b4b6c6517b988a4ff2c794e5583ee02.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P1
age
1224
x-amz-server-side-encryption
AES256
etag
W/"e840bbd769b547fed1c31518dde8fa55"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
3Q_v5X6bx8v12pHZUX_Acz_8Wy2kU8AIh5XkDDh0CddvAOKtIB1aoQ==
dc_pre=CM2ktfHw34QDFWq5fwQdpoQPaw;src=10742279;type=elf8j0;cat=glo_flap;ord=4340220447905;npa=1;auiddc=*;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896...
adservice.google.com/ddm/fls/z/ Frame 8CBF 		42 B
401 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CM2ktfHw34QDFWq5fwQdpoQPaw;src=10742279;type=elf8j0;cat=glo_flap;ord=4340220447905;npa=1;auiddc=*;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals
Requested by
Host: 10742279.fls.doubleclick.net
URL: https://10742279.fls.doubleclick.net/activityi;dc_pre=CM2ktfHw34QDFWq5fwQdpoQPaw;src=10742279;type=elf8j0;cat=glo_flap;ord=4340220447905;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://10742279.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:45 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
t
evt.undertone.com/ Frame 5AC4
Redirect Chain
  • https://ads.undertone.com/t?trackerid=7729&cb=685238072
  • https://evt.undertone.com/t?trackerid=7729&cb=685238072
0
499 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://evt.undertone.com/t?trackerid=7729&cb=685238072
Requested by
Host: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;dc_pre=CMevvfHw34QDFWCKfwQd0kYA3g;src=9231397;type=retarget;cat=globa0;ord=6504836100479;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
Protocol
H2
Server
3.232.18.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-232-18-169.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://9231397.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-origin
https://9231397.fls.doubleclick.net/
pragma
no-cache
date
Wed, 06 Mar 2024 14:48:45 GMT
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
expires
Mon, 26 Jul 1997 05:00:00 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"

Redirect headers

date
Wed, 06 Mar 2024 14:48:45 GMT
via
1.1 0afec277ba3e75e96fa6b4c76d8e130c.cloudfront.net (CloudFront)
accept-ch
sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
x-amz-cf-pop
JFK50-P4
x-cache
Miss from cloudfront
location
https://evt.undertone.com/t?trackerid=7729&cb=685238072
content-length
0
x-amz-cf-id
6zPLWwkJ1pi6bU-mQpQc9ArZCSU4J0C-Bt68Kv5o8hC8UipgngoNHw==
dc_pre=CMevvfHw34QDFWCKfwQd0kYA3g;src=9231397;type=retarget;cat=globa0;ord=6504836100479;npa=1;auiddc=*;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z88...
adservice.google.com/ddm/fls/z/ Frame 5AC4 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CMevvfHw34QDFWCKfwQd0kYA3g;src=9231397;type=retarget;cat=globa0;ord=6504836100479;npa=1;auiddc=*;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals
Requested by
Host: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;dc_pre=CMevvfHw34QDFWCKfwQd0kYA3g;src=9231397;type=retarget;cat=globa0;ord=6504836100479;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://9231397.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:45 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
c69c204f-fba0-4685-aea8-ad32f799fa5d.js
tr.snapchat.com/config/com/ 		185 B
467 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/config/com/c69c204f-fba0-4685-aea8-ad32f799fa5d.js?v=3.12.0-2402271815
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e96d1ae2515a7adf6e1fa754960645298839e87cd2a139fb6dc94c3e45ab9066
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
Origin
https://www.elfcosmetics.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
server
API Gateway
content-type
application/javascript
access-control-allow-origin
https://www.elfcosmetics.com
x-envoy-upstream-service-time
35
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
185
i
tr.snapchat.com/cm/ Frame 554F 		672 B
740 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=b7221b04-43af-461e-bf6c-20e28d8b28f1&u_sclid=471e0679-f1a7-4e5e-8ee9-52733e1c338f
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
clear h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
672
content-type
text/html
date
Wed, 06 Mar 2024 14:48:45 GMT
server
API Gateway
strict-transport-security
max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
x-envoy-upstream-service-time
0
/
www.googleadservices.com/pagead/conversion/698270988/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/698270988/?random=1709736524207&cv=11&fst=1709736524207&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&bttype=purchase&npa=1&pscdl=noapi&auid=762808258.1709736521&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.98 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
f01dc6e5a56a6b43ff76188462bc4ca58ba4e253f87dcad62ae38879a00ca1e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:45 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1714
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
t2_16331p_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
700 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_16331p_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:45 GMT
content-encoding
gzip
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server
snooserv
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
98
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1709736525109&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=b8df9f30-0a51-48a8-a34c-6aea31dd0167&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_c9439d84&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:45 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
main.MTNhZGZiOTRkMA.js
analytics.tiktok.com/i18n/pixel/static/ 		408 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMA.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.114 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-114.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1d16cbf24d53ba3dc9c081aea9064065dfd20331e61856b49a83c706a41cc53a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-akamai-request-id
2661c465
date
Wed, 06 Mar 2024 14:48:45 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202402221501128DAFEBDCE3E742F55790
x-tt-trace-id
00-2402221501128DAFEBDCE3E742F55790-357CAECBF538BD41-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-195-36-82.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01b0057fdf19f353e6a8f328b956e48c1727ae63bcf9cf440952efd63b480e76f92b247071b31281d345e4e8c9ac108e2ae97882dcc11f1bf2ea4d20b2219f02b1584f7475f9e97f21dab973815413c924b00c23b0b7030319c2902bbfeea826ac
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=16
content-length
111054
main.MTNhZGZiOTRkMQ.js
analytics.tiktok.com/i18n/pixel/static/ 		428 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.114 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-114.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
8344b30c4f0eb1c6f29e7515183b8d91e55f80563104c8f15b6d156217091f00

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-akamai-request-id
2661c466
date
Wed, 06 Mar 2024 14:48:45 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
2024022215011258501027F67A0AFD8478
x-tt-trace-id
00-24022215011258501027F67A0AFD8478-0D204546796D9754-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-195-36-82.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01c1b552758de2720c9e014d8e7cac6c8bdd0c2a694e376d08b1a73fb7d65715efebe6b00b4f449aae67864569cebe70ac1e2a602d8e649c92a0db3aa68a4edafe2e499463afb7e7bfff16aa1e7b4bd50229406f7531b4c24de0132885bd56a0ba
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=15
content-length
116076
main.cb6ceab7.js
s.pinimg.com/ct/lib/ 		64 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/lib/main.cb6ceab7.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:1a89::1931 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3b4f2e1b70a9ab8aef23d65cc1b072b5eb6eba4979f6575c64771256e260409d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

akamai-x-true-ttl
1209600
content-encoding
br
x-cdn
akamai
etag
"df5cf5cb5de352dc30a944e95eca73e1"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
access-control-max-age
86400
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET
access-control-expose-headers
X-CDN
cache-control
max-age=1209600
accept-ranges
bytes
content-length
18542
widget.css
js.jebbit.com/companion/v1/ 		15 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:e800:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 23:57:34 GMT
x-amz-version-id
rlLQSdBm9ZTNXvLaketZ1ik.75AdGtXG
via
1.1 57eada8217c838cfdc4ec177bbe3523c.cloudfront.net (CloudFront)
last-modified
Wed, 21 Feb 2024 21:57:20 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
53472
etag
"de1b72e797664b9b2c2139e5ccb24844"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
15521
x-amz-cf-id
rHKMyx93GEabQMounaTp1eUHGzV1WixNN6Zm8nfX-pRsQJYuEdNXFg==
launcher_configs
external-api.jebbit.com/moments/v2/ 		2 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVsZi1jb3NtZXRpYy1jcmltaW5hbHM=&completedLightboxCampaigns=W10=&jebbitCookies=
Requested by
Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.208.207.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-208-207-37.compute-1.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
x-dns-prefetch-control
off
content-length
2
x-xss-protection
1; mode=block
pragma
no-cache
etag
W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-download-options
noopen
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
expires
0
1638306756445368
connect.facebook.net/signals/config/ 		64 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1638306756445368?v=2.9.148&r=stable&domain=www.elfcosmetics.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
815a0320ad8f92f8cf83f9a2804622e5acf474e6ef479f8cf1dbbb0d68845e89
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

permissions-policy-report-only
clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 06 Mar 2024 14:48:45 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
13394
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma
public
x-fb-debug
YQYD5qx2P8CREE4Nt4oBoTR4+LuU3XeV2NIucGLzzbDnY5sF/mKhavIW4x3vEhl8uWhq8p1/x8Q3zAXRuZ8ZeA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
ts
t.paypal.com/ 		42 B
541 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1709736525178&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-cache-hits
0, 0
date
Wed, 06 Mar 2024 14:48:45 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
4198ceccaf9f4
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200157-BUR, cache-yyz4522-YYZ
pragma
no-cache
correlation-id
4198ceccaf9f4
traceparent
00-00000000000000000004198ceccaf9f4-3e7b63912c622030-01
x-timer
S1709736525.260055,VS0,VE108
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 06 Mar 2024 14:48:45 GMT
5013978.js
bat.bing.com/p/action/ 		0
117 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5013978.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Wed, 06 Mar 2024 14:48:44 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: AB9D68AC1F8E4794AF246B7C3C3F8B8B Ref B: NYCEDGE1609 Ref C: 2024-03-06T14:48:45Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=dc3cabe3-4d58-409d-acee-4bca7eae7d2d&sid=a1f2a6b0dbc811eeb1bd81b3563aec88&vid=a1f30ca0dbc811ee88ca618858d0d348&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&p=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&r=&lt=9179&evt=pageLoad&sv=1&rn=660494
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 06 Mar 2024 14:48:44 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: F91691FAEE484763855B6A578DF5BFF9 Ref B: NYCEDGE1609 Ref C: 2024-03-06T14:48:45Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
PWA-UpdateSession
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/ 		56 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10720/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.56.99 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6

Request headers

Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
accept-language
en-US,en;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:45 GMT
content-encoding
gzip
via
1.1 c176cabe132d03e00f152d5649d68e96.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
LHR62-C3
age
0
x-yottaa-optimizations
ob/1000 si/34D1a5fe3863-1709730801-21776163 tts/1707668304444 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
pragma
no-cache
content-type
application/json
cache-control
no-cache, no-store, must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
x-yottaa-metrics
3421a5fe389e/[301,298,-] 34D1a5fe3863/[-,303.200]
cf-ray
86032603284963c3-LHR
x-dw-request-base-id
orvRO02C6GUBAAB_
x-amz-cf-id
qaj1nz3B98onXok_tA4s3IQ1vDt4w7ZyAWlQOc4gSBML9DlIU0-yqg==
expires
Thu, 01 Dec 1994 16:00:00 GMT
dvar
c.contentsquare.net/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=13.99.5&pid=1926&pn=1&sn=1&uu=fc5ddfe3-edff-a000-c4ea-6e41d03a5ba7&dv=H4sIAAAAAAAAA0WMsQrCUAxFfyVkdnHtpq0VwVEKnUraBgnERF6DWor%2F7hOUjvdwzl1wt%2B%2Bqtjuq96RQukVyhQtPgQVWs9FNBmiFdYTD685J2AaecPPrVgbbHDSUhELc8vorZ3%2FCyYLt%2B1i6KvWesvRgqEUj53bF9wcxTAoRiQAAAA%3D%3D&ct=2&r=420940
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.208.222.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-208-222-212.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:45 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
scevent.min.js
sc-static.net/ Frame 554F 		44 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static.net/scevent.min.js
Requested by
Host: tr.snapchat.com
URL: https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=b7221b04-43af-461e-bf6c-20e28d8b28f1&u_sclid=471e0679-f1a7-4e5e-8ee9-52733e1c338f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.74.246 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-74-246.jfk52.r.cloudfront.net
Software
CloudFront /
Resource Hash
1eebbe20a7e11128ee261e88cadbc5f467f81690a0bb0a8aa2a529a8f04aee43

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tr.snapchat.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 18:30:02 GMT
content-encoding
gzip
via
1.1 43034476d4f59b84d702b480b160bb88.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
JFK52-P5
age
73123
etag
b9bd00ec73544025b937f4253ff9de4c
x-cache
Hit from cloudfront
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
public, s-maxage=86400, max-age=600
access-control-allow-headers
Content-Type
content-length
19117
x-amz-cf-id
4bcuj1k5Z8jIrp2mxkeEep9Cw5i6XKSO0ARBYn8dV296aYedB_JV5g==
hash
www.paypal.com/credit-presentment/experiments/ Frame D391 		40 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/hash?device_id=uid_a5d4559c78_mtq6ndg6ndu&disableSetCookie=true&features=disable-set-cookie
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.56.0&integrationType=SDK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.56.0&integrationType=SDK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Wed, 06 Mar 2024 14:48:45 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
0
edge-cache-tag
up-treatments-hash
x-cache
MISS, MISS, MISS
paypal-debug-id
f733191c91816
server-timing
"traceparent;desc="00-0000000000000000000f733191c91816-53a0d599170e8818-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
56
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200139-BUR, cache-yyz4564-YYZ, cache-yyz4564-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f733191c91816-627f1a0f826bdfb6-01
x-timer
S1709736525.388805,VS0,VE133
etag
W/"28-xz7oeWVj/8B52QKKulWR9ZDQlKU"
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-expose-headers
Server-Timing
cache-control
s-maxage=86400, max-age=0
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
chunk.716.df63d46a2a86670d4b68.js
cdn.usehero.com/ Frame 1B21 		841 KB
212 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:f200:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6e9a31b3784b5fa5f384ee596c719982c792ebc9034e6425e2da3ecfd36c0678

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:22:40 GMT
content-encoding
gzip
via
1.1 5b4b6c6517b988a4ff2c794e5583ee02.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P1
age
1566
x-amz-server-side-encryption
AES256
etag
W/"01e9e2a8624bcf27fee5e0a11db65672"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
8rUBlFBO8QhwBfZjpQISOY44r1l0dlhJgk2EsZsi1PJ7Psv77Xxplg==
identify_efbb8.js
analytics.tiktok.com/i18n/pixel/static/ 		137 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_efbb8.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.114 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-114.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a758246f43df5cf0f88a3c46a95cb7e962ec2e16327f7fc6b70d2150981b86df

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-akamai-request-id
2661ca47
date
Wed, 06 Mar 2024 14:48:45 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
2024022215011262E54BBF204779380960
x-tt-trace-id
00-24022215011262E54BBF204779380960-57090E67ECCA7F37-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-195-36-82.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01b0057fdf19f353e6a8f328b956e48c1727ae63bcf9cf440952efd63b480e76f957e20e9b39ab31344dbdd235acd08e5d4fcc6f8dae11a7104727cb12656bda75df97556004994fbb53fe536c47d410bf1a83083d311aa062d3b0103259f4758d
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=11
content-length
36831
performance_interaction
analytics.tiktok.com/api/v2/ 		0
702 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/performance_interaction
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.114 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-114.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
2661cc8c
date
Wed, 06 Mar 2024 14:48:45 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2403061448455213FCD67A51CEB9D578-3A873A2762D466E2-00
x-cache
TCP_MISS from a23-195-36-82.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
server-timing
inner; dur=14, cdn-cache; desc=MISS, edge; dur=10, origin; dur=23
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202403061448455213FCD67A51CEB9D578
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
23,23.195.36.82
x-tt-trace-host
011367272af88a3fae6823c0e41bb8c70ad78e93316f581d1b7df695aa7738c1b91a6232182232d199b2245df19f4c43a73d02157334053d47835fb2cb8f2353997bab12829477b020ea0c0744b49240bd321706d0884c0600f2b051145a3ce195
access-control-allow-headers
Authorization,*
expires
Wed, 06 Mar 2024 14:48:45 GMT
pangle_pixel
analytics.pangle-ads.com/api/v2/ 		0
825 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.pangle-ads.com/api/v2/pangle_pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.118.227 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-118-227.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
de5e9ac
date
Wed, 06 Mar 2024 14:48:45 GMT
x-bytefaas-request-id
202403061448454180977423B32CBD037A
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2403061448454180977423B32CBD037A-3C281C076EBA59C9-00
x-cache
TCP_MISS from a104-126-118-223.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54704533) (-)
server-timing
inner; dur=6, cdn-cache; desc=MISS, edge; dur=1, origin; dur=17
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202403061448454180977423B32CBD037A
access-control-max-age
86400
access-control-allow-methods
*
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
x-bytefaas-execution-duration
4.48
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
x-gw-dst-psm
ad.union.pangle_web_traffic
x-tt-trace-host
0169d0e63182576e979ee0af3639b071e82f9f27135613a936a0d6a367176345beb01ad8ba920c6cccaafeff0cba3f0c253f6da19e43b8cfa7139dd6203830aaca1289f3e6a50925fd51719a90be91f6a0c63bf17c0e806cba47782634c420ab6b
x-origin-response-time
17,104.126.118.223
access-control-allow-headers
*
expires
Wed, 06 Mar 2024 14:48:45 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
702 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.114 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-114.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
2661cc8d
date
Wed, 06 Mar 2024 14:48:45 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240306144845F58A58E62A20FEB46084-008EE1ED10BD03EA-00
x-cache
TCP_MISS from a23-195-36-82.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
server-timing
inner; dur=49, cdn-cache; desc=MISS, edge; dur=5, origin; dur=58
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240306144845F58A58E62A20FEB46084
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
58,23.195.36.82
x-tt-trace-host
011367272af88a3fae6823c0e41bb8c70ad78e93316f581d1b7df695aa7738c1b94693e00d701852839cd29f0713e29d3ab7c4373cf8c59fa5cb8ba873d930c75acc4098eb0ab3a2728164b515253b2421b0bca4ed5305c4b98d90e76ed66096a6
access-control-allow-headers
Authorization,*
expires
Wed, 06 Mar 2024 14:48:45 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
704 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.114 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-114.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
2661cc8f
date
Wed, 06 Mar 2024 14:48:45 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240306144845EAFFC6CEA4B05CAEEA20-3E73BFB5661C5FC4-00
x-cache
TCP_MISS from a23-195-36-82.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
server-timing
inner; dur=38, cdn-cache; desc=MISS, edge; dur=6, origin; dur=53
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240306144845EAFFC6CEA4B05CAEEA20
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
53,23.195.36.82
x-tt-trace-host
011367272af88a3fae6823c0e41bb8c70ad78e93316f581d1b7df695aa7738c1b9616219a3538c1715e62428c8865a391873e71c5e55878783c8e29422ab03dc80b9b5984b7cb5a3714e3224c2372d1c3b5e05450f59263f934167d3eb612d7b57
access-control-allow-headers
Authorization,*
expires
Wed, 06 Mar 2024 14:48:45 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
701 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.114 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-114.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
2661cc90
date
Wed, 06 Mar 2024 14:48:45 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240306144845089CF89793E06509C364-0854EF9D5B84B65B-00
x-cache
TCP_MISS from a23-195-36-82.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
server-timing
inner; dur=45, cdn-cache; desc=MISS, edge; dur=6, origin; dur=54
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240306144845089CF89793E06509C364
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
55,23.195.36.82
x-tt-trace-host
011367272af88a3fae6823c0e41bb8c70ad78e93316f581d1b7df695aa7738c1b96405c6b2b0a7cd0070619dd401e80c2ee79b17ad6bc56866de6287419271877ff8bb0c6c604c80b060544ab6c1c293e00943473b122cc45eda9007e65dd94da8
access-control-allow-headers
Authorization,*
expires
Wed, 06 Mar 2024 14:48:45 GMT
/
ct.pinterest.com/user/ 		298 B
716 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1709736525545&dep=2%2CPAGE_LOAD
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8e33955f54ef8025b647a6e685fa689a9256fc5c987f7dc98590310ac3c358e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:45 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.6c24c317.1709736525.7e3b7453
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=600
content-length
173
x-pinterest-rid
1214645271939779
pin-unauth
dWlkPVl6VmpZVEpqTnpBdE5qYzVNQzAwTVRrNUxXSXlNelF0TW1NMU9HSXlNak16T1dWaw
pragma
no-cache
referrer-policy
origin
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
d86307369f90fc9732b55f1af546f99435a80f0f
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&rl=&if=false&ts=1709736525560&sw=1600&sh=1200&v=2.9.148&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1709736525556.2008200830&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1709736525142&coo=false&eid=1709736986400_170973711725414&tm=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 06 Mar 2024 14:48:45 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.google.com/pagead/1p-conversion/698270988/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1686884066&cv=11&fst=1709736524207&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=...
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1686884066&cv=11&fst=1709736524207&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-conversion/698270988/?random=1686884066&cv=11&fst=1709736524207&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&npa=1&pscdl=noapi&auid=762808258.1709736521&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=EkxDaEFJZ01XZ3J3WVF0NTZmc3FLU2o2aEJFaVVBUlBGRFNreDFGTTdrZncyNUxxektwT2JXNjJ6QlJkbmx4V2paQUtyaVdILU5jY0JfGldDaEFJZ01XZ3J3WVFsWm1jNHZUaWdJd3ZFaTBBZDVSVmZ5QmxaUG9LXzBLNlVsZkJueDNSSFZ1aGRsZFpzbWVYSFhTOEtEQmh1RWJxQU5CdXpiQk1DTUEiEwjdhfvx8N-EAxUBjVoFHajQBpUyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSKQB7FLtqg2_6W_8JGqawaLqQiMvVeFbUrFc0cnVzW_NHQuy9hHrYsHJM&eitems=ChAIgMWgrwYQpbDbu5_zq-N0Eh0AhfHvbumUkkF8EROLZgNKzcZfMmFhYQe1_PTteA&random=1992985855
Protocol
H3
Server
2607:f8b0:4006:80f::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:45 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:45 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://www.google.com/pagead/1p-conversion/698270988/?random=1686884066&cv=11&fst=1709736524207&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&npa=1&pscdl=noapi&auid=762808258.1709736521&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=EkxDaEFJZ01XZ3J3WVF0NTZmc3FLU2o2aEJFaVVBUlBGRFNreDFGTTdrZncyNUxxektwT2JXNjJ6QlJkbmx4V2paQUtyaVdILU5jY0JfGldDaEFJZ01XZ3J3WVFsWm1jNHZUaWdJd3ZFaTBBZDVSVmZ5QmxaUG9LXzBLNlVsZkJueDNSSFZ1aGRsZFpzbWVYSFhTOEtEQmh1RWJxQU5CdXpiQk1DTUEiEwjdhfvx8N-EAxUBjVoFHajQBpUyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSKQB7FLtqg2_6W_8JGqawaLqQiMvVeFbUrFc0cnVzW_NHQuy9hHrYsHJM&eitems=ChAIgMWgrwYQpbDbu5_zq-N0Eh0AhfHvbumUkkF8EROLZgNKzcZfMmFhYQe1_PTteA&random=1992985855
content-type
image/gif
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
p
tr6.snapchat.com/ 		0
45 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr6.snapchat.com/p
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 06 Mar 2024 14:48:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0
via
1.1 google, 1.1 google
server
API Gateway
alt-svc
clear, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
/
ct.pinterest.com/v3/ 		35 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%22cb6ceab7%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1709736525614
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:45 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
referrer-policy
origin
x-cdn
akamai
akamai-grn
0.6c24c317.1709736525.7e3b7454
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
pinterest-version
d86307369f90fc9732b55f1af546f99435a80f0f
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
content-length
35
x-pinterest-rid
1119792848866125
expires
Sat, 01 Jan 2000 00:00:00 GMT
shopper
api.usehero.com/localisation/ Frame 1B21 		35 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/localisation/shopper?appId=efcf9631-4c6b-4874-9f76-51f71464249a&version=5.46.0
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
5570f4a23e52ab1d181c0cbc38821585e6b09260b9a3d5b8da32c125c06e1bb1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:45 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-time-zone
America/New_York
klarna-correlation-id
202f26aa-bc8a-467a-b657-3b86d4e3585b
x-envoy-upstream-service-time
24
x-geo-longitude
-78.89270
x-request-id
202f26aa-bc8a-467a-b657-3b86d4e3585b
access-control-max-age
21600
access-control-allow-methods
GET, HEAD, PUT, PATCH, POST, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-country
US
cache-control
max-age=86400, public
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-geo-zip
14202
access-control-allow-headers
DNT,Accept-Language,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,x-region-id,x-api-version
x-accuracy
20
check
pixel.tapad.com/idsync/ex/push/ Frame 6469
Redirect Chain
  • https://tr.snapchat.com/cm/s?bt=1d53c387&pnid=140&cb=1709736525678&u_scsid=31d8c0ad-17f0-42bf-9b3e-ea6d97b0ac6d&u_sclid=22d99b20-3dc6-44cc-b9b9-41ecafdbc6b7
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1709339041519%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1709339041519%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
0
0
muse.js
www.paypalobjects.com/muse/ 		55 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/muse.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nya/79B8) /
Resource Hash
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
d856585c00e65
dc
ccg11-origin-www-1.paypal.com
content-length
16355
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
server
ECAcc (nya/79B8)
traceparent
00-0000000000000000000d856585c00e65-860cbab69ab0b3d8-01
etag
"64f25363-daa8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Wed, 06 Mar 2024 15:48:45 GMT
logger
www.paypal.com/xoplatform/logger/api/ Frame D391 		0
0
act
analytics.tiktok.com/api/v2/pixel/ 		0
700 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.114 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-114.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
2661d1c9
date
Wed, 06 Mar 2024 14:48:45 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240306144845793012CB781FEFC2A415-0356C2EBFC5AD070-00
x-cache
TCP_MISS from a23-195-36-82.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.2-54697487) (-)
server-timing
inner; dur=33, cdn-cache; desc=MISS, edge; dur=6, origin; dur=42
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240306144845793012CB781FEFC2A415
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
42,23.195.36.82
x-tt-trace-host
011367272af88a3fae6823c0e41bb8c70ad78e93316f581d1b7df695aa7738c1b92aa0acc4f63858bc048b68c2cabd656b988fac281619302103d118fc06073f59caab04448e5a4fef680533b72b31afa2f6e8e3eec30034f9f9969d6cf631207d
access-control-allow-headers
Authorization,*
expires
Wed, 06 Mar 2024 14:48:45 GMT
settings
api.usehero.com/webplugin/ Frame 1B21 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/webplugin/settings?appId=efcf9631-4c6b-4874-9f76-51f71464249a
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
532bcb8909320181167f847a492db322b746fe9d010daf0f8a10121b4e22cc97
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding
gzip
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
07e0fa20-c1d5-4a7b-ba83-f874d391b324
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
pragma
no-cache
referrer-policy
same-origin
etag
W/"64f-5vtIf06F9AHeeSALavoGvmhOwKU"
x-frame-options
SAMEORIGIN
x-geo-zip
14202
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
42.88670
x-accuracy
20
expires
0
date
Wed, 06 Mar 2024 14:48:45 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
America/New_York
x-envoy-upstream-service-time
22
x-xss-protection
0
x-request-id
07e0fa20-c1d5-4a7b-ba83-f874d391b324
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
US
x-geo-city
Buffalo
runtime_6459738026535cda4232dc813c61447d.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_6459738026535cda4232dc813c61447d.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 28 Feb 2024 04:27:31 GMT
content-encoding
br
age
642075
x-guploader-uploadid
ABPtcPqdTK98HXouyRkbKEMxPLx4qC4K0FskqQrS2LMV4mzRjN1NkmKFCTJ0--NI1DYi2gj1lg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1316
last-modified
Tue, 27 Feb 2024 15:58:35 GMT
server
UploadServer
etag
"09512239cb2a22728ca9f8608dfc2181"
x-goog-generation
1709049515484584
x-goog-hash
crc32c=BS9gKg==, md5=CVEiOcsqInKMqfhgjfwhgQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1316
accept-ranges
bytes
content-type
text/javascript
p
tr.snapchat.com/ 		0
93 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/p
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 06 Mar 2024 14:48:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
server
API Gateway
access-control-allow-origin
https://www.elfcosmetics.com
x-envoy-upstream-service-time
1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Wed, 06 Mar 2024 14:48:46 GMT
expires
0
klarna-correlation-id
4af3e36f-bbf2-4cc4-8519-9d35cd61ad68
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
US
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
7
x-frame-options
SAMEORIGIN
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-geo-longitude
-78.89270
x-geo-zip
14202
x-permitted-cross-domain-policies
none
x-request-id
4af3e36f-bbf2-4cc4-8519-9d35cd61ad68
x-time-zone
America/New_York
x-xss-protection
0
metrics
api.usehero.com/ Frame 1B21 		0
987 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Wed, 06 Mar 2024 14:48:46 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/New_York
klarna-correlation-id
2b0df18c-d64d-4233-b138-2f1966aac3a4
x-envoy-upstream-service-time
8
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
x-xss-protection
0
x-request-id
2b0df18c-d64d-4233-b138-2f1966aac3a4
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
14202
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-country
US
x-accuracy
20
expires
0
metrics
api.usehero.com/ Frame 1B21 		0
988 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Wed, 06 Mar 2024 14:48:46 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/New_York
klarna-correlation-id
717d0a4e-0b7d-4522-b6df-731651767971
x-envoy-upstream-service-time
10
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
x-xss-protection
0
x-request-id
717d0a4e-0b7d-4522-b6df-731651767971
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
14202
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-country
US
x-accuracy
20
expires
0
metrics
api.usehero.com/ Frame 1B21 		0
987 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Wed, 06 Mar 2024 14:48:46 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/New_York
klarna-correlation-id
200892e1-3974-43a8-b202-a91c86e97bd6
x-envoy-upstream-service-time
9
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
x-xss-protection
0
x-request-id
200892e1-3974-43a8-b202-a91c86e97bd6
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
14202
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-country
US
x-accuracy
20
expires
0
lineup
api.usehero.com/info/ Frame 1B21 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/info/lineup?appId=efcf9631-4c6b-4874-9f76-51f71464249a&id=3VNlAm9GwR
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
0b827abc34132551ee5d038a15277ba6bc5306abc290e3445856b8bde86b12b2
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
99036eb5-a5ad-4ffd-bb3a-be9ae24ba9be
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
pragma
no-cache
referrer-policy
same-origin
etag
W/"11c-kFa0ZWzaL8zygT1iadME65kkIWA"
x-frame-options
SAMEORIGIN
x-geo-zip
14202
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
public, max-age=120
x-geo-latitude
42.88670
x-accuracy
20
expires
0
date
Wed, 06 Mar 2024 14:48:46 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
America/New_York
x-envoy-upstream-service-time
9
content-length
284
x-xss-protection
0
x-request-id
99036eb5-a5ad-4ffd-bb3a-be9ae24ba9be
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
US
x-geo-city
Buffalo
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Wed, 06 Mar 2024 14:48:46 GMT
expires
0
klarna-correlation-id
4ebf48d4-2c11-4012-a6ca-d13756df1c01
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
US
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
7
x-frame-options
SAMEORIGIN
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-geo-longitude
-78.89270
x-geo-zip
14202
x-permitted-cross-domain-policies
none
x-request-id
4ebf48d4-2c11-4012-a6ca-d13756df1c01
x-time-zone
America/New_York
x-xss-protection
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Wed, 06 Mar 2024 14:48:46 GMT
expires
0
klarna-correlation-id
7a4b4719-65d9-4424-b55c-f63c7e1fa9ba
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
US
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
5
x-frame-options
SAMEORIGIN
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-geo-longitude
-78.89270
x-geo-zip
14202
x-permitted-cross-domain-policies
none
x-request-id
7a4b4719-65d9-4424-b55c-f63c7e1fa9ba
x-time-zone
America/New_York
x-xss-protection
0
exist
srm.ba.contentsquare.net/ 		2 B
94 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://srm.ba.contentsquare.net/exist?v=13.99.5&pid=1926&pn=1&sn=1&uu=fc5ddfe3-edff-a000-c4ea-6e41d03a5ba7
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.229.107.156 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-229-107-156.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 06 Mar 2024 14:48:46 GMT
content-length
2
content-type
application/json
metrics
api.usehero.com/ Frame 1B21 		0
987 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Wed, 06 Mar 2024 14:48:46 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/New_York
klarna-correlation-id
de9582d3-a71a-448a-be0c-9fa103b004fe
x-envoy-upstream-service-time
8
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
x-xss-protection
0
x-request-id
de9582d3-a71a-448a-be0c-9fa103b004fe
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
14202
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-country
US
x-accuracy
20
expires
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Wed, 06 Mar 2024 14:48:46 GMT
expires
0
klarna-correlation-id
313f91c8-d78b-438b-bdd8-de7e34bd4afe
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
US
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
6
x-frame-options
SAMEORIGIN
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-geo-longitude
-78.89270
x-geo-zip
14202
x-permitted-cross-domain-policies
none
x-request-id
313f91c8-d78b-438b-bdd8-de7e34bd4afe
x-time-zone
America/New_York
x-xss-protection
0
index.html
www.paypalobjects.com/muse/analytics/ Frame 4CA1 		55 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/analytics/index.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nya/7959) /
Resource Hash
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
gzip
content-length
16892
content-type
text/html
date
Wed, 06 Mar 2024 14:48:46 GMT
dc
ccg11-origin-www-1.paypal.com
etag
"64f25363-dacc"
expires
Wed, 06 Mar 2024 15:48:46 GMT
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id
b597930db9f8b
server
ECAcc (nya/7959)
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-0000000000000000000b597930db9f8b-796c49dc14abe9a7-01
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
upload.usehero.com/avatars/ Frame 1B21 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-105.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
083e613ed2185815dc9dc91ae569c1ea8cb0187da15b88fb4df656b04ade665f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 16:23:12 GMT
via
1.1 b15f339834cfb5119481b1c1eb890372.cloudfront.net (CloudFront)
last-modified
Tue, 18 Jul 2023 20:33:39 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P3
age
80735
etag
"dd497646e037b78e9dc7ed0418ad50f0"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1340
x-amz-cf-id
Acr5VmYHJpXuN1SkijJiI1l66-D3dOpl0HqYmAocD2KoyEb34hlpaA==
KXuBcpbKnO-gHpck1F3eu0hJr5Ylv-7p-56x56.jpg
upload.usehero.com/avatars/ Frame 1B21 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/KXuBcpbKnO-gHpck1F3eu0hJr5Ylv-7p-56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-105.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c363b09ddcb37d2bb5655e872f15bcb72a98f76d2a58adb85a1daa57bee2a46e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 16:46:07 GMT
via
1.1 b15f339834cfb5119481b1c1eb890372.cloudfront.net (CloudFront)
last-modified
Sat, 23 Dec 2023 22:32:37 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P3
age
79360
etag
"ef4acd5484a8c70f9097e83fe46ff68a"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1314
x-amz-cf-id
62qZqn2W-MrroqklhCmc70leOS4qZLJnLMHzrJxndeByNIs21D7bQw==
BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
upload.usehero.com/avatars/ Frame 1B21 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-105.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
39b407ba527842ba6587698367b62e9c4770a0f1fb906c220879568cce0b1063

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 16:01:17 GMT
via
1.1 b15f339834cfb5119481b1c1eb890372.cloudfront.net (CloudFront)
last-modified
Tue, 22 Feb 2022 11:23:23 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P3
age
82050
etag
"3436467bdbf884d229cc844f2d56d81a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1279
x-amz-cf-id
-S69tas_dl92PfZDBr22w-Xn9zMPVbu1OxrrSZ0REPSn1C3cq_-svA==
main-v2_51eb65df61c5708f828b71f2c6f19bd4.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		485 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_51eb65df61c5708f828b71f2c6f19bd4.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
652c78e1fed16ce8400b02e044db779e18e24371df4aefc7743ac3b0a3fe86a2

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 14:33:23 GMT
content-encoding
br
age
87323
x-guploader-uploadid
ABPtcPrTKOWvp-p0iyFnb1OsJtA-EWtn6H8w2yD9qJghf8ZYvSrmK0NkO7G2GItXgfmCtXLmOEw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
107907
last-modified
Tue, 05 Mar 2024 14:33:15 GMT
server
UploadServer
etag
"ef8c8df5de944057a18ee3d3e51448bf"
x-goog-generation
1709649195431287
x-goog-hash
crc32c=9j1CKA==, md5=74yN9d6UQFehjuPT5RRIvw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
107907
accept-ranges
bytes
content-type
text/javascript
cjs_min_1e55b565811f11b08485230cf1d150d6.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		49 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 28 Feb 2024 00:14:05 GMT
content-encoding
gzip
age
657281
x-guploader-uploadid
ABPtcPrjugFAVJ9qLQ3c2_QN966dZOeGbHqMg92EIXFeu0E9GqBl3bwGkvr95HeTeNok1dOJTX03Dy6rsA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15751
last-modified
Wed, 13 Dec 2023 16:23:11 GMT
server
UploadServer
etag
"d7dc7d7ebcc4f5af5fc2d4804e7ec737"
x-goog-generation
1702484591435387
x-goog-hash
crc32c=3TW0yQ==, md5=19x9frzE9a9fwtSATn7HNw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000,no-transform
x-goog-stored-content-length
15751
accept-ranges
bytes
content-type
text/javascript; charset=utf-8
token_create.js
ct.pinterest.com/static/ct/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/static/ct/token_create.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
3afda3a545f4af46f87af3efd62d036c7b950df588a444bd9464191236e79922
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:46 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.6c24c317.1709736526.7e3b8109
etag
"e5a433af03b04b75eb9e68dadd108a70"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=7200
content-length
2080
noop.js
www.paypalobjects.com/muse/ Frame 4CA1 		18 B
210 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/noop.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (daa/7D8C) /
Resource Hash
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypalobjects.com/muse/analytics/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:46 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
paypal-debug-id
ee87dc9bdb1f2
dc
ccg11-origin-www-1.paypal.com
content-length
18
last-modified
Sat, 13 Feb 2021 00:26:56 GMT
server
ECAcc (daa/7D8C)
traceparent
00-0000000000000000000ee87dc9bdb1f2-86c81f688e1a0f39-01
etag
"60271cd0-12"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Wed, 06 Mar 2024 14:48:45 GMT
ct.html
ct.pinterest.com/ Frame E066 		565 B
625 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/ct.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

akamai-grn
0.6c24c317.1709736526.7e3b81e0
cache-control
max-age=86400
content-encoding
gzip
content-length
323
content-type
text/html; charset=utf-8
date
Wed, 06 Mar 2024 14:48:46 GMT
pinterest-version
d86307369f90fc9732b55f1af546f99435a80f0f
referrer-policy
origin
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-cdn
akamai
x-envoy-upstream-service-time
0
x-pinterest-rid
3529707697304881
ts
t.paypal.com/ 		42 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1709736526295&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-cache-hits
0, 0
date
Wed, 06 Mar 2024 14:48:46 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
f06ebe7e8a202
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200070-BUR, cache-yyz4522-YYZ
pragma
no-cache
correlation-id
f06ebe7e8a202
traceparent
00-0000000000000000000f06ebe7e8a202-ea8207b0261b2b5d-01
x-timer
S1709736526.306395,VS0,VE94
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 06 Mar 2024 14:48:46 GMT
/
data.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.cdnbasket.net/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.98.126.122 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
122.126.98.34.bc.googleusercontent.com
Software
/
Resource Hash
eec2cd1094a6238af60f038e8f42ee2e90b115afd360a765d49a2dcd1d532336

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 14:48:46 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
page.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://page.cdnbasket.net/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.181 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
181.102.96.34.bc.googleusercontent.com
Software
/
Resource Hash
7d084ab3d46e87a15a489145623d3b3fa161d23f5e9f544f2cbe047537e5af55

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 14:48:46 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
view.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://view.cdnbasket.net/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.102.206.216 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
216.206.102.34.bc.googleusercontent.com
Software
/
Resource Hash
cf14d2c07884176483beb43a76b3f79899619cb087fc8176c3792ca79d47c83d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 14:48:46 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
upload.usehero.com/avatars/ Frame 6154 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-105.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
083e613ed2185815dc9dc91ae569c1ea8cb0187da15b88fb4df656b04ade665f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 16:23:12 GMT
via
1.1 b15f339834cfb5119481b1c1eb890372.cloudfront.net (CloudFront)
last-modified
Tue, 18 Jul 2023 20:33:39 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P3
age
80735
etag
"dd497646e037b78e9dc7ed0418ad50f0"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1340
x-amz-cf-id
y4gX3MlGCA0i9Fjf10ZEai7jmyuDQguAjaNJbaS42czXRBBxlEoapw==
KXuBcpbKnO-gHpck1F3eu0hJr5Ylv-7p-56x56.jpg
upload.usehero.com/avatars/ Frame 6154 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/KXuBcpbKnO-gHpck1F3eu0hJr5Ylv-7p-56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-105.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c363b09ddcb37d2bb5655e872f15bcb72a98f76d2a58adb85a1daa57bee2a46e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 16:46:07 GMT
via
1.1 b15f339834cfb5119481b1c1eb890372.cloudfront.net (CloudFront)
last-modified
Sat, 23 Dec 2023 22:32:37 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P3
age
79360
etag
"ef4acd5484a8c70f9097e83fe46ff68a"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1314
x-amz-cf-id
HQiIcPRt7y4CaeuklKMXoQrX4hnEBD5EBG3TJ8tp1v70tEixgWjIKg==
BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
upload.usehero.com/avatars/ Frame 6154 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-105.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
39b407ba527842ba6587698367b62e9c4770a0f1fb906c220879568cce0b1063

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 16:01:17 GMT
via
1.1 b15f339834cfb5119481b1c1eb890372.cloudfront.net (CloudFront)
last-modified
Tue, 22 Feb 2022 11:23:23 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P3
age
82050
etag
"3436467bdbf884d229cc844f2d56d81a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1279
x-amz-cf-id
OTJ56zEegzqu9Rw5oDM6Q4mImS86pTVy-Lw60bQmsW9g9eOQ-O2gbg==
inbox-v2_c555afbb18897f16008370a417a91834.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_c555afbb18897f16008370a417a91834.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4c80ba44f61dd8c09ce0c57ca565f286b8bbb3f5ca6cb1fe882ad0d174eaafd1

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 06:07:16 GMT
content-encoding
br
age
1240890
x-guploader-uploadid
ABPtcPpElWz9ZgoNVG9a-p7kX2XCPNFRaETbminoxZPOz-Qfg7QRHpGpkzNEZW07NAgkQNSUOX0
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4860
last-modified
Mon, 22 Jan 2024 18:43:27 GMT
server
UploadServer
etag
"9f22ee70a9494b465aa6cccf0424e225"
x-goog-generation
1705949007615648
x-goog-hash
crc32c=ugxA6Q==, md5=nyLucKlJS0ZapszPBCTiJQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
4860
accept-ranges
bytes
content-type
text/javascript
sms-v2_e39203556bab2366e56296ce42e974a7.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/sms-v2_e39203556bab2366e56296ce42e974a7.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
c9f83027cf2e267d24b2cfe366bc6664841765f0aaf362faf0156bccdce42355

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 18:01:20 GMT
content-encoding
br
age
1198046
x-guploader-uploadid
ABPtcPrkv38WH7FsL0-5kFy-888Yvjw2Xz9iltWrhCZWISdcbGpuRd1wKAZMzjMu1Jlt6GQyOh32tQF66Q
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1303
last-modified
Mon, 22 Jan 2024 18:44:14 GMT
server
UploadServer
etag
"684b816ff7fa85526ab4b729fb5f0c91"
x-goog-generation
1705949054010429
x-goog-hash
crc32c=ikqFlg==, md5=aEuBb/f6hVJqtLcp+18MkQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1303
accept-ranges
bytes
content-type
text/javascript
onsite-v2_1e65144eaf4e12878292a8065df4997d.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_1e65144eaf4e12878292a8065df4997d.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
7bcce32f4ef85233e030a2e0f1a2a81aefab5d602d45c655b1ff5f068ac8abb8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 06:50:26 GMT
content-encoding
br
age
28700
x-guploader-uploadid
ABPtcPqY_5TllxP4OZSj4jPOus0qA1lW1x-H3oMa4CbWSJmsq4_0JRw7bFqJyu_2TFQMxnFICBY
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4963
last-modified
Tue, 05 Mar 2024 14:33:21 GMT
server
UploadServer
etag
"aaf913c9914c1e9a66cc88a9a0b151cd"
x-goog-generation
1709649201878392
x-goog-hash
crc32c=jDxLwQ==, md5=qvkTyZFMHppmzIipoLFRzQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
4963
accept-ranges
bytes
content-type
text/javascript
graphql
www.paypal.com/targeting/ Frame 4CA1 		446 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/targeting/graphql?disableSetCookie=true
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fb27e247bf4d215b60ffc5a0eedc2291dffc1d1b168d538bd455756215a96c85
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-EeKvhxkeWEpwaMy99mvoxAAyDe9YWOE/9IP7BAxL0Oyd4OK0' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.paypalobjects.com/
disable-set-cookie
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-EeKvhxkeWEpwaMy99mvoxAAyDe9YWOE/9IP7BAxL0Oyd4OK0' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
disable-set-cookie
true
date
Wed, 06 Mar 2024 14:48:46 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f49605554567d
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200098-BUR, cache-yyz4564-YYZ, cache-yyz4564-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f49605554567d-8d50afa2950ffcb8-01
x-timer
S1709736527.649271,VS0,VE295
etag
W/"1be-Gf6qMgx21d2JyEz5s4x0o70Ctzw"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
graphql
www.paypal.com/targeting/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/targeting/graphql?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,disable-set-cookie
Access-Control-Request-Method
POST
Origin
https://www.paypalobjects.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type,disable-set-cookie
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
date
Wed, 06 Mar 2024 14:48:46 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f709531124384
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f709531124384-b2456fd1b137649f-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-served-by
cache-bur-kbur8200161-BUR, cache-yyz4566-YYZ, cache-yyz4566-YYZ
x-timer
S1709736526.490896,VS0,VE138
jquery-3.5.1.min.js
assets.bounceexchange.com/assets/bounce/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 00:28:31 GMT
content-encoding
br
age
397215
x-guploader-uploadid
ABPtcPrp4xTnhwimxHHE6wGElPEWSVQJhT-RpXz6wNjVqZAw1ZBaKmX87aehQgnAcUYKzmogszBaZx1yIA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31568
last-modified
Wed, 28 Feb 2024 14:45:25 GMT
server
UploadServer
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary
Accept-Encoding
x-goog-generation
1709131524972112
x-goog-hash
crc32c=W9o9Ng==, md5=3F5/GMjTasHT1HU6h8mNCg==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
89476
accept-ranges
none
content-type
text/javascript; charset=UTF-8
script-tag.js
cdn-scripts.signifyd.com/api/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-128.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
68f6710cb2cc63e278cd3be6a0593c700b3ac346e36c1d636c5c13374dc20e91

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:40:48 GMT
content-encoding
gzip
via
1.1 a65e9b4047452e76aa43b68828db2d7e.cloudfront.net (CloudFront)
last-modified
Wed, 10 Jan 2024 11:26:22 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P3
age
479
x-amz-server-side-encryption
AES256
etag
W/"d34fe38d39e71cd6ace9ab1bfc0bb10a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
0dv-FxKA5CGsGiQ24O_nGQ99l8I2sl9gqgf5r311QpJUKUdo37ErCg==
local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame C6BC 		2 KB
969 B 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
none
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
age
396913
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
938
content-type
text/html; charset=UTF-8
date
Sat, 02 Mar 2024 00:33:33 GMT
etag
W/"fc893948c3efc689b5b19d8a77958e23"
last-modified
Wed, 28 Feb 2024 14:45:23 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1709131523340943
x-goog-hash
crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
2408
x-guploader-uploadid
ABPtcPocJyQsmkTJ1Cvx5jeroD19F_tXdavgN8w3jBRNxFRokLJ_dqioifejfaNFAw_iXexUDg
company_toolkit.js
cdn-scripts.signifyd.com/api/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-128.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:42:13 GMT
content-encoding
gzip
via
1.1 a65e9b4047452e76aa43b68828db2d7e.cloudfront.net (CloudFront)
last-modified
Tue, 30 May 2023 10:18:44 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P3
age
394
x-amz-server-side-encryption
AES256
etag
W/"2c3950f122b3977df61b0e077aaa92c8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
QYfDhg1ha5RuXVNkOY1-zqWBm8BH5zLw4tWU_QSjUXeUQvNpsH2n4Q==
w10ypcwjqg0llhgo.js
imgs.signifyd.com/ 		98 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/w10ypcwjqg0llhgo.js?2qnz4bgo8yvkjtta=w2txo5aa&71ict0ezy3ecwpty=L2FhZDQ3MmI2MmRiM2I1ZWM1MjQxZGIyNTI1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
4affdacd77ceabdee92da8da59b4adebbfe3b28ff1a2fa60debc058b52030994
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Wed, 06 Mar 2024 14:48:47 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
CP=IVAa PSAa
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=100
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ts
t.paypal.com/ 		42 B
256 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfo&cust=LHPKPW45T4MWQ&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&unsc=8&identifier_used=DFP&e=im&t=1709736526955&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-cache-hits
0, 0
date
Wed, 06 Mar 2024 14:48:47 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
b6d71b2142d0b
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200068-BUR, cache-yyz4522-YYZ
pragma
no-cache
correlation-id
b6d71b2142d0b
traceparent
00-0000000000000000000b6d71b2142d0b-efd3803af8be2a7e-01
x-timer
S1709736527.967397,VS0,VE88
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 06 Mar 2024 14:48:47 GMT
c
ids.cdnwidget.com/ 		448 B
786 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=184068231&GCS2=ZTEwYzk0NzAtOGJmOC00ZTAzLWFmNWMtMDdiZWY1Yzc1NTVjLmxvY2Fs&pe=false&wsid=4142&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Atrue%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A4142%2C%22loadID%22%3A%22FlvYRbSJLh0BKDI%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A4%2C%22IDStageStart%22%3A4%2C%22netComplete%22%3A155%2C%22obsReqview%22%3A187%2C%22obsReqdata%22%3A197%2C%22obsReqpage%22%3A208%2C%22IDStagePrefire%22%3A209%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A-10%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%228723199298549469282%22%2C%22visitid%22%3A%221709736526617782%22%7D
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:56e0:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
/
Resource Hash
cab7e2f0ae92ebd8d2526e4fb359b044d1730e02ddaa125a517762b9130b756a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:47 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
448
lookup
pd.cdnwidget.com/ 		49 B
205 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pd.cdnwidget.com/lookup?deviceID=2dJqSM9L2gmnoL20KhBhb49UJuQ&bxwid=4142&bxdid=8723199298549469282&visitID=1709736526617782&enableUID2=false
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:47 GMT
via
1.1 google
server
istio-envoy
content-type
application/json
access-control-allow-origin
*
x-envoy-upstream-service-time
25
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49
cs
tags.rd.linksynergy.com/
Redirect Chain
  • https://idsync.rlcdn.com/458359.gif?partner_uid=bc74edfc-18d6-46f8-b89c-4f89719dd46e
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGJjNzRlZGZjLTE4ZDYtNDZmOC1iODljLTRmODk3MTlkZDQ2ZRAAGg0Iz4SirwYSBQjoBxAAQgBKAA
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=81284d164479db9b681ec88b4036798f33d8887309eb5af5240aad0b1d5e02196ac34734d8e453ee
37 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=81284d164479db9b681ec88b4036798f33d8887309eb5af5240aad0b1d5e02196ac34734d8e453ee
Protocol
H2
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-type
image/gif
date
Wed, 06 Mar 2024 14:48:47 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
x-samesite
secure

Redirect headers

date
Wed, 06 Mar 2024 14:48:47 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=81284d164479db9b681ec88b4036798f33d8887309eb5af5240aad0b1d5e02196ac34734d8e453ee
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
9klEScNBpTXhLvin
imgs.signifyd.com/ Frame 1A10 		275 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/9klEScNBpTXhLvin?e360375e1b843f51=3Te88F7s0Ous79LNxD5Aj6aKDb8WDJ9vyeZwLT9Jwk6n0jntrkZqMAZn6X-XLNSYhV6SlDgvWmoJ8qKZaakH6IbFZaWufEOWUHfyAXTakXcHyu2sNffK-6IENSzNC0W-V3nL-8EiG1Jcx2ygUlvsUZ-_JC3DJxnBYmwGbgqcTQj-RIZkGuFPK80UCmtV6pfIehYKyR4emZBOANLY&jb=3d3b242e60736f77355f616c6c67757b2e687b6f3755616e6c65777b2f3038393b2662736a773f4b62726f6f6d2e62716a3541607a6d65652f3038313a38
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/w10ypcwjqg0llhgo.js?2qnz4bgo8yvkjtta=w2txo5aa&71ict0ezy3ecwpty=L2FhZDQ3MmI2MmRiM2I1ZWM1MjQxZGIyNTI1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
260de10667298e85d19583ee8ce60c30185780d02d36298247b104763b91be7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Wed, 06 Mar 2024 14:48:47 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
tmx-nonce
0e0aeaa6bbf08677
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=99
Expires
Thu, 01 Jan 1970 00:00:00 GMT
YID_d9FR8mCHwNj0
imgs.signifyd.com/ Frame 1A10 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/YID_d9FR8mCHwNj0?6252105a37367cb8=FIR26vkp0MoRu_mS6_AwhfdeBVE3pl7ktaUWaTPgqhZfHp-YzI_ujRCQ6IuFkKkCxUIMtEbopqOTlLAJhjpBWFuOR9Q8Ii885bYSFyzlJIssiQFdM0spH4nK_VJCu4OJ_4CagAWgFfwq9wtg_skGGoqRFIY0b-W6nl71wr4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 14:48:47 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
8ME3Mn956pDEQk9V
imgs.signifyd.com/ Frame 1A10 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/8ME3Mn956pDEQk9V?c039ab1e8002d624=HLXp3DeujTdjuSN7_eIpRzq0_Tn59gvU522XK74La6eoD1MQ1AV7SfA0B-t766hC0jO2oX15qB52coopdoxy_1t0lTyZc0CeorRTaFh1jXOgi7ozrLiMjJnKUN8hz5b0Z1N8WO2Uk_7baGP1YljasIOtVEvtBkpn8ykV8eg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 14:48:47 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
init1.js
api.bounceexchange.com/bounce/ 		106 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/init1.js?wklzs=1158&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHYAGATkIGYA2AVgCZKAWQzYALxCiuOMwHcApgCMcqYAID6qACZRG+RnUwAnAThAAbOGgwFuxAB746PFQJgDlq5VGwBDDRtQIA5hLjKNUABbBgABxwAUgoAQSC6ADEIyL44gDoBDRgkEBwAWwE0JBx41PSYpJgAWlSMrNQkUuVUdOcHHEwAN1RRYAlUkABrVAEoIMIAIQi6DX8RkPC6Ol8A4LoaMIj6aIWouL5E5LLM7Nz85aii0rTdyura+o15ugiAYRHlCaXpicIAEWwQbt7+oZHpDJnlM6AAOQh0Cj4UikOikUE0RikRhUWGg26vOgPaYtaTAohkSi0OhUKhEQjo+4jJrAgbDaYaEAuFwCaRSBDAmANARU6YCJqWCSM5ms9mc7m8uhIOzKdoAR2AAE9gcRJdLZRImg44DzXmFVViRjg4EI6n5RRg2rrbmEuddddjRkyWWznFJpAIEGgYL08XrQnacA6Rur2kHgOL7WqZRH-YGeR9JdIXJFUMocMAADIgOx+m2hYDKHWS7wy6QASXetOmdGkACk5QBlCAUPhwSIAWVI7zs4AAWi4EMRpH2AJoCUKoLoTQ3TdQwYCV6vTetNruZugudIIEAb4gAaW8g28QiRAFU63AIDPHcnaf9pq0AAqqFogOA4O4f0CZJ5xiWznQrSNiaOBIDUQiWJGQbRkg3iSMANyTAS5DUPQTBUAMVYfM0Mo4AA2sKLrsgAurA3K4em+H8oKRGis4ZHxpRBGhhICqKmRvBalRrFaloAiccx+H+MoIBsiJlQCeR9pCSJYkSAgdiZIxFHcQRboZiASBdCpMlqfhxqmmI4hspaYhSUx+mdD0kjpGJDgSCJaiesAulBkJdGugg7ouagPqsm5AhCax4aBbJ0j+BIOBdHAYVWTGcV4cJr5RTFcUejA+G8dqUlcRlhHOvR3kyL5-nSOl5hZTGUVZGF1m9BIoAgEKMostJ7lCP4UC8FkXX4QARKG-UADSDXY4guCAyiKiNg3wdp77ALN3ggJks1ydIcAoLNQYynB-UkZg-iIbY+T+E4djIJIMAaHYLi2E0pa2KWyiurItYNs2rbtl2Pb9oOw5jhOU6YPO7QyFAH1rqQG5bjue6Hsep6kBeV5AA
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
339b06098fb60d7579df64514f9e48f830c198a5abc67bfb9fe23c4eef3a561a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:47 GMT
content-encoding
gzip
via
1.1 google
last-modified
Wed, 06 Mar 2024 14:48:47 GMT
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
30
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0
clear.png
imgs.signifyd.com/fp/ Frame 1A10 		81 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fp/clear.png
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/9klEScNBpTXhLvin?e360375e1b843f51=3Te88F7s0Ous79LNxD5Aj6aKDb8WDJ9vyeZwLT9Jwk6n0jntrkZqMAZn6X-XLNSYhV6SlDgvWmoJ8qKZaakH6IbFZaWufEOWUHfyAXTakXcHyu2sNffK-6IENSzNC0W-V3nL-8EiG1Jcx2ygUlvsUZ-_JC3DJxnBYmwGbgqcTQj-RIZkGuFPK80UCmtV6pfIehYKyR4emZBOANLY&jb=3d3b242e60736f77355f616c6c67757b2e687b6f3755616e6c65777b2f3038393b2662736a773f4b62726f6f6d2e62716a3541607a6d65652f3038313a38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*, w2txo5aa/0e0aeaa6bbf08677l2fhzdq3mmi2mmrim2i1zwm1mjqxzgiynti1
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Wed, 06 Mar 2024 14:48:47 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Wed, 06 Mar 2024 14:48:47 GMT
Server
Apache
Etag
67b9f5e921e54f059303564b5503b9e9
Content-Type
image/png
Access-Control-Allow-Origin
https://www.elfcosmetics.com
Cache-Control
private, must-revalidate, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
Expires
Mon, 05 Mar 2029 14:48:47 GMT
CKtu1rKA-axryNBW
imgs.signifyd.com/ Frame 34D2 		91 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/CKtu1rKA-axryNBW?e8d118f88f67f710=5o70AkeM4OCWd95lxZWZ10ePP2mwEowWHLkbKaKPXpaKCfTMOA4loPSKoguyhs1OhTGo-cnLKzrWxj4nF-a3iwa_fQwDBuaLnVBBL6CBQJpycd_LzIZePER38B35_sWWsQbot9ZEbN0g76QDp9mlhzvTUKKUqtC4pwnC1NJ1y_7nPyb5g6q6EJC6jY48u6_ORS7TJ-vgfUMqHcUJiOs
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/9klEScNBpTXhLvin?e360375e1b843f51=3Te88F7s0Ous79LNxD5Aj6aKDb8WDJ9vyeZwLT9Jwk6n0jntrkZqMAZn6X-XLNSYhV6SlDgvWmoJ8qKZaakH6IbFZaWufEOWUHfyAXTakXcHyu2sNffK-6IENSzNC0W-V3nL-8EiG1Jcx2ygUlvsUZ-_JC3DJxnBYmwGbgqcTQj-RIZkGuFPK80UCmtV6pfIehYKyR4emZBOANLY&jb=3d3b242e60736f77355f616c6c67757b2e687b6f3755616e6c65777b2f3038393b2662736a773f4b62726f6f6d2e62716a3541607a6d65652f3038313a38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
bf4d38b7a4f8eb326c632121fb86e0e1da16eb3e8cd8bf8fcdd847426ab21bf6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Wed, 06 Mar 2024 14:48:47 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=98
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
kRkFXVMQ4_eaG5b7
imgs.signifyd.com/ Frame 1A10 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/kRkFXVMQ4_eaG5b7?039cabca753cd3b2=topm-AK9mACY3vyYm7-tI_5Y9yz5h9XwZyHT5RrNZoW_GXuiaUJamo_aTX63HBndTx4Ep7ofSGiAerA4fXKgJ-GlYImv1lXuUpqCcurb-Gv5MqnrYB16ojGA6eYF94xfyvbk5Xch8PVnJYWFeOZm8Rs_9Dc&jb=3b34246479613d373e6c39323c6b356c6b373f343e316b383c3330396e3269696c613e333a3766
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/9klEScNBpTXhLvin?e360375e1b843f51=3Te88F7s0Ous79LNxD5Aj6aKDb8WDJ9vyeZwLT9Jwk6n0jntrkZqMAZn6X-XLNSYhV6SlDgvWmoJ8qKZaakH6IbFZaWufEOWUHfyAXTakXcHyu2sNffK-6IENSzNC0W-V3nL-8EiG1Jcx2ygUlvsUZ-_JC3DJxnBYmwGbgqcTQj-RIZkGuFPK80UCmtV6pfIehYKyR4emZBOANLY&jb=3d3b242e60736f77355f616c6c67757b2e687b6f3755616e6c65777b2f3038393b2662736a773f4b62726f6f6d2e62716a3541607a6d65652f3038313a38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 14:48:47 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
6dyRUAykQa-OR_q-
h.online-metrix.net/ Frame 3276 		104 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://h.online-metrix.net/6dyRUAykQa-OR_q-?349a49bea2245d9f=C97gTcrLnOw_sj-CNr_eAwu_bR7-KNYzBRhTmiffghFWn_bwrLT4bbutE2qTpoP-uZa9cL5BVYB7vAIp7cOTiHkfFEcJ_-w8M1nH9jQTQf_epva4vARmKykIJuJIB18Pl1LspeuSHsy7RgyIpI-_0PctOrAssKpJscWpHwP6aGh8URF-ThAvS6LGq3RxyLC0iw8xGieRJk6r2g6hcf_8
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/9klEScNBpTXhLvin?e360375e1b843f51=3Te88F7s0Ous79LNxD5Aj6aKDb8WDJ9vyeZwLT9Jwk6n0jntrkZqMAZn6X-XLNSYhV6SlDgvWmoJ8qKZaakH6IbFZaWufEOWUHfyAXTakXcHyu2sNffK-6IENSzNC0W-V3nL-8EiG1Jcx2ygUlvsUZ-_JC3DJxnBYmwGbgqcTQj-RIZkGuFPK80UCmtV6pfIehYKyR4emZBOANLY&jb=3d3b242e60736f77355f616c6c67757b2e687b6f3755616e6c65777b2f3038393b2662736a773f4b62726f6f6d2e62716a3541607a6d65652f3038313a38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
b3cebc6cea9712fd3f622133c2331b47607f06227e571e721d879e52bcf63c2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Wed, 06 Mar 2024 14:48:47 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
eNolPS9CH_cDE8oV
imgs.signifyd.com/ Frame B3A0 		91 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/eNolPS9CH_cDE8oV?1d5e0f75a976a0b7=MtnJjg0pQ7mlqCd17TnRirnCXEfJtdpax5Zq6ll5Eur76aUnfgRP5hHIigadLYdyMmZ6FQF58ERZ_pgjRfoQOWNyBSpI9RDLrOwYn1aU5v75HqvGSC2ty7o_fxL6Tdc26-dga3Z9u288bFDcw6wW_pUPO048C2-ubPDgS4aLiT_CWTaWQ7KVdldHYlj5S_BBqz3KDXFqL1dxHGSP9gGf
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/9klEScNBpTXhLvin?e360375e1b843f51=3Te88F7s0Ous79LNxD5Aj6aKDb8WDJ9vyeZwLT9Jwk6n0jntrkZqMAZn6X-XLNSYhV6SlDgvWmoJ8qKZaakH6IbFZaWufEOWUHfyAXTakXcHyu2sNffK-6IENSzNC0W-V3nL-8EiG1Jcx2ygUlvsUZ-_JC3DJxnBYmwGbgqcTQj-RIZkGuFPK80UCmtV6pfIehYKyR4emZBOANLY&jb=3d3b242e60736f77355f616c6c67757b2e687b6f3755616e6c65777b2f3038393b2662736a773f4b62726f6f6d2e62716a3541607a6d65652f3038313a38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
11406e3b62294ffdc21348fd4a23761608b4cb667faf4233cd85c082aa57304d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Wed, 06 Mar 2024 14:48:47 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=99
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
kRkFXVMQ4_eaG5b7
imgs.signifyd.com/ Frame 1A10 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/kRkFXVMQ4_eaG5b7?039cabca753cd3b2=topm-AK9mACY3vyYm7-tI_5Y9yz5h9XwZyHT5RrNZoW_GXuiaUJamo_aTX63HBndTx4Ep7ofSGiAerA4fXKgJ-GlYImv1lXuUpqCcurb-Gv5MqnrYB16ojGA6eYF94xfyvbk5Xch8PVnJYWFeOZm8Rs_9Dc&ja=393b373c2c26633f253e38322e723f382e6435313c323878393830382c636e353b363830703330383a26737a7135387a382e66787a3f392c3b343830243b32383a2e393e3a3024313a3232243b36303224393a323824333e383224313832382c3826302e6776356932383a616a61666b3d3764666e6c6e3b6d693a3c39333c373a346a39693d612e676c353c2c736b643530362e66683d6a7c7c78712d3b432d3a442d324c757f77266f6c6e696d7b656f7461637b2c6167672532446d646e2f6b6771656d76616327617a6965636e6966712e78663d3b26786a3f3f3266323a69693e606b6e606d39333b623d313037696f306c39606c6a38643c26606a3f3e333237343b6d313a6a30633d3d316e306e353d333b32323b3d603e696b65392662716d355d696e66677f7b273a3833392e687b62374160726767652d3832393a3826627367773f5f636e646d7f7b2e687b6a77354b6a7a6f67672e6e60693d393c24666c673d3026666f767837302676726c3552696b6b6e61612d324c4a676e676675647f2465697e687a3d3c32323b6e3163306a6d6b323a6d346b6b373e303a3a3a616c3b353d3e32396e6e343d38303336396e366563693a3c666b3136696e606c3738313933393336692c667a3562747c707b2731492f3246273a4e7f757f2667646e61677367677c696b792e6b656f2d3a4c65646625616d7b6765746b6b256b7061656b66696e7b267a3f786c7d6d69665564646979682d354d64636479652172647d6f6b6657756166666777795d65656c6361577a6e69716f722d354d64636479652172647d6f6b6657636c67606d5f6b617a6f6a6b742d3f476e6966736d21786e776f636e5f737d616b697c616f6d2d374d666b6e7b65297a6c7d6d6b6657796867636375637e6f2535476e6964716d2972647d65616e55706d61647a6c6973677a2d3f456e61647167297a6c756561665774646b5d786463716578273d456e6b6c7b6f2378647f67616e5766677e6b6c76702d3d4d646964716d297264756d6b665f7b7c67577c6b6d7f6f722d354d64636479652172647d6f6b665768697e632d354f64696c7b6f266f665d6b357d656a676455676a4d4c2530383926322d3a322047726d6e4d4e2d32384f532d38323a263a253a304b6a70676769756f215f6d604f44273a3845445346273a304d59253a3a3326382f323828477267664d4c2530384d5b273a3845445b4e2d323a475b253a3a31263a273a3849687a6f656b77652357656043617c556d6a49617c273a305d676a47444b4e4f4647576164737c616661676c5561727069717b273b4a273a3847505455606465666e5f65636c656972253b422d30324d52545f616461785d6b676c7c7a6d642539402d32384f585c55616764657257627d64646d785f6863646e57646467637c2d314a2538324d585c55646d7a766057696c696d7827314a2f323047505c57646467637c5760646564662d334a2f32384f5a5c576c726967576667787e6825314a2d3a324d505657786d64796d6d665f676c667b6f76576b666165702d31402d3830455a5c577b6a696c677a57766d787e777a6557666f6c2f314a2d38304d585c5d766d727475706d576b6d6578706d7b71616f645d6a707c69253b48273a384f585c5f7c677a7c7f72655d6b6765727a6d717b616d665f78657c632d39422d38324d505e5f7c657076777a6f5f666b647c6d7057696c617b6d7c72657261632d39422d38324d505e5f7b524f40273b48253232474d5b5d6d6467656d6c7c5f636c6c657055756164762d3b48253a30474751576c626f5d7a6d66666d7a5d65617265617a273b422d3830474f51577b7e616664697066576e65726b7e697c6b7e6d712d3b402d323a4d4d53577e65707e777a6d5566646f6976273b48253232474d5b5d7c6d7a7c7d706d5f6c6e67617c556c616467697a2f334a253a324d4d595f7467707c7d706d576a6964645766666d69742d39422d3832474d595f7c657076777a6f5f6863646e57646467637c576e616e6f637a253b48253a3a4d4d5b55766d727c677a576b72726371576760626d617c2d314a2538325f454a4d4c57696d6467785f6a756e64677a55666c6d697c2d314a2d30385f474a47465d6b6f657a726d79716d6c55746d787c77706d556173766b2d3b402d3a325f4d404f4c5561676d7878657b79676c577e6570747d7067576f7463273b4a2d30385f474a4f4e5763656f78726d79736d6e5d7c6d72747d726d5d677c693125314a2d3a325f4d404f445d6b6f67727a657b79656c55766d707e757a655771317c692533402d3a38554d4a45445761676d7a706d737b6f64577e67707c7f726d5f7b31766b557372656a2d3b402d3a325f4d404f4c55666d627d6d5f7a6f6c6c6d78657a5f616c64672f3342273a385f474a4f4e576c677874625d7c65707e757a6f273b4a2f3238574d404544556472637f576a776e6e677a7b273b422f3038574d484744556e677b6f5f6b6f667667707e2533402d3a38554d4a4544576f7d6c7e6b57647a6b772d39402d3a3a574d424f4e5d78656c79656766576f676c67393e246f6c556a35656a6f643f3c313c3a3b3239666c35616a6b30633b693e6966383c343a3e376a326b3b69623c32362e7d65647e374966746d6e273a3a496e61262e7f65647a3f4166766d6c2f3038497a63732d383247786f6e4f4c2d30324d6467696c6d2e6b616c3533&jb=3937362e66713d4f6772616e6469273a4e3726302f3038285f636e6c65757b2d383046542d3032393a2e30273b4a2d30385f6b663e362d3348273a30703c34212f3038497a7064655f676043637425304e3d3b35263b342d3a32204b4256454c2d38432d3832646161652d323845676b616f29273a384b6a7a676f6d2d304e3138302630263c323e3b2c313c2f3238536964637a632532443d3b3f2c3b3e
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/9klEScNBpTXhLvin?e360375e1b843f51=3Te88F7s0Ous79LNxD5Aj6aKDb8WDJ9vyeZwLT9Jwk6n0jntrkZqMAZn6X-XLNSYhV6SlDgvWmoJ8qKZaakH6IbFZaWufEOWUHfyAXTakXcHyu2sNffK-6IENSzNC0W-V3nL-8EiG1Jcx2ygUlvsUZ-_JC3DJxnBYmwGbgqcTQj-RIZkGuFPK80UCmtV6pfIehYKyR4emZBOANLY&jb=3d3b242e60736f77355f616c6c67757b2e687b6f3755616e6c65777b2f3038393b2662736a773f4b62726f6f6d2e62716a3541607a6d65652f3038313a38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Wed, 06 Mar 2024 14:48:47 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=97
Content-Type
text/javascript;charset=UTF-8
KJkZTUdQXzCMkSEK
w2txo5aanf2md3hkgco6xex6u3tcyjd44x5c4hcy0e0aeaa6bbf08677sac.d.aa.online-metrix.net/ Frame 1A10 		81 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://w2txo5aanf2md3hkgco6xex6u3tcyjd44x5c4hcy0e0aeaa6bbf08677sac.d.aa.online-metrix.net/KJkZTUdQXzCMkSEK?cb9d8acdcf87cbf7=E7PA1lErFU2dkHwkMgrDI1OFn9pI67jJ1KdCuIpG5pTtFxse0lHJyW0M6wvUaG0H4DDIqi-qAjrKJ0iJjd1ry086dzYIz51VA1gu41eXksk7PTygGB3VKtcv0kyeq4PzAWgjxHO_O4szVPUFbFd2e9tG2gk-zxrsg02k
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.3 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 14:48:48 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
vv-mgYQOXiJtsXxA
imgs.signifyd.com/ Frame 34D2 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/vv-mgYQOXiJtsXxA?f026935fa12d69c6=1o_1vi8Ppfyttfdr5XssEdbQDDzqBodm7xAeUxtwpEmcA7Rg1dgQUWEqX31vJCaGOWibrsx-teGS0uzNY9BbeagIWDGEORs3C_e3Yl-ZxlK7haDKOr9j2knhODCITe2fX13_sm4N0tS1UQjJK49nism0KJk&jf=3b34246479623d306b6a3c663c6a3a303f32383468326939313e656a6b33693d6e3230383a6461
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/CKtu1rKA-axryNBW?e8d118f88f67f710=5o70AkeM4OCWd95lxZWZ10ePP2mwEowWHLkbKaKPXpaKCfTMOA4loPSKoguyhs1OhTGo-cnLKzrWxj4nF-a3iwa_fQwDBuaLnVBBL6CBQJpycd_LzIZePER38B35_sWWsQbot9ZEbN0g76QDp9mlhzvTUKKUqtC4pwnC1NJ1y_7nPyb5g6q6EJC6jY48u6_ORS7TJ-vgfUMqHcUJiOs
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://imgs.signifyd.com/CKtu1rKA-axryNBW?e8d118f88f67f710=5o70AkeM4OCWd95lxZWZ10ePP2mwEowWHLkbKaKPXpaKCfTMOA4loPSKoguyhs1OhTGo-cnLKzrWxj4nF-a3iwa_fQwDBuaLnVBBL6CBQJpycd_LzIZePER38B35_sWWsQbot9ZEbN0g76QDp9mlhzvTUKKUqtC4pwnC1NJ1y_7nPyb5g6q6EJC6jY48u6_ORS7TJ-vgfUMqHcUJiOs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 14:48:47 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=98
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
creatives-base-styles.a53944a2.min.css
assets.bounceexchange.com/tag/css/ 		37 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/tag/css/creatives-base-styles.a53944a2.min.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 14 Feb 2024 19:52:21 GMT
content-encoding
gzip
age
1796186
x-guploader-uploadid
ABPtcPru9p5wIABJsHYGzBabN8HxLsQZ2VqjuBRw6OWjyb1sCv62fWQQPgmKiXS0bgTe8l_iiYeZ6F-eJQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6053
last-modified
Tue, 13 Dec 2022 17:12:22 GMT
server
UploadServer
etag
"54f61bdcbfb6f81427c8a6803f48b02f"
vary
Accept-Encoding
x-goog-generation
1670951542233151
x-goog-hash
crc32c=lLRhfg==, md5=VPYb3L+2+BQnyKaAP0iwLw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
6053
accept-ranges
bytes
content-type
text/css
visit
events.bouncex.net/track.gif/ 		42 B
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoB1ETAEwIDuYNgDkAKmwCMzFpQDMAITbdMANgAs8pdWYAPDQEo2AQQAOp0gk4IARgGkoNBnIDsjOarbs7ACTF4AGRoAYTZSEABrBDYAcQQAYwiCIx1ggAskAgBbaLpJamoWRlVqVUlGAE5NHQBlFAAzFCQQJ3pXd1UAMlAIGCQEeuR+pBxu8ChoCj4eNFN0BFgkUhw0yEhTYWo24xp6Ol26ASPGBFJ6+IIwHMgQeLBGC6yD2lP6gFoLq4Qb+I-mrJ4KFIYDGvWg-TABFIsBuBEwuhwklUzGYoImEKhMJAcIAnoidKiehN4vBINlgE0QCgbJYwDhKC5tNRSAQ0BheAB9Hg0ajyHYFRrA3K86ihAoIYDIDkstkITncgp8nmCxA8kI8+JNSAcgCOkBxark-J0atFGq1HIp0OFSoKrEVZoKpkynOdtxtRuVQNVDrF1GdBE5mBQOUNxpVNsd1B4HLAZMSYa9QtNfrAsBsALWco5cN6HvD3sjfouBAiIAQHKygaBHOdCEQ2ETAsLKZ5MvZXMwXN4WBu9XLvCb1AjrYKmqQ2sQkCHI99PNMvFMsYisBnLbnY61a+TG-9-WAy9Xis9zZ3vJcABE0TAS2WEPTGTzeCBB8fjQAOFzUOSSCoVagVO+9DqFUqj-u+Ioin6oCvryRqSC4zAVC4Hh7C4IGAUh6oFMAiaPpe2HULwaC0CASBxgEBAoLBfKQEgsC5H6aRNLwACSF5DkRABSOo1AAinIAiwLQeAVBeKAEAAVgAWmgmDMLw0kAJoIMYkSjtQkL1JA7GcbwPE1KJATUGgWSYAQxnMHYaQKGkNggQAqlxsB8RpxF4Uy4AAAr7ti8DBKS2TIGGs5+uANTpmA8TNDYwVvqF5rxGkFaQJscHGAhSEoaoaFyOongEVG9TANOb6ZchqHUC4hESWG9p+qQphDqs6ybNszzPEcAgnGcnzXLc9yPM8rwfJc-W-NFIAAsGwIaSgaV8vVPLAKYuFlYRNEnkRGlIEOGnxCVYbldlaGERAm3GG8kiEWg0VhruTxvktBSkIdZWIRVOVVYRmpZHMIByQtnqPgU1DqPQ9Dvsw1TpQyTLAGt6XPcyb3pcdlXVYVfpgxD76uB5y2I4thGvaVaMfSd30EdTV7wMg8zYNANiZEIyA4OkmQ5J0dOoBgjOSuR2KYPihQyCUZSVOo3OILzvbQBYKCQPUBBIFkOAqPwQhSKiPMMzAPagPE3w4qY949mAERkqYnQknGQVINAzFRXCAuQHKOCohgBDQBcsDYEgOIXD2OAOTUnRez7BB+3RgeBggcghzUxjhwg3u+-7OLBjkIeYFAcpsDUkCK-WKfe-0aBCzgIhKaX4IIBXcJZ-eIgIAIbBKSrES1-EUB4gosD1IKBC16YlxF6QQf3pI6g6NQ3dwjcmC9pPVfJ1WweogIth5i+ODqNPc9EjcvCIhTGMYVDFSdAb7q75+36-v+gHAaB4Fz3MGCgK3u+SJ0iA6gxTARtd6oniOEXsNwchxhDKYU+WUMaqB-DbcB2AUCmBAALCAcIcBFzQHIa+Ep3Q4F4H-KOSAjY4C3jYToescA81IdpbsOBuK8SMiZMyFkdDWVsvZCoTkXKdGYkgeUJ8WH8UEsJUS4kpKyXkopFSakIhAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:47 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pageview
events.bouncex.net/track.gif/ 		42 B
165 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdBOgGYDGA9oQLYS4YHQk2696rNgFpufAUJmoYvGADsQ6QgDJQkWAkQdkhXF15QQSkACN0EQpmIB2AELUq6LmEgATAPpq7mSUVFRsGoQQQVQAwu7QEKh+nt4Q-oGhwe7hmlGZse4clrh+AI64AJ5BFO4ADNFxoUWoJRboyHlUWaH1+Y1UwKhc-oNCnd1hEeMFoYPDfur81SGTuQ3uan4mXBwA1svZU+uhhMjWKvhpflyqhDC44zWhOZHHVNxcu3B+vMMafoN7BBVLgDs8jn13ClfAFVAEfMDBGw4D4watXpCmsUtgI0S9pv1gD5gFtdsg8RCujN3sUKWtMQNUNBSeTMk90eMnAARHTgaBwJAfL72GAALwgmAAbABWAAcvL0AsMIFUNyEGhw+CI3TotEY8BY7Fk-EEwlEZgk7BkPBNCg4ShU6k0Cv5BiF31MXGSlkgmHxLv0gq4nw9FWAEtIwGduldQZDEC2Yol0tqAEYAJxaMTAQy8YCYWpZsw53AcNgFot5lCEfOF7OIMDAWtaX4IivwCDWO4PGA+TAAFlT-aoWlg3d7mFTTlq6acpBlVCc-fT6dlM60CNgHAgE9lTiopAz6aoq+ly-7kuPspHMcDE9TWkipQ6qm396z6DgIME-BMIDzk7TrO87SoukqkNKH5frgIDADAUCJHcNyYDBYCkBu-LbpgPiPlwaBYR21haHyIKYMYiS4WwJQTlQPgAFKlAAygAsumAAyVBgLwqocbUADS2AuNg1jLgAqnRyAAIpaNgljpH2tEMYxkmkPAyA0KxXIgFwABWABaYCqLUPh6QAmhA5AwLsQA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:47 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
hash.gif
pix.cdnwidget.com/
Redirect Chain
  • https://pix.cdnwidget.com/redirect?CID=2dJqSQ3wuFM9DaojZgn0dZYeAik&DID=2dJqSM9L2gmnoL20KhBhb49UJuQ&v=&iv=&deviceid=8723199298549469282&visitid=1709736527499809&wsid=4142&apikey=2^HIykD
  • https://pippio.com/api/sync?pid=5749
  • https://pix.cdnwidget.com/hash.gif?md5=none&sha1=none&sha256=none
68 B
626 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.cdnwidget.com/hash.gif?md5=none&sha1=none&sha256=none
Protocol
H2
Server
34.149.254.212 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
212.254.149.34.bc.googleusercontent.com
Software
/
Resource Hash
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:48 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68
content-type
image/png

Redirect headers

date
Wed, 06 Mar 2024 14:48:48 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://pix.cdnwidget.com/hash.gif?md5=none&sha1=none&sha256=none
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
graph
idr.cdnwidget.com/ 		0
135 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idr.cdnwidget.com/graph?cookieID=2dJqSQ3wuFM9DaojZgn0dZYeAik&deviceID=2dJqSM9L2gmnoL20KhBhb49UJuQ&bxdid=8723199298549469282&bxvid=1709736527499809&bxwid=4142&gm=true&apikey=2^HIykD&loadID=FlvYRbSJLh0BKDI
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 06 Mar 2024 14:48:47 GMT
via
1.1 google
x-envoy-upstream-service-time
0
server
istio-envoy
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
Zg2igwS0en7KB3FD
imgs.signifyd.com/ Frame 1A10 		0
401 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/Zg2igwS0en7KB3FD?329e8ea2ff1b15c5=vPLgSuB5BOszQUPvQK_RLdr2fEl4IRUVvYjr2j_jXeVJyZKXFITD-21nLEdjfkrV0jXEmpA9OoLVDoMPEC8lZuhhIF-xtvHwS9eKKpZ0QVto6FRffMj0x_58ok5UpzvZtzrmm_2ZBmwiGO_7icmlC65tIhRc1921gmRfGo_aaI5KHJ3-j7rnlqMpYhhEDSzGgdwMpCCTw_duB5U4NGc&jf=3c33342e7969645d7a666c3f7c6c70576c446d794c7231766d38653d414d71512c7361645766637c6f3d313538313f313e3d303f2e716164557671706d37776d68386d6b6e7369267b6b66576165793f3b383d3b3b38333b38343837386330363c32636d3966383a3a313836383a30693236343a6b6d3b66383b3239383538333e303830383e326b3c33693d69346a633c376631326165313c6b693b6c693a6d6a3b3b393c676a396c3b643e3e346c6a3a613e65693a366d6f3161336b6d3d606930303e6c643b366f373e61696f306d69376b6933636b31696732383a636160383e6d36303c366d6a333e37333b3130393e39386b3b383f683369356e32346b386165326a6b2e71616c5d7b616535333a363d303a3830386e66383e32623e323e30323a333832646c303b3a6a69606b3a3638373d3138336e6c303e6c6138303e633f666b36636d6f6461666d696a316e6e663d3b3b6b30383039303832303139333a3b32306d343163313c3f3661373c6c6a333e30613b3c303d3433606a386a3d623e33606e30393739376d316469693632606b6d6b3a6c3932383f247b696c703530
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 14:48:47 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=100
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
d18b79cfe9e061a30968806015ff63a6.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		94 KB
94 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/d18b79cfe9e061a30968806015ff63a6.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
24c990bf93f521e5e1b9f9e52730c87238f4c7f7feda80215c60ed7243cab819

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:12:42 GMT
age
1722965
x-guploader-uploadid
ABPtcPrJhBHIrVSWA6aZB_Ify8uvIutVfWGjgIkRGMW4d4vCPaj0KD5Toax9vqBEtCZppusEOJuzbef5VA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
96609
last-modified
Wed, 17 Jan 2024 12:33:00 GMT
server
UploadServer
etag
"d18b79cfe9e061a30968806015ff63a6"
x-goog-generation
1705494780048716
x-goog-hash
crc32c=8QqFDw==, md5=0Yt5z+ngYaMJaIBgFf9jpg==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
96609
accept-ranges
bytes
content-type
image/jpeg
f1f08c94605f58c8efba06c479c9a11d.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		89 KB
89 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/f1f08c94605f58c8efba06c479c9a11d.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b560a2dec6e408a3e4338d69ca3585b79f4f37de269685b06c6ddece941fddf1

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:12:42 GMT
age
1722965
x-guploader-uploadid
ABPtcPpD5i_Cf5_2tmcNia7V-vbpKAV5goJxuBV5EeCBUm3BKLj1eM3URTbb9hMxO_rPqE0E39GSv2XrIQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
90861
last-modified
Wed, 31 Jan 2024 12:11:20 GMT
server
UploadServer
etag
"f1f08c94605f58c8efba06c479c9a11d"
x-goog-generation
1706703080795054
x-goog-hash
crc32c=CUXLVQ==, md5=8fCMlGBfWMjvugbEecmhHQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
90861
accept-ranges
bytes
content-type
image/jpeg
59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 14:25:53 GMT
age
1210974
x-guploader-uploadid
ABPtcPr5sBT3WBPZkzUNzt_I2TqZ3ShbqFQ3dRJtKRQL8wseDo98rqvydIXtoKtotl8wb5EVCdA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18352
last-modified
Tue, 25 Aug 2020 15:57:40 GMT
server
UploadServer
etag
"59a941c096f98029341d8c56b7b89113"
x-goog-generation
1598371060392963
x-goog-hash
crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
18352
accept-ranges
bytes
content-type
image/png
845c9552fa83de62ce5c65e9ce22aa69.jpg
assets.bounceexchange.com/assets/uploads/users/8377/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/users/8377/845c9552fa83de62ce5c65e9ce22aa69.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4ad1a82d00680c14f55a66ee5d8d815fa36212052fb705209a5a9ec5c4bbddcb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:13:37 GMT
age
1722910
x-guploader-uploadid
ABPtcPpB4dpWf91w4P0erzIIIRkBZ3ChUJp6JKAB_2r4A3JOWJjlrDAYHFsKOBfeg4nbhu-_1ltrkuxlfA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66529
last-modified
Wed, 17 Jan 2024 14:32:47 GMT
server
UploadServer
etag
"845c9552fa83de62ce5c65e9ce22aa69"
x-goog-generation
1705501966967402
x-goog-hash
crc32c=EAQCTA==, md5=hFyVUvqD3mLOXGXpziKqaQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
66529
accept-ranges
bytes
content-type
image/jpeg
a74a64f8eb64be9f44c7b9097bcc0e6c.jpeg
assets.bounceexchange.com/assets/uploads/users/8377/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/users/8377/a74a64f8eb64be9f44c7b9097bcc0e6c.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b23e3e7b45deac1835f88777002de6af4e6b698bac6d47c833214ca92f8aa62e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:13:37 GMT
age
1722910
x-guploader-uploadid
ABPtcPoAAXiOW4DRRIcvQxGnGO6ifknS1bxTvNjkxOiiHQ2aJrQl9zLkeaqE7XCtKLCQP07Pdr8
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
74713
last-modified
Wed, 17 Jan 2024 14:32:47 GMT
server
UploadServer
etag
"a74a64f8eb64be9f44c7b9097bcc0e6c"
x-goog-generation
1705501966994802
x-goog-hash
crc32c=FfBtlw==, md5=p0pk+Otkvp9Ex7kJe8wObA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
74713
accept-ranges
bytes
content-type
image/jpeg
f6be4ebe275650bbe62c0c76f7533b70.jpg
assets.bounceexchange.com/assets/uploads/users/8377/ 		62 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/users/8377/f6be4ebe275650bbe62c0c76f7533b70.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4258c25d31971ba63ce95e9daad134d486e282b1bc007ccaaee28a7ddf11f54b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:13:37 GMT
age
1722910
x-guploader-uploadid
ABPtcPq0SbZzUwqWEy2VvskzKBATAph5psNCqklWCbBxk34cCk_Eq06qDTC5JlZXfNML3XfCO8HZ3i9-6Q
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63805
last-modified
Wed, 17 Jan 2024 14:32:47 GMT
server
UploadServer
etag
"f6be4ebe275650bbe62c0c76f7533b70"
x-goog-generation
1705501966985896
x-goog-hash
crc32c=2ASgJA==, md5=9r5OvidWULvmLAx291M7cA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
63805
accept-ranges
bytes
content-type
image/jpeg
16f45df19355361dc1c101036c0035b0.png
assets.bounceexchange.com/assets/uploads/clients/3258/creatives/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/3258/creatives/16f45df19355361dc1c101036c0035b0.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 14 Feb 2024 09:45:20 GMT
age
1832607
x-guploader-uploadid
ABPtcPpYVX_ENpefOxt3VOmJdtUcuR62BbBPZLKfn3-NLVaNQoJdDNkmjC05SdC1mJaZ4BkbDN4
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2419
last-modified
Thu, 01 Apr 2021 03:01:32 GMT
server
UploadServer
etag
"16f45df19355361dc1c101036c0035b0"
x-goog-generation
1617246092060079
x-goog-hash
crc32c=pklVBw==, md5=FvRd8ZNVNh3BwQEDbAA1sA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
2419
accept-ranges
bytes
content-type
image/png
eligible
events.bouncex.net/track.gif/ 		42 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7AAYAnAoDMANgCsAJg0AWTWTgBHeWVIg+AO04B9CMCg4yongAcCEEDac5dA21tAA4lA0sWVGRMHAQWGxiADzICEEw7HAArKDIeJmBYpTIAd0wkCE5MfwM5A10yRihK-0VVDR19AxUVMJUKBggY-xCFXXU5Ht1e7W6jFV0Qhq90xkwS1stMUzgM4eAAtyIIDM5OCD4oTgJPeWU1LT0FUfUjk7sCDwh6bGamGxw1xAr0KjBiOGAkTwDn8umAAClTDAALIqAAyumsNiYGKUAGlxAAhcQIboAVXhcAAimRxARUMBHAc4YiYFT1CU4AAxVEAEQITCyAC1fEpgEKAJqYACCEAA1kA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:47 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pop
events.bouncex.net/track.gif/ 		42 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pop?wklz=A4e2C4EMGMBcEsBukEgHYF4EFsCmAnAMgHNcRxoQBXNWfAT0oBNcMBVAZRLPH12PjoMAOQCa3cpVrw0uWs1bCAgoSoBHDAEZC0SNmCR4xNPCYYATABYArNYAcABkuEAztXzRWAI2ppPAD0JIUloMACsXQmwQFgwHQgB3XC8XeFhcUwxLTUtzQkR4VIQzTQB2BwBOUoBmADZrc1LLCorHCsIWAs9Mu1Lzas0W81brZstaivM7PINSAtwEzO0XXDUqOW6zap0AG3g5WBxcF1g9YC1yqrqG0t7rXf3aSGAkAlShU+JtzvhPDCZXCAAGawAD6mXMTAAUmoOABZCoAGXMxGwaBAyIcAGkABYAIRxXmabChVAAioQcZB8ExwWZITCOGTqgkqAAxBEAEUgIDCAC1jA4mHzRLglPAANZAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:47 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1478285710&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dp=%2Felf-cosmetic-criminals&ul=en-us&de=UTF-8&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Wunderkind&ea=Wunderkind%20Impression&el=SMS%20Opt-In%20-%20Entrance%20-%20Combined%20(Email%20THEN%20Type%20Text)%20%7C%20Entrance%20%7C%20Desktop%2FTablet%20%7C%20Unidentified%20%7C%20Test%3A%20Creative%20-%20GIF%20v%20Static%20%7C%20CCC%20%7C%20Single%20Build%20%7C%20Spring%202024%20Creative%20(2455798)%3A%20Overlay%20-%20variation%20-%20Combined%20(Email%20THEN%20Type%20Text)%20%7C%20Entrance%20%7C%20Static%20(2455804)&_u=aHBAAEABAAAAACgAIAC~&jid=&gjid=&cid=1122711396.1709736521&tid=UA-432816-1&_gid=1570376857.1709736521&gtm=45He4340n81WL3STMXv896608294za200&gcs=G111&gcd=13t3t3t3t5&dma=0&z=477509111
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Mar 2024 20:58:12 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
64235
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
dvar
c.contentsquare.net/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=13.99.5&pid=1926&pn=1&sn=1&uu=fc5ddfe3-edff-a000-c4ea-6e41d03a5ba7&dv=H4sIAAAAAAAAA5WOzQrCQAyEXyXsSQ%2BiFE%2B96Vp%2FEL3siseybVMJbreljUWxvrsRwbuXITPhS%2BapDov0vE91XWUUsIBRUjnyYLfJEeyjQbB45zEMkARuXchRxhV2V66bqXWZR5bgFKjAwFSSXBgE6TgG3aJj6hEmsNmtoQfD4nPZa61FDYWLR1jeyH8g07QSQDSL5j9UxeqvYt8P6vUGSOPUetYAAAA%3D&ct=2&r=591851
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.208.222.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-208-222-212.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:47 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
kRkFXVMQ4_eaG5b7
imgs.signifyd.com/ Frame 1A10 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/kRkFXVMQ4_eaG5b7?039cabca753cd3b2=topm-AK9mACY3vyYm7-tI_5Y9yz5h9XwZyHT5RrNZoW_GXuiaUJamo_aTX63HBndTx4Ep7ofSGiAerA4fXKgJ-GlYImv1lXuUpqCcurb-Gv5MqnrYB16ojGA6eYF94xfyvbk5Xch8PVnJYWFeOZm8Rs_9Dc&jac=1&je=3d303a2e2c77656b35313e2c3126303c312c3b352c72653d6665266a6b767b7c37253f422d3030646f76656e2d3a3a273b49332638322d3249273a327b7e617c7f712d3a38253b412d30306b6261726561666f273a3a273f4c2469756e6a3563693d62316f346d3e32316b636961346e3861376139313a3b3b3e313c3e603d6339333f393e68346c32666c3c323638303b3a646d3e6630316e6b6c3a3c3d3b2e6d7a3b3d69333b633c6f303d336730396e303f376e31646c6830643a303f693b303c366930606d6339613b622e7f616037273f4a2f323a617a616a617e6563767d7a6d273a3a273b49273a322f303a253a49253a3860617c64657b732d30302d394125303a2d3a302d3a412d3a306a726b6c6c732d38322d39432d3d48253d442d30412d3832667764645e677a7b6b67664e61737e273a322d39412d3f402d3d4e253a432d3030656562696e6d2d3a302d3b436e696e7b652f304b253a386d676e67642d38322d334927303a2f3232273a4b2d303a786e697c64677267273a322d39412d38302d3a38253a432d30307866617464677a65546d7a7161676c2d3238273b412d38322d38302d3a49253a327f6d753e3e2532302d3b49646964716d2d354c267f63643d2d3d422d38306a7a6b6e6c732d30302d394125374a2d3d462d3a412d3a30656f686b64652d38322d39436e6966736d253a41273a38706c637c6e6770652d303a2d31492538302d323a2f374c
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/9klEScNBpTXhLvin?e360375e1b843f51=3Te88F7s0Ous79LNxD5Aj6aKDb8WDJ9vyeZwLT9Jwk6n0jntrkZqMAZn6X-XLNSYhV6SlDgvWmoJ8qKZaakH6IbFZaWufEOWUHfyAXTakXcHyu2sNffK-6IENSzNC0W-V3nL-8EiG1Jcx2ygUlvsUZ-_JC3DJxnBYmwGbgqcTQj-RIZkGuFPK80UCmtV6pfIehYKyR4emZBOANLY&jb=3d3b242e60736f77355f616c6c67757b2e687b6f3755616e6c65777b2f3038393b2662736a773f4b62726f6f6d2e62716a3541607a6d65652f3038313a38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 14:48:48 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
4niwXEhc9-NFzMz8
h.online-metrix.net/ Frame 3276 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://h.online-metrix.net/4niwXEhc9-NFzMz8?397f65b5c512e441=P97xW9pCS3FVY02CvaYa1BhJTk_BDlqPVAXCh8WWZzQADOoxWPB1mKynAkisPKzQAmnzjOJxdawJemF6ZxWPJ_GJ1kdF8fDyAwXp5kk10ywnfQaWyNDTi12xmhqLbOlADnkJDllKbKJvQzpPwsF8-pcCyJZay9mW2QfJjPT70o_fYLuepBLlHF15doHDfmdP5B_6xPswt2hK1HEHauU&jf=3c333a2e7969645d7a666c3f7c6c70573d5444727a753d656f5e786e6d3145702c7361645766637c6f3d313538313f313e3d30302e716164557671706d37776d68386d6b6e7369267b6b66576165793f3b383d3b3b38333b38343837386330363c32636d3966383a3a313836383a30693236343a6b6d3b66383b3239383538333e303830383e33313e3038383d656d323e323139326636363f3c6e66303e666d3e61393233363d64696e316b3a316b3e3e303e613f3067386c62353b6a6b6c353a3b363a3a3b6b3339676c396e6c326a6b613f6a38356c613033613d3a303532313d3f66383d323b6e343e643a643133386b396c3337396d3a326d633d60316b686630613d6a2e71616c5d7b616535333a363e303a3831383a646c3d69666c326e32313c696633363e3b3f31386d363d6c346e6268676d636e69326a38316a6c3c313b306b32663a33373236303e39373930306b3f356a303e323a32393a306d3e356c693b6431343c30613a3b3831613e3931316c3a35313d676d383d613b326d6c323a68646b313b316c323c60633b6e336436316a3f363e3c643c3a3a3f26796b6e72353b
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://h.online-metrix.net/6dyRUAykQa-OR_q-?349a49bea2245d9f=C97gTcrLnOw_sj-CNr_eAwu_bR7-KNYzBRhTmiffghFWn_bwrLT4bbutE2qTpoP-uZa9cL5BVYB7vAIp7cOTiHkfFEcJ_-w8M1nH9jQTQf_epva4vARmKykIJuJIB18Pl1LspeuSHsy7RgyIpI-_0PctOrAssKpJscWpHwP6aGh8URF-ThAvS6LGq3RxyLC0iw8xGieRJk6r2g6hcf_8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 06 Mar 2024 14:48:48 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
id_sync
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2dJqSM9L2gmnoL20KhBhb49UJuQ&source=web&agent=cjs&deviceid=8723199298549469282&visitid=1709736527499809&websiteid=4142&pageviewid=1&sequenceid=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:48 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		32 B
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
92f709e941df3b754df46c209f8b21499ea6c3feb8ad5abdd5c0264a5dcb2595

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 06 Mar 2024 14:48:48 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
metrics
api.usehero.com/ Frame 1B21 		0
989 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Wed, 06 Mar 2024 14:48:52 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/New_York
klarna-correlation-id
4d80558b-587d-4755-81fa-5eb481c56589
x-envoy-upstream-service-time
7
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
x-xss-protection
0
x-request-id
4d80558b-587d-4755-81fa-5eb481c56589
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
14202
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-country
US
x-accuracy
20
expires
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Wed, 06 Mar 2024 14:48:52 GMT
expires
0
klarna-correlation-id
d7052579-7daf-4e93-984e-2a232ec02d32
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
US
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
5
x-frame-options
SAMEORIGIN
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-geo-longitude
-78.89270
x-geo-zip
14202
x-permitted-cross-domain-policies
none
x-request-id
d7052579-7daf-4e93-984e-2a232ec02d32
x-time-zone
America/New_York
x-xss-protection
0
d18b79cfe9e061a30968806015ff63a6.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		94 KB
94 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/d18b79cfe9e061a30968806015ff63a6.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
24c990bf93f521e5e1b9f9e52730c87238f4c7f7feda80215c60ed7243cab819

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:12:42 GMT
age
1722970
x-guploader-uploadid
ABPtcPrJhBHIrVSWA6aZB_Ify8uvIutVfWGjgIkRGMW4d4vCPaj0KD5Toax9vqBEtCZppusEOJuzbef5VA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
96609
last-modified
Wed, 17 Jan 2024 12:33:00 GMT
server
UploadServer
etag
"d18b79cfe9e061a30968806015ff63a6"
x-goog-generation
1705494780048716
x-goog-hash
crc32c=8QqFDw==, md5=0Yt5z+ngYaMJaIBgFf9jpg==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
96609
accept-ranges
bytes
content-type
image/jpeg
f1f08c94605f58c8efba06c479c9a11d.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		89 KB
89 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/f1f08c94605f58c8efba06c479c9a11d.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b560a2dec6e408a3e4338d69ca3585b79f4f37de269685b06c6ddece941fddf1

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:12:42 GMT
age
1722970
x-guploader-uploadid
ABPtcPpD5i_Cf5_2tmcNia7V-vbpKAV5goJxuBV5EeCBUm3BKLj1eM3URTbb9hMxO_rPqE0E39GSv2XrIQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
90861
last-modified
Wed, 31 Jan 2024 12:11:20 GMT
server
UploadServer
etag
"f1f08c94605f58c8efba06c479c9a11d"
x-goog-generation
1706703080795054
x-goog-hash
crc32c=CUXLVQ==, md5=8fCMlGBfWMjvugbEecmhHQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
90861
accept-ranges
bytes
content-type
image/jpeg
59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 14:25:53 GMT
age
1210979
x-guploader-uploadid
ABPtcPr5sBT3WBPZkzUNzt_I2TqZ3ShbqFQ3dRJtKRQL8wseDo98rqvydIXtoKtotl8wb5EVCdA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18352
last-modified
Tue, 25 Aug 2020 15:57:40 GMT
server
UploadServer
etag
"59a941c096f98029341d8c56b7b89113"
x-goog-generation
1598371060392963
x-goog-hash
crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
18352
accept-ranges
bytes
content-type
image/png
845c9552fa83de62ce5c65e9ce22aa69.jpg
assets.bounceexchange.com/assets/uploads/users/8377/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/users/8377/845c9552fa83de62ce5c65e9ce22aa69.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4ad1a82d00680c14f55a66ee5d8d815fa36212052fb705209a5a9ec5c4bbddcb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:13:37 GMT
age
1722915
x-guploader-uploadid
ABPtcPpB4dpWf91w4P0erzIIIRkBZ3ChUJp6JKAB_2r4A3JOWJjlrDAYHFsKOBfeg4nbhu-_1ltrkuxlfA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66529
last-modified
Wed, 17 Jan 2024 14:32:47 GMT
server
UploadServer
etag
"845c9552fa83de62ce5c65e9ce22aa69"
x-goog-generation
1705501966967402
x-goog-hash
crc32c=EAQCTA==, md5=hFyVUvqD3mLOXGXpziKqaQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
66529
accept-ranges
bytes
content-type
image/jpeg
a74a64f8eb64be9f44c7b9097bcc0e6c.jpeg
assets.bounceexchange.com/assets/uploads/users/8377/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/users/8377/a74a64f8eb64be9f44c7b9097bcc0e6c.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b23e3e7b45deac1835f88777002de6af4e6b698bac6d47c833214ca92f8aa62e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:13:37 GMT
age
1722915
x-guploader-uploadid
ABPtcPoAAXiOW4DRRIcvQxGnGO6ifknS1bxTvNjkxOiiHQ2aJrQl9zLkeaqE7XCtKLCQP07Pdr8
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
74713
last-modified
Wed, 17 Jan 2024 14:32:47 GMT
server
UploadServer
etag
"a74a64f8eb64be9f44c7b9097bcc0e6c"
x-goog-generation
1705501966994802
x-goog-hash
crc32c=FfBtlw==, md5=p0pk+Otkvp9Ex7kJe8wObA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
74713
accept-ranges
bytes
content-type
image/jpeg
f6be4ebe275650bbe62c0c76f7533b70.jpg
assets.bounceexchange.com/assets/uploads/users/8377/ 		62 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/users/8377/f6be4ebe275650bbe62c0c76f7533b70.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4258c25d31971ba63ce95e9daad134d486e282b1bc007ccaaee28a7ddf11f54b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:13:37 GMT
age
1722915
x-guploader-uploadid
ABPtcPq0SbZzUwqWEy2VvskzKBATAph5psNCqklWCbBxk34cCk_Eq06qDTC5JlZXfNML3XfCO8HZ3i9-6Q
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63805
last-modified
Wed, 17 Jan 2024 14:32:47 GMT
server
UploadServer
etag
"f6be4ebe275650bbe62c0c76f7533b70"
x-goog-generation
1705501966985896
x-goog-hash
crc32c=2ASgJA==, md5=9r5OvidWULvmLAx291M7cA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
63805
accept-ranges
bytes
content-type
image/jpeg
widget.js
js.jebbit.com/companion/v1/ 		44 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:e800:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a938eea663af09f75118101cf9061107fbef7c4770d7d123c71e33c52c565139

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id
R3KY_K4A_1J6MbzxdLc7TwnPZXsf4837
date
Wed, 06 Mar 2024 14:40:30 GMT
via
1.1 57eada8217c838cfdc4ec177bbe3523c.cloudfront.net (CloudFront)
last-modified
Wed, 21 Feb 2024 21:57:20 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
503
x-amz-server-side-encryption
AES256
etag
"cc4e73d84c409b310a274ca12ee462bc"
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
45249
x-amz-cf-id
rrYfb9cJWRqUB2xmPftrCFsOQKglb2PGtPgAjarkjGZWH6DNJAyjOg==
i.js
tag.wknd.ai/4142/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/4142/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
d973412d326528c3c272948259f245437209138cae41d034f0fe63fc9896f238

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:47:57 GMT
content-encoding
gzip
via
1.1 google
age
55
x-envoy-upstream-service-time
0
x-region
us-central1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5761
server
istio-envoy
etag
d7738e6e28377f
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
events
c.contentsquare.net/v2/ 		0
319 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://c.contentsquare.net/v2/events?uu=fc5ddfe3-edff-a000-c4ea-6e41d03a5ba7&sn=1&hd=1709736523&v=13.99.5&pid=1926&pn=1&str=2578&di=3762&dc=8723&fl=8751&sr=16&mdh=7591&hlm=true&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.208.222.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-208-222-212.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:52 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
recording
k-aeu1.contentsquare.net/v2/ 		0
201 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://k-aeu1.contentsquare.net/v2/recording?rt=5&v=13.99.5&pid=1926&pn=1&sn=1&uu=fc5ddfe3-edff-a000-c4ea-6e41d03a5ba7&hlm=true&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.33.182 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 06 Mar 2024 14:48:53 GMT
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
content-length
0
access-control-allow-methods
GET, POST, OPTIONS
activityi;dc_pre=CMCY4_Xw34QDFS6zfwQdFOcHVw;src=10742279;type=elf8j0;cat=glo_flap;ord=2259864840281;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;...
10742279.fls.doubleclick.net/ Frame FDCD
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=2259864840281;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-crimina...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CMCY4_Xw34QDFS6zfwQdFOcHVw;src=10742279;type=elf8j0;cat=glo_flap;ord=2259864840281;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfco...
604 B
351 B 		Document
General
Check archive.org
Download Go to
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CMCY4_Xw34QDFS6zfwQdFOcHVw;src=10742279;type=elf8j0;cat=glo_flap;ord=2259864840281;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.102 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s36-in-f6.1e100.net
Software
cafe /
Resource Hash
c170e4452210cb237c6784a7bc160526e323ad3c68c3d77f5a63b38e5f12e377
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
327
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 14:48:53 GMT
expires
Wed, 06 Mar 2024 14:48:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 14:48:53 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CMCY4_Xw34QDFS6zfwQdFOcHVw;src=10742279;type=elf8j0;cat=glo_flap;ord=2259864840281;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activityi;dc_pre=CK-b4_Xw34QDFZqrfwQdviAMxQ;src=9231397;type=retarget;cat=globa0;ord=3970572328678;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=fals...
9231397.fls.doubleclick.net/ Frame A11B
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=3970572328678;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=fa...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CK-b4_Xw34QDFZqrfwQdviAMxQ;src=9231397;type=retarget;cat=globa0;ord=3970572328678;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals...
727 B
417 B 		Document
General
Check archive.org
Download Go to
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=CK-b4_Xw34QDFZqrfwQdviAMxQ;src=9231397;type=retarget;cat=globa0;ord=3970572328678;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.102 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s36-in-f6.1e100.net
Software
cafe /
Resource Hash
041b6f16c439d88f0216b19fa33a33aac1fb97712fb1d2d248cb99b4fa58b77b
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
393
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 14:48:53 GMT
expires
Wed, 06 Mar 2024 14:48:53 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 06 Mar 2024 14:48:53 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=CK-b4_Xw34QDFZqrfwQdviAMxQ;src=9231397;type=retarget;cat=globa0;ord=3970572328678;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.googleadservices.com/pagead/conversion/698270988/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/698270988/?random=1709736532975&cv=11&fst=1709736532975&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&bttype=purchase&npa=1&pscdl=noapi&auid=762808258.1709736521&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.98 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
276493c52282c17420780c4dc99d242720fcc891b4e49b2044e738870c1b1339
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:53 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1712
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
eligible
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7AAYAnAoDMANgCsAJg0AWTWTgBHeWVIg+AO04B9CMCg4yongAcCEEDac5dA21tAA51BUsWVGRMHAQWGxiADzICEEw7HAArKDIeJmBYpTIAd0wkCE5MfwM5A10yRihK-0VVDR19AxUVENUKBggY-xCFXXU5Ht1e7W6jFV0Qhq90xkwS1stMUzgM4eAcAzciCAzOTgg+KE4CT3llNS1tdX01Y9O7Ag8IemxmphsOBuIHUA0YMRwwEieAc-l0wAAUqYYABZFQAGV01hsTExSgA0uIAELiBDdACqCLgAEUyOICKhgI4DvCkTBqeoSnAAGJogAiBCYWQAWr4lMBhQBNTAAQQgAGsgA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:53 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1478285710&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dp=%2Felf-cosmetic-criminals&ul=en-us&de=UTF-8&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aHDAAEABAAAAACgAIAC~&jid=&gjid=&cid=1122711396.1709736521&tid=UA-432816-1&_gid=1570376857.1709736521&gtm=45He4340n81WL3STMXv896608294za200&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=US&gcs=G111&gcd=13v3v3v3u5&dma=0&npa=1&z=603599324
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Mar 2024 20:58:12 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
64241
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
p
tr.snapchat.com/ 		68 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.snapchat.com/p?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&ev=PAGE_VIEW&intg=gtm&u_em=&u_pn=&pids=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_c1=450b9bd9-44c7-48e7-817e-cbcacb8e5666&u_sclid=471e0679-f1a7-4e5e-8ee9-52733e1c338f&u_scsid=b7221b04-43af-461e-bf6c-20e28d8b28f1&bt=1d53c387&d_bvs=%5B%5D&df=true&huah=true&m_dcl=4192&m_fcps=3569&m_pi=4189&m_pl=9178&m_pv=2&m_rd=19922&m_sh=1200&m_sl=0&m_sw=1600&pl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&trackId=e0e91045-62af-413b-85a9-70d17098ce6b&ts=1709736532824&v=3.12.0-2402271815
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
server
API Gateway
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, no-transform
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68
cnv
cnv.event.prod.bidr.io/log/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=8dcde102-dd54-45b8-a4e5-3c71f91dff92&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=Ne...
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=cca21d34-cbe3-4aaf-84f5-ffe280973a69.&ord=6722453524154097043
43 B
560 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=cca21d34-cbe3-4aaf-84f5-ffe280973a69.&ord=6722453524154097043
Protocol
HTTP/1.1
Server
52.87.64.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-87-64-131.compute-1.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
Date
Wed, 06 Mar 2024 14:48:53 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Wed, 06 Mar 2024 14:48:53 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amzn-requestid
f75f3dbb-5d04-4cb3-9066-be71527592ce
x-amzn-trace-id
Root=1-65e88255-1dc27d776049a3a23dec13b7;Parent=16a6277708407f82;Sampled=0;lineage=07bbc27a:0
content-type
application/json
location
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=cca21d34-cbe3-4aaf-84f5-ffe280973a69.&ord=6722453524154097043
access-control-allow-origin
*
x-amz-apigw-id
UNlNVFD1IAMEW_g=
content-length
2
/
www.facebook.com/tr/ 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&rl=&if=false&ts=1709736532836&sw=1600&sh=1200&v=2.9.148&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4126&fbp=fb.1.1709736525556.2008200830&ic=gtm&ler=empty&cdl=API_unavailable&it=1709736525142&coo=false&eid=1709736986400_170973711725423&tm=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 06 Mar 2024 14:48:53 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
rp.gif
alb.reddit.com/ 		42 B
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1709736532840&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=b8df9f30-0a51-48a8-a34c-6aea31dd0167&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_c9439d84&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:52 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
px
secure.adnxs.com/ 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.181.211 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:53 GMT
an-x-request-uuid
25930b99-d08e-4598-bdc7-e89f3640b610
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
96.9.249.35; 96.9.249.35; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
generic
match.adsrvr.org/track/cmf/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1039f81f-4a20-4172-9151-964819f7b760&r=https%3A%2F%2Fmatch.adsrvr.org%2...
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic
  • https://x.bidswitch.net/syncd?dsp_id=93&user_group=1&user_id=1039f81f-4a20-4172-9151-964819f7b760&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch
  • https://x.bidswitch.net/ul_cb/syncd?dsp_id=93&user_group=1&user_id=1039f81f-4a20-4172-9151-964819f7b760&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch
70 B
539 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch
Protocol
H2
Server
3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 14:48:53 GMT
server
Kestrel
content-length
70
content-type
image/gif

Redirect headers

Location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch
Date
Wed, 06 Mar 2024 14:48:53 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
pageview
c.contentsquare.net/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?ex=&pvt=a&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-US&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dr=&dw=1600&dh=7593&ww=1600&wh=1200&sw=1600&sh=1200&uu=fc5ddfe3-edff-a000-c4ea-6e41d03a5ba7&sn=1&hd=1709736532&v=13.99.5&pid=1926&pn=2&r=279212
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.208.222.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-208-222-212.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:53 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
display
api.usehero.com/webplugin/ 		102 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&state=untouched&outboundFeature=&visitorId=7bf698a8-b7c6-489b-8fba-2a609207e406
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.123.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-123-28.compute-1.amazonaws.com
Software
/
Resource Hash
d193ca08b7345207607286ad104ecaa69147848b2333b934a778ce46f45361d8
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
dea71a42-4a40-4ed8-b5e6-cefb6eb44928
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
pragma
no-cache
referrer-policy
same-origin
etag
W/"66-8p508o8eSxKmjJceOnq/QQzusa4"
x-frame-options
SAMEORIGIN
x-geo-zip
14202
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
42.88670
x-accuracy
20
expires
0
date
Wed, 06 Mar 2024 14:48:53 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
America/New_York
x-envoy-upstream-service-time
13
content-length
102
x-xss-protection
0
x-request-id
dea71a42-4a40-4ed8-b5e6-cefb6eb44928
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
US
x-geo-city
Buffalo
widget.css
js.jebbit.com/companion/v1/ 		15 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:e800:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 23:57:34 GMT
x-amz-version-id
rlLQSdBm9ZTNXvLaketZ1ik.75AdGtXG
via
1.1 57eada8217c838cfdc4ec177bbe3523c.cloudfront.net (CloudFront)
last-modified
Wed, 21 Feb 2024 21:57:20 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
53480
etag
"de1b72e797664b9b2c2139e5ccb24844"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
15521
x-amz-cf-id
yVGwfPU8qLcO56xzDH7W4H7UGN84l6l8G9Zk1Qf_MTKn7fXX3T1-EQ==
/
www.google.com/pagead/1p-conversion/698270988/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=803769380&cv=11&fst=1709736532975&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=1...
  • https://www.google.com/pagead/1p-conversion/698270988/?random=803769380&cv=11&fst=1709736532975&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-conversion/698270988/?random=803769380&cv=11&fst=1709736532975&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&npa=1&pscdl=noapi&auid=762808258.1709736521&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=EkxDaEFJZ01XZ3J3WVF0NTZmc3FLU2o2aEJFaVVBUlBGRFNreDFGTTdrZncyNUxxektwT2JXNjJ6QlJkbmx4V2paQUtyaVdILU5jY0JfGldDaEFJZ01XZ3J3WVFsWm1jNHZUaWdJd3ZFaTBBZDVSVmYyVnk3dG9lMG5XTHdrTzBWMGxWdTdacGwxWmZVVVdVdjVZd040Q2Fsa2puN3M1U0gyOG9CWFEiEwjJr9b18N-EAxVTs1oFHX_gBZQyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSKQB7FLtqTrQWqfRzJoxZSxSIpSCWhiBzJMrnQnusyUHCNfBDFAeFGUxW&eitems=ChAIgMWgrwYQpbDbu5_zq-N0Eh0AhfHvbg-Dv0JzgWX-u1R8VcK9FO0Hc7DxXrwHoQ&random=756741644
Protocol
H3
Server
2607:f8b0:4006:80f::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:53 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:53 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://www.google.com/pagead/1p-conversion/698270988/?random=803769380&cv=11&fst=1709736532975&bg=ffffff&guid=ON&async=1&gtm=45be4340v9167704557z8896608294za201&gcs=G111&gcd=13v3v3v3u5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&value=0&npa=1&pscdl=noapi&auid=762808258.1709736521&uamb=0&uaw=0&fdr=SA&data=ads_data_redaction%3Dtrue&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=EkxDaEFJZ01XZ3J3WVF0NTZmc3FLU2o2aEJFaVVBUlBGRFNreDFGTTdrZncyNUxxektwT2JXNjJ6QlJkbmx4V2paQUtyaVdILU5jY0JfGldDaEFJZ01XZ3J3WVFsWm1jNHZUaWdJd3ZFaTBBZDVSVmYyVnk3dG9lMG5XTHdrTzBWMGxWdTdacGwxWmZVVVdVdjVZd040Q2Fsa2puN3M1U0gyOG9CWFEiEwjJr9b18N-EAxVTs1oFHX_gBZQyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSKQB7FLtqTrQWqfRzJoxZSxSIpSCWhiBzJMrnQnusyUHCNfBDFAeFGUxW&eitems=ChAIgMWgrwYQpbDbu5_zq-N0Eh0AhfHvbg-Dv0JzgWX-u1R8VcK9FO0Hc7DxXrwHoQ&random=756741644
content-type
image/gif
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
log
www.paypal.com/credit-presentment/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/log?disableSetCookie=true&features=disable-set-cookie
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTNhZGZiOTRkMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Wed, 06 Mar 2024 14:48:53 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f5501737a5ff2
server-timing
"traceparent;desc="00-0000000000000000000f5501737a5ff2-6b2840c387bfeea6-01"";content-encoding;desc="",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-bur-kbur8200118-BUR, cache-yyz4564-YYZ, cache-yyz4564-YYZ
paypal-related-debug-ids
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f5501737a5ff2-3f88ed8cb276410a-01
x-timer
S1709736533.450722,VS0,VE131
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
log
www.paypal.com/credit-presentment/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/log?disableSetCookie=true&features=disable-set-cookie
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Server-Timing
access-control-max-age
86400
cache-control
max-age=0, no-cache, no-store, must-revalidate
date
Wed, 06 Mar 2024 14:48:53 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f550173733292
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f550173733292-2f2764435321ccbe-01"";content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f550173733292-7bca202a74820546-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-served-by
cache-bur-kbur8200030-BUR, cache-yyz4566-YYZ, cache-yyz4566-YYZ
x-timer
S1709736533.277048,VS0,VE145
dc_pre=CMCY4_Xw34QDFS6zfwQdFOcHVw;src=10742279;type=elf8j0;cat=glo_flap;ord=2259864840281;npa=1;auiddc=*;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896...
adservice.google.com/ddm/fls/z/ Frame FDCD 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CMCY4_Xw34QDFS6zfwQdFOcHVw;src=10742279;type=elf8j0;cat=glo_flap;ord=2259864840281;npa=1;auiddc=*;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals
Requested by
Host: 10742279.fls.doubleclick.net
URL: https://10742279.fls.doubleclick.net/activityi;dc_pre=CMCY4_Xw34QDFS6zfwQdFOcHVw;src=10742279;type=elf8j0;cat=glo_flap;ord=2259864840281;npa=1;auiddc=762808258.1709736521;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://10742279.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:53 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
t
evt.undertone.com/ Frame A11B
Redirect Chain
  • https://ads.undertone.com/t?trackerid=7729&cb=1128007421
  • https://evt.undertone.com/t?trackerid=7729&cb=1128007421
0
498 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://evt.undertone.com/t?trackerid=7729&cb=1128007421
Requested by
Host: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;dc_pre=CK-b4_Xw34QDFZqrfwQdviAMxQ;src=9231397;type=retarget;cat=globa0;ord=3970572328678;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
Protocol
H2
Server
3.232.18.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-232-18-169.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://9231397.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-origin
https://9231397.fls.doubleclick.net/
pragma
no-cache
date
Wed, 06 Mar 2024 14:48:53 GMT
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
expires
Mon, 26 Jul 1997 05:00:00 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"

Redirect headers

date
Wed, 06 Mar 2024 14:48:53 GMT
via
1.1 0afec277ba3e75e96fa6b4c76d8e130c.cloudfront.net (CloudFront)
accept-ch
sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
x-amz-cf-pop
JFK50-P4
x-cache
Miss from cloudfront
location
https://evt.undertone.com/t?trackerid=7729&cb=1128007421
content-length
0
x-amz-cf-id
xUDIRQrO7WEFKXrsdUEoZ3UEeT47vBa5ZfvAroeXZQlkx5lh_Rxjig==
dc_pre=CK-b4_Xw34QDFZqrfwQdviAMxQ;src=9231397;type=retarget;cat=globa0;ord=3970572328678;npa=1;auiddc=*;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z88...
adservice.google.com/ddm/fls/z/ Frame A11B 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CK-b4_Xw34QDFZqrfwQdviAMxQ;src=9231397;type=retarget;cat=globa0;ord=3970572328678;npa=1;auiddc=*;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals
Requested by
Host: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;dc_pre=CK-b4_Xw34QDFZqrfwQdviAMxQ;src=9231397;type=retarget;cat=globa0;ord=3970572328678;npa=1;auiddc=762808258.1709736521;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;pscdl=noapi;gtm=45fe4340z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://9231397.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 14:48:53 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/
Domain
pixel.tapad.com
URL
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1709339041519%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
Domain
www.paypal.com
URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Verdicts & Comments Add Verdict or Comment

228 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| $jscomp function| _loadCookieConfig function| _domready function| _delayed function| _findTags function| _srcAttr function| _needsEval function| _loadFromDOM function| _clearEvents function| _lastChainedResource function| _isImageLike boolean| domCompleteTriggered function| _abTest function| _getCookieVariant function| _setCookieVariant function| _configureAbTestAnalytics function| _executeAllAbTest function| _executeAllAbTestUniversal function| _executeAllAbTestClassic function| _executeAbTest function| _abTestScript function| _chooseVariant function| _abTestAnalyticsUniversal function| _abTestAnalyticsClassic object| _serviceWorkerConfig object| Yo string| yo_host string| _pxAppId function| $ function| jQuery object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| ytCCPlayer object| ytBTSPlayer function| onYouTubePlayerAPIReady function| onCCPlayerReady function| onBTSPlayerReady object| PXXT4Gy2ig object| PX undefined| _XT4Gy2ighandler object| content object| __LOADABLE_LOADED_CHUNKS__ object| regeneratorRuntime function| _ function| applyFocusVisiblePolyfill object| __CONFIG__ string| __DEVICE_TYPE__ object| __PRELOADED_STATE__ object| Progressive boolean| __HYDRATING__ object| dataLayer function| getDataLayerEvent boolean| rakutenDataLayer object| DataLayer object| gaViewedIdsForPage object| DY boolean| BRAZE_SETUP_COMPLETE boolean| otSPAPathChange boolean| otIsInitialized boolean| otBlockOptOutInitReload function| OptanonWrapper object| DYcustom string| AppsFlyerSdkObject function| AF object| OneTrustStub object| DYExps object| DYO function| DYID object| contextManager object| DYJSON object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data string| OnetrustActiveGroups string| OptanonActiveGroups string| GoogleAnalyticsObject function| ga object| _uxa object| otStubData object| DYWork function| $dy object| gaplugins object| gaGlobal object| gaData object| DYCS object| Optanon object| OneTrust function| create_UUID function| createCookie object| HeroWebPluginSettings string| HeroObject function| hero function| snaptr function| pintrk number| gtmPageLoadId function| fbq function| _fbq object| _fbq_gtm_ids function| rdt string| TiktokAnalyticsObject object| ttq object| JebbitObject function| jebbit function| cnxtag object| cnxDataLayer boolean| otLastAcceptAllValue object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytglobal object| ytPubsub2Pubsub2Instance object| ytPubsub2Pubsub2SubscribedKeys object| ytPubsub2Pubsub2TopicToKeys object| ytPubsub2Pubsub2IsAsync object| ytPubsub2Pubsub2SkipSubKey object| ytNetworklessLoggingInitializationOptions object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingTransportTokensToJspbCttTargetIds_ object| ytLoggingGelSequenceIdObj_ object| AF_cleanupMethods function| ___rmuid object| ___RMCMPW object| og object| litHtmlVersions function| JSCompiler_renameProperty object| litElementVersions boolean| OG_OFFERS_TEST_MODE_ENABLE object| OG object| __post_robot_11_0_0___uid_numhnacfzmymuvpacsidplhppphjzs object| paypal object| __zoid_10_3_3___uid_numhnacfzmymuvpacsidplhppphjzs object| CS_CONF function| csSymbol object| CSPureWindow function| csDate object| csJSON function| csArray function| csString function| csURL function| csMutationObserver object| csScreen object| csquerySelector object| csquerySelectorAll function| csNodechildNodes function| csNodeparentNode function| csNodenextSibling function| csNodefirstChild function| csElementshadowRoot function| csElementmatches function| csElementwebkitMatchesSelector function| csHTMLImageElementsrc function| csEventtarget function| csNavigatorsendBeacon object| CSPathComputation object| UXAnalytics object| _scPxHelper object| AF_SDK function| DataLayerHelper object| GooglebQhCsO object| configArgs number| pixelRatio number| width number| height object| screenSize object| labels function| UET function| UET_init function| UET_push object| paypalDDL string| PaypalOffersObject function| ppq object| ueto_9415d74bd9 object| uetq object| bouncex object| webpackJsonp.TiktTokAnalytics object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| Hero object| __post_robot_10_0_44__ object| PAYPAL object| webpackChunksmart_tag object| bxgraph function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie function| a0_0x1b34 function| a0_0xfeda object| sigScriptLoader object| SIG_SCRIPT_DEBUG object| threatmetrix object| cti110221 boolean| tmx_profiling_started function| tmx_post_session_params_fixed function| tmx_run_page_fingerprinting function| close_bouncex_ad

96 Cookies

Domain/Path Name / Value
sc-static.net/scevent.min.js Name: X-AB
Value: b9bd00ec73544025b937f4253ff9de4c
.youtube.com/ Name: YSC
Value: stXiRSzeGEw
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: vEKhgBXm3j8
www.elfcosmetics.com/ Name: initAuthComplete
Value: true
.elfcosmetics.com/ Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: %7B%22g%22%3A%22e41ea15b-a524-1a8f-129a-8aa74741c5e1%22%2C%22e%22%3A1709738318942%2C%22c%22%3A1709736518942%2C%22l%22%3A1709736518942%7D
.elfcosmetics.com/ Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: %7B%22g%22%3A%2267c12c64-6626-6c8d-e56e-51c999be8435%22%2C%22c%22%3A1709736518946%2C%22l%22%3A1709736518946%7D
.elfcosmetics.com/ Name: pxcts
Value: 9d1bfe15-dbc8-11ee-84c1-e22178cd47ee
.elfcosmetics.com/ Name: _pxvid
Value: 9d1bf0c0-dbc8-11ee-84c1-8e99338b42f5
.elfcosmetics.com/ Name: _dyjsession
Value: iqdcqtfarx8kfg7b3bffmi2dtmoanxma
.elfcosmetics.com/ Name: dy_fs_page
Value: www.elfcosmetics.com%2Felf-cosmetic-criminals
.elfcosmetics.com/ Name: _dy_csc_ses
Value: iqdcqtfarx8kfg7b3bffmi2dtmoanxma
.elfcosmetics.com/ Name: _dy_c_exps
Value:
.dynamicyield.com/ Name: DYID
Value: -2008605195874303415
.elfcosmetics.com/ Name: _px3
Value: 84ddba53875db289bb15898385f42cf1186f113dcbd3a97bec02f8897373894c:J1kF2b0kwek5St68RwJpRj1pdfxAYZ9YQNnC1kpP3bvpQc1DpaiGZ/yJdk/DUHfU/7Kal4lgtvqV4hDrHGo8IA==:1000:SaTqNOrZVvJm4+Z9AdD866B9gXaoL+joT1qUFAchLmyZGcm8WgVP7z55a92d53cqYsGAc0o5CReuxl6rRLOhjvfW3r2qYE4Nxpf8IP2UZgOvYu7LlsHJ8nEqMW3BCUaZhO5a7Zz8S++4uX+E+KY3QBF7pO5FvSM2PWd+UDsjad+f0lbc8n030N5IX2AskWk6JOsYSPbmYhF20olJ54JpEpePKrgM+IbkznbMUr8ExWA=
.elfcosmetics.com/ Name: _gcl_au
Value: 1.1.762808258.1709736521
.elfcosmetics.com/ Name: _dycnst
Value: dg
.elfcosmetics.com/ Name: _gid
Value: GA1.2.1570376857.1709736521
.elfcosmetics.com/ Name: _gat_UA-432816-1
Value: 1
.elfcosmetics.com/ Name: _dyid
Value: -2008605195874303415
.elfcosmetics.com/ Name: _dycst
Value: dk.w.c.ws.fst.
.elfcosmetics.com/ Name: _dy_geo
Value: US.NA.US_NY.US_NY_Buffalo
.elfcosmetics.com/ Name: _dy_df_geo
Value: United%20States.New%20York.Buffalo
.elfcosmetics.com/ Name: _dy_toffset
Value: 0
.elfcosmetics.com/ Name: _dy_soct
Value: 647796.1248068.1709736521.iqdcqtfarx8kfg7b3bffmi2dtmoanxma*836603.1652212.1709736521*837245.1654610.1709736521*861617.1750272.1709736521
www.elfcosmetics.com/ Name: scapi
Value: prd:32e5444b-97f5-4dfe-84a0-34876b3e044e:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjMyZTU0NDRiLTk3ZjUtNGRmZS04NGEwLTM0ODc2YjNlMDQ0ZSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk3MzY0OTEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia1hoSmxyb1lsZWdSbXJCS2xxWVl4ZXhKOjpjaGlkOiAiLCJleHAiOjE3MDk3MzgzMjEsImlhdCI6MTcwOTczNjUyMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTA2Mzc1Njk2ODU3NDAyOCJ9.1EVxpaN3F-Klk2m7PuTSFl46e4NoOOqfkgzTYuMq5hBYdFBKY61FBe1utDDdocrMqsFjiufsB4DpgmAEOtAygw
www.elfcosmetics.com/ Name: dwsid
Value: whUOyQVye68vL1E8rBZwnrHNJycRg5Q5PYF30tpaubSTcoHy8sDDxRq3tTVRvEUWc398ImTRFmYvWBV11CWlbQ==
www.elfcosmetics.com/ Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92
Value: abkXhJlroYlegRmrBKlqYYxexJ
www.elfcosmetics.com/ Name: FPC
Value: 8dcde102-dd54-45b8-a4e5-3c71f91dff92
.elfcosmetics.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Wed+Mar+06+2024+04%3A48%3A42+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=9ed4e5c0-d598-4e11-b469-b3e0859e132c&interactionCount=0&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&groups=1%3A1%2C2%3A1%2C3%3A1%2COSSTA_BG%3A1%2C4%3A1%2C5%3A1
.adsrvr.org/ Name: TDID
Value: 1039f81f-4a20-4172-9151-964819f7b760
.adnxs.com/ Name: XANDR_PANID
Value: qoLC5wWB9M4a9RUVa3TAU1ClHUFeFsTNRSFZPV6H7bQh-g8zdtEB1VqM8rZKgYSS1DAkhAcWZMVAlIpUKusmReZZW88YgomrNQPp86Etqk0.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 1022538471947984002
.hb.yahoo.net/ Name: visitor-id
Value: 3527381226633927000V10
.hb.yahoo.net/ Name: data-ttd
Value: rightmedia~~3
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2C%5tBo)=!@wnf-Te9(>wL5L!!':X$^#it
.pointmediatracker.com/ Name: c
Value: 63be324f-df3f-4f86-9e6c-3986490f4376
.elfcosmetics.com/ Name: rmStore
Value: dmid:9097
.tiktok.com/ Name: _ttp
Value: 2dJqRpVMjdAe1MdvPewPPyvQMhU
.elfcosmetics.com/ Name: _ga_ZLYXLXNDL8
Value: GS1.1.1709736523.1.0.1709736523.60.0.0
.elfcosmetics.com/ Name: _ga
Value: GA1.1.1122711396.1709736521
.elfcosmetics.com/ Name: _scid
Value: 450b9bd9-44c7-48e7-817e-cbcacb8e5666
.elfcosmetics.com/ Name: _scid_r
Value: 450b9bd9-44c7-48e7-817e-cbcacb8e5666
.rubiconproject.com/ Name: khaos
Value: LTFWZCS6-I-H1LT
.rubiconproject.com/ Name: audit
Value: 1|Y8hSyfTahZc29Xq0yTE+BRAkb+jje9UAm1jJc/MhWgl+xL8LlrcUaLDBvzn8FZJE+TlqpGdXFS+M1KxoLazIt9i2Wk5FrGos0XY24Ec+XLvDYoqAT5oBL2FDVXWVn8DonLCg7Eiqr1g/Kf+nv4XA9tnOLBG8VKIhmNl/1iGzYadbOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.bidr.io/ Name: bito
Value: AALH1k7L0QUAABJlmqnoVA
.bidr.io/ Name: bitoIsSecure
Value: ok
.elfcosmetics.com/ Name: _cs_c
Value: 0
.elfcosmetics.com/ Name: _cs_id
Value: fc5ddfe3-edff-a000-c4ea-6e41d03a5ba7.1709736523.1.1709736523.1709736523.1558384338.1743900523979.1
.doubleclick.net/ Name: IDE
Value: AHWqTUkhk39RQbDvhtjlzpPlXL2M3oqAXqqarC7NyIcYgaCDG46mKQU9q8lmmfhJgn8
.linksynergy.com/ Name: rmuid
Value: bc74edfc-18d6-46f8-b89c-4f89719dd46e
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.adsrvr.org/ Name: TDCPM
Value: CAESGQoKcmlnaHRtZWRpYRILCMDNts_R_d48EAUSFgoHcnViaWNvbhILCP7n3NHR_d48EAUSFQoGZ29vZ2xlEgsI9LKc3dH93jwQBRIXCghhcHBuZXh1cxILCMDbhODR_d48EAUSFQoGY2FzYWxlEgsIzP2E4NH93jwQBRgFIAQoATILCLKmufzn_d48EAVCDyINCAESCQoFdGllcjIQAVoHM2Z0Zm5oM2ABcgZjYXNhbGU.
.casalemedia.com/ Name: CMID
Value: ZeiCTNHM6XoAAAckAA6bsQAA
.casalemedia.com/ Name: CMPS
Value: 3550
.casalemedia.com/ Name: CMPRO
Value: 3550
.elfcosmetics.com/ Name: hero-session-efcf9631-4c6b-4874-9f76-51f71464249a
Value: author=client&expires=1741272525077&visitor=7bf698a8-b7c6-489b-8fba-2a609207e406
.elfcosmetics.com/ Name: _rdt_uuid
Value: 1709736525105.b8df9f30-0a51-48a8-a34c-6aea31dd0167
.elfcosmetics.com/ Name: _uetsid
Value: a1f2a6b0dbc811eeb1bd81b3563aec88
.elfcosmetics.com/ Name: _uetvid
Value: a1f30ca0dbc811ee88ca618858d0d348
.bing.com/ Name: MUID
Value: 384B8E5778CB6EAC1D1F9A6D791F6FCE
.bat.bing.com/ Name: MR
Value: 0
.undertone.com/ Name: UTID
Value: f948acbe874e4922aa88f5333efb7f1f
.undertone.com/ Name: UTID_ENC
Value: eran0kzt6z59llh7mv0b5etr3
.elfcosmetics.com/ Name: _tt_enable_cookie
Value: 1
.elfcosmetics.com/ Name: _ttp
Value: EpMwZWaFtcDdHxrb1pNqPylJ95g
.elfcosmetics.com/ Name: _fbp
Value: fb.1.1709736525556.2008200830
www.elfcosmetics.com/ Name: esw.currency
Value: USD
www.elfcosmetics.com/ Name: sid
Value: ggqPqt-7eHaTqpTMN9TFZPHSpkTLSpfggQQ
www.elfcosmetics.com/ Name: _dyid_server
Value: -2008605195874303415
www.elfcosmetics.com/ Name: esw.InternationalUser
Value: ""
www.elfcosmetics.com/ Name: esw.location
Value: US
www.elfcosmetics.com/ Name: currentLocale
Value: en_US
www.elfcosmetics.com/ Name: esw.sessionid
Value: abkXhJlroYlegRmrBKlqYYxexJ
www.elfcosmetics.com/ Name: esw.LanguageIsoCode
Value: en_US
www.elfcosmetics.com/ Name: __cq_dnt
Value: 1
www.elfcosmetics.com/ Name: dw_dnt
Value: 1
.pinterest.com/ Name: ar_debug
Value: 1
.snapchat.com/ Name: sc_at
Value: v2|H4sIAAAAAAAAAE3GwQ3AMAgDwImQMARTuk0hY2T4fHuv4zirXKUdkNUY6X622MyGfZEsHix9kVrpDIvzq17Dyc0hQAAAAA==
.elfcosmetics.com/ Name: _pin_unauth
Value: dWlkPVl6VmpZVEpqTnpBdE5qYzVNQzAwTVRrNUxXSXlNelF0TW1NMU9HSXlNak16T1dWaw
.elfcosmetics.com/ Name: _cs_s
Value: 1.5.0.1709738326176
www.elfcosmetics.com/ Name: hero-user-id
Value: null
.cdnwidget.com/ Name: __3idcontext
Value: {"cookieID":"2dJqSQ3wuFM9DaojZgn0dZYeAik","deviceID":"2dJqSM9L2gmnoL20KhBhb49UJuQ","iv":"","v":""}
.elfcosmetics.com/ Name: __idcontext
Value: eyJjb29raWVJRCI6IjJkSnFTUTN3dUZNOURhb2paZ24wZFpZZUFpayIsImRldmljZUlEIjoiMmRKcVNNOUwyZ21ub0wyMEtoQmhiNDlVSnVRIiwiaXYiOiIiLCJ2IjoiIn0%3D
imgs.signifyd.com/ Name: thx_guid
Value: 2ae28a4015d978970a6272121a40b660
.rlcdn.com/ Name: rlas3
Value: 40h1F2A8FifDi6FZCSU0QorpxofhCZz/bKk1eyhK7qk=
.rlcdn.com/ Name: pxrc
Value: CM+Eoq8GEgUI6AcQABIGCOTrARAA
.linksynergy.com/ Name: icts
Value: 2024-03-06T14:48:47Z
.bounceexchange.com/ Name: bounceClientVisit4142c
Value: %7B%22vid%22%3A1709736527499809%2C%22did%22%3A%228723199298549469282%22%7D
.elfcosmetics.com/ Name: bounceClientVisit4142v
Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0ApmAGYDGA9igLYUICWtKZDTRV1AWgbNWHIQCc2TNgDsAhmBQgANCHEwQKkGxQB9AOb1dKCihRt6MmNQUnVOgxGOnzl67YoBfIA
.pippio.com/ Name: did
Value: hR0xbzO2RiBIlN1x
.pippio.com/ Name: didts
Value: 1709736528
.pippio.com/ Name: nnls
Value:
.pippio.com/ Name: pxrc
Value: CNCEoq8GEgUI9ywQAA==
.tapad.com/ Name: TapAd_TS
Value: 1709736529544
.tapad.com/ Name: TapAd_DID
Value: 15551a40-7e87-4578-929b-17a97685ac08

232 Console Messages

Source Level URL
Text
javascript error URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 362)
Message:
Access to image at 'https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 362)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 362)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 362)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 362)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 362)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 362)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://connect.facebook.net/signals/config/1638306756445368?v=2.9.148&r=stable&domain=www.elfcosmetics.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 109)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://cdn.usehero.com/plugin.5.46.0.js
Message:
<link rel=preload> has an invalid `href` value
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
ads.undertone.com
adservice.google.com
alb.reddit.com
analytics.google.com
analytics.pangle-ads.com
analytics.tiktok.com
api.bounceexchange.com
api.ipify.org
api.usehero.com
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
cdn.usehero.com
cm.g.doubleclick.net
cnv.event.prod.bidr.io
code.jquery.com
collector-pxxt4gy2ig.px-cloud.net
connect.facebook.net
ct.pinterest.com
data.cdnbasket.net
dsum-sec.casalemedia.com
elfcosmetics.a.bigcontent.io
events.bouncex.net
evt.undertone.com
external-api.jebbit.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
hb.yahoo.net
i.ytimg.com
ib.adnxs.com
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
jnn-pa.googleapis.com
js.cnnx.link
js.jebbit.com
k-aeu1.contentsquare.net
match.adsrvr.org
page.cdnbasket.net
pd.cdnwidget.com
pippio.com
pix.cdnwidget.com
pixel.pointmediatracker.com
pixel.rubiconproject.com
pixel.tapad.com
qoe-1.yottaa.net
s.pinimg.com
sc-static.net
sdk.iad-05.braze.com
secure.adnxs.com
simage2.pubmatic.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.doubleclick.net
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tags.rd.linksynergy.com
tr.snapchat.com
tr6.snapchat.com
upload.usehero.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aanf2md3hkgco6xex6u3tcyjd44x5c4hcy0e0aeaa6bbf08677sac.d.aa.online-metrix.net
websdk.appsflyer.com
www.cosmeticcriminals.com
www.elfcosmetics.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
www.youtube.com
x.bidswitch.net
cdn-fsly.yottaa.net
pixel.tapad.com
www.paypal.com
104.102.136.211
104.126.118.227
104.26.13.205
107.178.254.65
108.138.106.128
108.138.128.39
13.225.214.129
142.250.176.194
142.250.72.98
142.250.80.102
151.101.1.35
151.101.130.133
151.101.193.140
151.101.194.133
151.101.65.21
165.254.56.99
18.238.49.105
18.238.74.246
18.238.80.5
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
2001:4860:4802:36::178
204.2.49.62
204.2.50.19
23.44.201.207
23.48.224.114
23.56.163.9
2600:141b:1c00:10::172c:c9b3
2600:141b:1c00:1a89::1931
2600:1901:0:56e0::
2600:9000:210b:7600:11:85b0:d600:93a1
2600:9000:21dd:8000:a:b89d:a6c0:93a1
2600:9000:23cb:f200:13:d6f4:3240:93a1
2600:9000:24f1:4400:15:ad21:c740:93a1
2600:9000:24f1:e800:a:7914:b00:93a1
2606:4700:4400::6812:205a
2606:4700:4400::6812:2089
2606:4700:4400::6812:249b
2606:4700:4400::ac40:91b7
2606:4700:4400::ac40:952f
2606:4700::6812:82ec
2607:f8b0:4004:c09::9b
2607:f8b0:4006:807::2002
2607:f8b0:4006:807::200e
2607:f8b0:4006:80c::2003
2607:f8b0:4006:80f::2002
2607:f8b0:4006:80f::2004
2607:f8b0:4006:81d::2003
2607:f8b0:4006:81d::200e
2607:f8b0:4006:81f::2006
2607:f8b0:4006:820::2008
2607:f8b0:4006:822::200a
2607:f8b0:4006:823::2016
2620:1ec:c11::200
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
2a04:4e42:600::396
2a04:4e42::649
3.232.18.169
3.33.220.150
34.102.147.248
34.102.206.216
34.111.8.32
34.120.253.250
34.149.130.207
34.149.254.212
34.224.76.204
34.234.123.28
34.96.102.181
34.98.126.122
34.98.67.3
34.98.72.95
35.190.10.96
35.190.43.134
35.211.178.172
35.244.154.8
44.208.207.37
44.208.222.212
52.50.33.182
52.87.64.131
54.229.107.156
68.67.181.211
8.28.7.83
8.43.72.97
0376d99f51b9ad9fa26d88847d815779d83e27dbc6a5390f9e6194efbf13ae3f
041b6f16c439d88f0216b19fa33a33aac1fb97712fb1d2d248cb99b4fa58b77b
041fae481014a4280437ee1e028f934eadd7590e31f4050c18a57dc4ea7360b3
066f884cfd15768801743268a042cc8f5bba3f262b33ff05716b33b9e9550905
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
083e613ed2185815dc9dc91ae569c1ea8cb0187da15b88fb4df656b04ade665f
08d023c583036b4414546ec093ffc7335a1e18cbf4f3b1422027217ae9a8dc78
0b827abc34132551ee5d038a15277ba6bc5306abc290e3445856b8bde86b12b2
0fa295c05c5e6929d1ec1c79bafad9472084569d81bdd2c5bf5798edf5060d9f
11406e3b62294ffdc21348fd4a23761608b4cb667faf4233cd85c082aa57304d
152f59c2f670fb70bfddd3e67b0e345c046c657d83fba7e083e3ac4fc1d5e869
17fef180238a367cf191577c915d4bb50b0e084cd1260d3d64af740760545986
1d16cbf24d53ba3dc9c081aea9064065dfd20331e61856b49a83c706a41cc53a
1eebbe20a7e11128ee261e88cadbc5f467f81690a0bb0a8aa2a529a8f04aee43
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
24ac4da29c53564ae8c82180e85921818ad3fef0311e627f08b6edddf79a3b34
24c990bf93f521e5e1b9f9e52730c87238f4c7f7feda80215c60ed7243cab819
260de10667298e85d19583ee8ce60c30185780d02d36298247b104763b91be7f
276493c52282c17420780c4dc99d242720fcc891b4e49b2044e738870c1b1339
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697
294887d2665ef1f0e30ec66819de2719ba33dd97356a7b370499308bee1a93f3
29e2a8b03e2559d7345f49f8612893fb07c7d60fcf7fbed556587f2f5fad8b7e
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2ad22b91587a2adec093dc2d911118cac6b363dcaed96b3aaaa3af80d58efa03
2f3989acda5131345cd5dd5f11e9c3c373fd3b09eb1a2a64fb2d6b302ea020a6
2f3f08989d311e2a5e808fb023778e1f3735cfc0e28f345a4f5194b8b40eb1f2
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
339b06098fb60d7579df64514f9e48f830c198a5abc67bfb9fe23c4eef3a561a
33a9720bdc3cb427ac133951f12ead3a1a673f704839783f59314681286a7d81
3647c672a453341430a3684a219414cb50fad3fc9c008e00bb22eb1427fafd00
36ff871d9fcff613aae4a44802fc606d1d4838ea4f6efba815f0a1ec95bbd101
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
37ddd739dbf47fdb07064f47f42c862e6c764387a6da735b937373555be6cc1b
39b407ba527842ba6587698367b62e9c4770a0f1fb906c220879568cce0b1063
3afda3a545f4af46f87af3efd62d036c7b950df588a444bd9464191236e79922
3b4f2e1b70a9ab8aef23d65cc1b072b5eb6eba4979f6575c64771256e260409d
3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3ec58d58bd0f1cc7bea24dd08d015272b37c4bab92db44f8900bb784c304a80f
4258c25d31971ba63ce95e9daad134d486e282b1bc007ccaaee28a7ddf11f54b
4479278d3fa462f1ae928ff764df2b34b620c2942a3b3f276853f6c454a6e879
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4ad1a82d00680c14f55a66ee5d8d815fa36212052fb705209a5a9ec5c4bbddcb
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383
4affdacd77ceabdee92da8da59b4adebbfe3b28ff1a2fa60debc058b52030994
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b86fe35d476bac4f909e05069880b241ef6c9faba38f775492986bff146c736
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4c80ba44f61dd8c09ce0c57ca565f286b8bbb3f5ca6cb1fe882ad0d174eaafd1
4ccbe3b5b2dd9aa51c527f656d54d5e9a7a47908032a3503de66b2ff83af634c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50b6e67cfcfe4ac8fe9cee705b681f696065306ee42bcd4e6b37a17dba333ac5
50c938a88e3861313200737a018bc2d4995db885d894905596e060f4aad17683
5316a7ee75f01622d45e4c7a80757b3bd49fa9f7182fd894fc77fdbe784a533d
532bcb8909320181167f847a492db322b746fe9d010daf0f8a10121b4e22cc97
5570f4a23e52ab1d181c0cbc38821585e6b09260b9a3d5b8da32c125c06e1bb1
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5c8c192adca12497452b0a6c25b5913fad79f9afc4760673947377cd81575d81
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6
652c78e1fed16ce8400b02e044db779e18e24371df4aefc7743ac3b0a3fe86a2
65a3f669b13f6b35a9e6bd0788784a1bb3b82ead49598684dcfaeda3b15d78bc
689f40f631b3a6702753bb07026b69f9c8863e4b2c2c6c06271d3553e900deb6
68cd58f9fe7d86c825f03dec5076b42bac0fe29d8fb2dd175bb63f7efe06e151
68f6710cb2cc63e278cd3be6a0593c700b3ac346e36c1d636c5c13374dc20e91
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
694cf59c4851392846a4f01d91cb087daff67535111e104158264a0f53ba6bdf
6a36655e9de608636a4c3262639b79321a93bdd9ad275e4e130a07719094146f
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
6b42a56b231d70ea3691b9f46363b9f8ed6ca35f6b50084718669b8beac1e57d
6c27f5f083955575212c2ba5c0635647645fbf9299a5ad08e05b3e58117beab4
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6e9a31b3784b5fa5f384ee596c719982c792ebc9034e6425e2da3ecfd36c0678
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
724c915904a6a399b4e2c0e07ef9a56ec62002dcf2bb8800f6d0a4f4474498fb
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
765a638d2813ec1b917fc56cf90863f88991ef2550c1a14c99e9e9b243e80f74
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7a8a843f9da62fae7883096d53da84480440d9ddf656c05a3b27efa26c6dd33a
7b78b9170d1e1da68dd52e57d79c9e906137b28f87eca1f17b2c350f73d1f3ba
7bcce32f4ef85233e030a2e0f1a2a81aefab5d602d45c655b1ff5f068ac8abb8
7d084ab3d46e87a15a489145623d3b3fa161d23f5e9f544f2cbe047537e5af55
7d2c10e3d74db50d1346059928794022154a3e5e0ae3eda167edaa9a092565e3
7daa4f473c1f3b825470de6988a9df856a299340ecc5f92f347387c1bed23f27
815a0320ad8f92f8cf83f9a2804622e5acf474e6ef479f8cf1dbbb0d68845e89
8213e000b7b2f4da50a863873cf0bb6b818e1f31763f6d7177e2751de4dfb7ce
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8344b30c4f0eb1c6f29e7515183b8d91e55f80563104c8f15b6d156217091f00
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d
8b4baed685e61c19084227c70d48e2795b3df77fa784767ad956f35ac73fa358
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db85ac8c01a74779a703eca257950a05237337f40b1c21d5e65b1f67a18ff9d
8e33955f54ef8025b647a6e685fa689a9256fc5c987f7dc98590310ac3c358e5
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45
917d730202549036e0e6b04929f620a127c48a258d789abe29f7d88fe721f0f5
922c64e558220259f4977d026b43d7e42db91c7cd92fae1f2ee7c45c188527a3
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
92f709e941df3b754df46c209f8b21499ea6c3feb8ad5abdd5c0264a5dcb2595
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9811f258955412e499808713fb4717900dccb00ec88c21bc511fae494288c32c
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77
9858970d3451dfd889b9d2b610f5d10657099ec8ce7dd61aebab762884d40fdf
9a9e3a0f13bb307e731f5d58018c25f42ae93182d474e5b071741b1f5c63a283
9b3632368a9856515572ac89df71707fcef5d58219d9b7c1b1de04a995f30973
9b93edb158cd68a53ed95207c6e60e9415b082f620969e4d6f3d781702971592
a22e0c080eb42f4fe9b03b683379e7a0cee50d7b253bc16068c5b2879e766167
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a57c870a576b433cd110ddb6a6f86ce922e7ed0758c1da9e7e3190ff42c45fa4
a758246f43df5cf0f88a3c46a95cb7e962ec2e16327f7fc6b70d2150981b86df
a922d69396a01553b649bb1dbe6984deff25f41f484417f801da5d04efe0bc8f
a92babe0280635e6b8a8cd8b631230f248bfa16bfb2ae7a7e04d404df5518ccb
a938eea663af09f75118101cf9061107fbef7c4770d7d123c71e33c52c565139
a9cc73d73bc220a5bff574a3060e9a0236f58a87c6e9cde3afeb855f1658d954
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af7106cddc57cb9c88803c862459e1b11041ad970cc9719c092a328352f53252
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23e3e7b45deac1835f88777002de6af4e6b698bac6d47c833214ca92f8aa62e
b3cebc6cea9712fd3f622133c2331b47607f06227e571e721d879e52bcf63c2f
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b560a2dec6e408a3e4338d69ca3585b79f4f37de269685b06c6ddece941fddf1
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bf4d38b7a4f8eb326c632121fb86e0e1da16eb3e8cd8bf8fcdd847426ab21bf6
bf61062f0c0de0f5360e8bf4660c7c3c711aaee42a469c1f310fdee1fda426dc
bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c
c170e4452210cb237c6784a7bc160526e323ad3c68c3d77f5a63b38e5f12e377
c363b09ddcb37d2bb5655e872f15bcb72a98f76d2a58adb85a1daa57bee2a46e
c8cc6d1dd1fd1989c0c1366483615d6df15aeece3bafba73a77cbedffeef23d5
c9f83027cf2e267d24b2cfe366bc6664841765f0aaf362faf0156bccdce42355
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cab7e2f0ae92ebd8d2526e4fb359b044d1730e02ddaa125a517762b9130b756a
cbd7f2a3628f95c0fee7a090d94467ae77de49323e22dd01b1306e15013a436f
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
ce3febc316e94ec5a6362f3bdfe9eec8a1be968648f4a324fe7a55babf7773fe
cf14d2c07884176483beb43a76b3f79899619cb087fc8176c3792ca79d47c83d
cf1b4e2a57de561424fb99aa43ef462868d58d9c205a38ae3f564c10266a4dbc
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d193ca08b7345207607286ad104ecaa69147848b2333b934a778ce46f45361d8
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d5f4e88a592b623f9b96effebd9729e48e047241356fd69cf6ae6413adf8870f
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d85e4dcb52ce714c7136eb95a32765325205a4aabdb51932bd9024c400be665d
d8a6566c7e926c37c010dc811a5e82d5eddad8b10057bf711f0f644be60707d3
d973412d326528c3c272948259f245437209138cae41d034f0fe63fc9896f238
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
e1a41b2ce5fcd6320078c61076968d45ff5b5755840858a747fddef662a62551
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e96d1ae2515a7adf6e1fa754960645298839e87cd2a139fb6dc94c3e45ab9066
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ea7c1612005824699aa4574b764875370605733abc4d06f0650d309772423239
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eec2cd1094a6238af60f038e8f42ee2e90b115afd360a765d49a2dcd1d532336
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01dc6e5a56a6b43ff76188462bc4ca58ba4e253f87dcad62ae38879a00ca1e1
f078959678c0fb456631097af5cfa0dc687b5d4a7936dcdc0f57a4e1cee76a51
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6
f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f7f7d48fa4ef27a882d9690c581637c5f56c8f0870e7d375a333c6604b54c432
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
f8ea6f7e149ad29010cc98f77695c8c2e91a0c6dd61a41d9ac9bd64e68e03f7e
fb27e247bf4d215b60ffc5a0eedc2291dffc1d1b168d538bd455756215a96c85
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616