www.elfcosmetics.com Open in urlscan Pro
140.174.14.144 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.cosmeticcriminals.com/
Effective URL:
https://www.elfcosmetics.com/elf-cosmetic-criminals
Submission: On September 25 via api (September 25th 2024, 10:01:35 am UTC) from US — Scanned from DE

Summary HTTP 133 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 42 IPs in 4 countries across 30 domains to perform 133 HTTP transactions. The main IP is 140.174.14.144, located in Frankfurt am Main, Germany and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 81611.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.

This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	204.141.89.114 204.141.89.114	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1 15	140.174.14.144 140.174.14.144	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
4	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
2	162.159.138.60 162.159.138.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
5 15	2a02:26f0:310... 2a02:26f0:3100::1735:2b10	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
5	2a02:26f0:310... 2a02:26f0:3100::1735:2b28	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	35.194.25.57 35.194.25.57	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
12	2606:4700::68... 2606:4700::6812:562a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:9000:275... 2600:9000:275d:9e00:a:b89d:a6c0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
2	104.26.13.205 104.26.13.205	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700:440... 2606:4700:4400::ac40:9595	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:2250:4000:15:ad21:c740:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	172.217.16.196 172.217.16.196	15169 (GOOGLE) (GOOGLE)
1	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
7	13.35.58.72 13.35.58.72	16509 (AMAZON-02) (AMAZON-02)
1	140.174.14.77 140.174.14.77	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1	34.102.147.248 34.102.147.248	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	151.101.193.21 151.101.193.21	54113 (FASTLY) (FASTLY)
1	95.100.65.127 95.100.65.127	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.245.60.69 18.245.60.69	16509 (AMAZON-02) (AMAZON-02)
2	52.31.227.66 52.31.227.66	16509 (AMAZON-02) (AMAZON-02)
1	18.244.18.115 18.244.18.115	16509 (AMAZON-02) (AMAZON-02)
2	172.217.16.136 172.217.16.136	15169 (GOOGLE) (GOOGLE)
1	151.101.1.21 151.101.1.21	54113 (FASTLY) (FASTLY)
2	34.49.124.132 34.49.124.132	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	34.98.67.3 34.98.67.3	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 4	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2	151.101.67.1 151.101.67.1	54113 (FASTLY) (FASTLY)
2	34.246.128.189 34.246.128.189	16509 (AMAZON-02) (AMAZON-02)
2	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
4	2a02:26f0:310... 2a02:26f0:3100::210:6e08	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	63.32.124.192 63.32.124.192	16509 (AMAZON-02) (AMAZON-02)
2	108.138.26.43 108.138.26.43	16509 (AMAZON-02) (AMAZON-02)
13	91.235.133.113 91.235.133.113	30286 (THM) (THM)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	91.235.132.130 91.235.132.130	30286 (THM) (THM)
1	2620:f3:0:14:... 2620:f3:0:14:b401:8ee8:4321:ad82	30286 (THM) (THM)
1	91.235.134.131 91.235.134.131	30286 (THM) (THM)
133	42

1 204.141.89.114 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

www.cosmeticcriminals.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 140.174.14.144 (Frankfurt am Main, Germany) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

www.elfcosmetics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.2.133 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn-fsly.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.159.138.60 (None, )

ASN13335 (CLOUDFLARENET, US)

player.vimeo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a02:26f0:3100::1735:2b10 (Frankfurt am Main, Germany) 5 redirects

ASN20940 (AKAMAI-ASN1, NL)

cdn.media.amplience.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:3100::1735:2b28 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.static.amplience.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.194.25.57 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 57.25.194.35.bc.googleusercontent.com

api.retail.adeptmind.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6812:562a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:275d:9e00:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.13.205 (None, )

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:4400::ac40:9595 (United States)

ASN13335 (CLOUDFLARENET, US)

sdk.iad-05.braze.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:4000:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)

st.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.196 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.35.58.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-58-72.fra60.r.cloudfront.net

async-px.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 140.174.14.77 (Frankfurt am Main, Germany)

ASN393259 (YOTTAA-AS-1, US)

qoe-1.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com

tag.rmp.rakuten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.193.21 (San Francisco, United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.65.127 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-65-127.deploy.static.akamaitechnologies.com

static.ordergroove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.60.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-69.fra60.r.cloudfront.net

websdk.appsflyer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.31.227.66 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-227-66.eu-west-1.compute.amazonaws.com

api.cquotient.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.244.18.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-18-115.fra56.r.cloudfront.net

t.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.136 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.21 (San Francisco, United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.49.124.132 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 132.124.49.34.bc.googleusercontent.com

sgtm.elfcosmetics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com

ut.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.194 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.67.1 (San Francisco, United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.246.128.189 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-128-189.eu-west-1.compute.amazonaws.com

c.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3100::210:6e08 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

elfcosmetics.a.bigcontent.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.124.192 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-124-192.eu-west-1.compute.amazonaws.com

srm.ba.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.26.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-26-43.fra56.r.cloudfront.net

cdn-scripts.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 91.235.133.113 (United States)

ASN30286 (THM, US)

imgs.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.132.130 (United States)

ASN30286 (THM, US)
PTR: h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:f3:0:14:b401:8ee8:4321:ad82 (United States)

ASN30286 (THM, US)

h64.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.134.131 (United States)

ASN30286 (THM, US)

w2txo5aadb4ml5w5n5hoeglkih3y7p5fhiq3ymypd77c1b61074f7393am1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	amplience.net 5 redirects cdn.media.amplience.net — Cisco Umbrella Rank: 13910 cdn.static.amplience.net — Cisco Umbrella Rank: 42545	9 MB
17	elfcosmetics.com 1 redirects www.elfcosmetics.com — Cisco Umbrella Rank: 81611 sgtm.elfcosmetics.com — Cisco Umbrella Rank: 189891	312 KB
15	signifyd.com cdn-scripts.signifyd.com — Cisco Umbrella Rank: 9317 imgs.signifyd.com — Cisco Umbrella Rank: 7616	73 KB
12	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 351	287 KB
11	dynamicyield.com cdn.dynamicyield.com — Cisco Umbrella Rank: 9730 st.dynamicyield.com — Cisco Umbrella Rank: 8989 async-px.dynamicyield.com — Cisco Umbrella Rank: 9471	256 KB
7	paypal.com www.paypal.com — Cisco Umbrella Rank: 3337 t.paypal.com — Cisco Umbrella Rank: 4028	127 KB
7	braze.com sdk.iad-05.braze.com — Cisco Umbrella Rank: 2603	1 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 57	503 KB
5	yottaa.net cdn-fsly.yottaa.net — Cisco Umbrella Rank: 36007 Failed qoe-1.yottaa.net — Cisco Umbrella Rank: 12272	1 MB
4	bigcontent.io elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 167660	9 KB
4	googlesyndication.com 2 redirects ade.googlesyndication.com — Cisco Umbrella Rank: 335	1 KB
4	contentsquare.net t.contentsquare.net — Cisco Umbrella Rank: 3691 c.contentsquare.net — Cisco Umbrella Rank: 4745 srm.ba.contentsquare.net — Cisco Umbrella Rank: 22823	84 KB
4	youtube.com www.youtube.com — Cisco Umbrella Rank: 78	13 KB
3	online-metrix.net h.online-metrix.net — Cisco Umbrella Rank: 3451 h64.online-metrix.net — Cisco Umbrella Rank: 2673 w2txo5aadb4ml5w5n5hoeglkih3y7p5fhiq3ymypd77c1b61074f7393am1.e.aa.online-metrix.net	837 B
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 3005	16 KB
2	cquotient.com api.cquotient.com — Cisco Umbrella Rank: 38917	516 B
2	ipify.org api.ipify.org — Cisco Umbrella Rank: 2176	227 B
2	adeptmind.ai api.retail.adeptmind.ai — Cisco Umbrella Rank: 633216	675 B
2	vimeo.com player.vimeo.com — Cisco Umbrella Rank: 2385	12 KB
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 487	98 B
1	linksynergy.com ut.rd.linksynergy.com — Cisco Umbrella Rank: 10254	404 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3391
1	appsflyer.com websdk.appsflyer.com — Cisco Umbrella Rank: 6237	14 KB
1	ordergroove.com static.ordergroove.com — Cisco Umbrella Rank: 35756	52 KB
1	rakuten.com tag.rmp.rakuten.com — Cisco Umbrella Rank: 9024	15 KB
1	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 53	65 B
1	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 3	24 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 550	315 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 851	24 KB
1	cosmeticcriminals.com 1 redirects www.cosmeticcriminals.com	1 KB
133	30

	Domain	Requested by
15	cdn.media.amplience.net	5 redirects www.elfcosmetics.com
15	www.elfcosmetics.com	1 redirects www.elfcosmetics.com cdn-fsly.yottaa.net t.contentsquare.net
13	imgs.signifyd.com	www.elfcosmetics.com imgs.signifyd.com
12	cdn.cookielaw.org	cdn-fsly.yottaa.net cdn.cookielaw.org www.elfcosmetics.com
7	async-px.dynamicyield.com	cdn.dynamicyield.com
7	sdk.iad-05.braze.com	cdn-fsly.yottaa.net
5	www.paypal.com	www.elfcosmetics.com www.paypal.com
5	www.googletagmanager.com	www.elfcosmetics.com
5	cdn.static.amplience.net	www.elfcosmetics.com
4	elfcosmetics.a.bigcontent.io
4	ade.googlesyndication.com	2 redirects
4	www.youtube.com	www.elfcosmetics.com
4	cdn-fsly.yottaa.net	www.elfcosmetics.com
3	cdn.dynamicyield.com	www.elfcosmetics.com
2	cdn-scripts.signifyd.com	www.elfcosmetics.com
2	www.paypalobjects.com	www.elfcosmetics.com
2	c.contentsquare.net
2	t.paypal.com
2	sgtm.elfcosmetics.com	www.googletagmanager.com
2	api.cquotient.com	cdn-fsly.yottaa.net
2	api.ipify.org	cdn-fsly.yottaa.net
2	api.retail.adeptmind.ai	cdn-fsly.yottaa.net
2	player.vimeo.com	www.elfcosmetics.com
1	w2txo5aadb4ml5w5n5hoeglkih3y7p5fhiq3ymypd77c1b61074f7393am1.e.aa.online-metrix.net
1	h64.online-metrix.net	imgs.signifyd.com
1	h.online-metrix.net	imgs.signifyd.com
1	idsync.rlcdn.com
1	srm.ba.contentsquare.net	t.contentsquare.net
1	ut.rd.linksynergy.com	www.elfcosmetics.com
1	region1.google-analytics.com	www.googletagmanager.com
1	t.contentsquare.net	www.elfcosmetics.com
1	websdk.appsflyer.com	www.elfcosmetics.com
1	static.ordergroove.com	www.elfcosmetics.com
1	tag.rmp.rakuten.com	www.elfcosmetics.com
1	qoe-1.yottaa.net	www.elfcosmetics.com
1	googleads.g.doubleclick.net	www.elfcosmetics.com
1	www.google.com	1 redirects
1	st.dynamicyield.com	www.elfcosmetics.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	code.jquery.com	www.elfcosmetics.com
1	www.cosmeticcriminals.com	1 redirects
133	41

This site contains links to these domains. Also see Links.

Domain
cdn.dynamicyield.com
st.dynamicyield.com
rcom.dynamicyield.com
www.tiktok.com
www.instagram.com
www.pinterest.com
www.facebook.com
www.youtube.com
twitter.com
www.snapchat.com
www.linkedin.com
www.elfbeauty.com
elfcosmetics.onelink.me
preferences.elfcosmetics.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
*.elfcosmetics.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-25` - `2024-10-25`	a year	crt.sh
*.yottaa.net GlobalSign RSA OV SSL CA 2018	`2024-09-05` - `2025-10-07`	a year	crt.sh
player.vimeo.com WE1	`2024-09-22` - `2024-12-21`	3 months	crt.sh
*.google.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
dm.amplience.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-05` - `2025-08-14`	a year	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
api.retail.adeptmind.ai R11	`2024-07-29` - `2024-10-27`	3 months	crt.sh
cookielaw.org WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
*.dynamicyield.com Amazon RSA 2048 M03	`2024-08-18` - `2025-09-16`	a year	crt.sh
*.google-analytics.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
ipify.org WE1	`2024-09-15` - `2024-12-14`	3 months	crt.sh
sdk.iad-05.braze.com WE1	`2024-08-15` - `2024-11-13`	3 months	crt.sh
geolocation.onetrust.com WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
tag.rmp.rakuten.com WR3	`2024-07-28` - `2024-10-26`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2024-02-08` - `2025-02-08`	a year	crt.sh
*.ordergroove.com Go Daddy Secure Certificate Authority - G2	`2024-08-09` - `2025-08-20`	a year	crt.sh
*.appsflyer.com Amazon RSA 2048 M03	`2024-02-04` - `2025-03-03`	a year	crt.sh
*.cquotient.com Amazon RSA 2048 M02	`2024-03-05` - `2025-04-03`	a year	crt.sh
t.contentsquare.net Amazon RSA 2048 M03	`2024-08-13` - `2025-09-10`	a year	crt.sh
sgtm.elfcosmetics.com WR3	`2024-09-07` - `2024-12-06`	3 months	crt.sh
*.rd.linksynergy.com ZeroSSL RSA Domain Secure Site CA	`2024-01-23` - `2025-01-22`	a year	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2024-06-21` - `2025-06-20`	a year	crt.sh
dep.ba.contentsquare.net Amazon RSA 2048 M03	`2024-02-18` - `2025-03-19`	a year	crt.sh
*.bigcontent.io GeoTrust TLS RSA CA G1	`2024-06-13` - `2025-05-03`	a year	crt.sh
srm.ba.contentsquare.net Amazon RSA 2048 M02	`2023-11-07` - `2024-12-06`	a year	crt.sh
cdn-scripts.signifyd.com Amazon RSA 2048 M02	`2024-06-02` - `2025-06-30`	a year	crt.sh
imgs.signifyd.com Go Daddy Secure Certificate Authority - G2	`2023-10-20` - `2024-11-20`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-06` - `2025-03-05`	a year	crt.sh
online-metrix.net Viking Cloud Organization Validation CA, Level 1	`2024-03-20` - `2024-10-21`	7 months	crt.sh
*.aa.online-metrix.net Viking Cloud Organization Validation CA, Level 1	`2024-03-20` - `2024-10-21`	7 months	crt.sh

This page contains 9 frames:

Primary Page: https://www.elfcosmetics.com/elf-cosmetic-criminals
Frame ID: 2719EBD4B59CA21A755F999E2CFF4749
Requests: 110 HTTP requests in this frame

Frame: https://player.vimeo.com/video/985935623?h=0fd60177fc&badge=0&autopause=0&player_id=0&app_id=58479
Frame ID: 30A3277236F3E0649A68626D4A0536EE
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: 74C779EE29B7D3FE5D856DE3B4CD1F6C
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.64.11&integrationType=SDK
Frame ID: 1E71A2DF9468D360EAF627A1711378DF
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 88999BAA45F187AB42BEC62549F6B917
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/uoj082F-TB69czO5?4c8889e9339af2cd=GOR6fwd4L1BumEjIaeSmUWyPLt0FODTiOKNnpRjsfDG0Nx44a900tUb2SOEq6VAchr_Xhum87Fgyp-5i51EKKascYW1v1lZtRFcFUloRRj9Oel9jcwG7XHfD7x9vq8RW0cHZbB5iJflFCDRJr7ANrzV8GLliC6vcanabfadYoSZpSIW0MHQ_9e4uvy0fi0Ms0an3hU60GrhE8xN5&jb=3d32262460736d7d354669667d78246079653d4c616e75782c687b607d3d4b60786f6d652e68736037436a7a6767652d3a30333833
Frame ID: BAE51B19EC784CDC1E15DD612FD5D566
Requests: 12 HTTP requests in this frame

Frame: https://imgs.signifyd.com/xRUdxcRyNqDeaC1x?7c798575de61218c=aLH3pFEglXBKW2KPHOoMefCRTL18sJPWZJq6JW2t7U-HlXtb2AGzemYIgSdpKxtmhglmN71PGWTs6L1ieB2lRQ3F4gNvDGIsjmMZnvr-WpLeuBF8VdU3jaNEFHhTSNce_bdjUfQkOYhZM8kAHX4bJcKXusvFDj7A-KgHZIjZxiU00xpVqBkwljfknMP9IPLy4rEWDlZZ_hn17uFyDEw
Frame ID: E9AB21CB3A2F21B14B1FE7090D39146D
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/sKpWi9iLqpruXJGy?a2465f0ed43e03d8=X9MfANfrCgtjamHhQs8TN4w73JQLSa-btthl-Nxm7ryxbHaLzwpkKPYtN0Jb9k6te9_2Tux4aw3FZpAEpVzCFFgKjG9CUNOpb-c9FqhvoZNWq5XWscmOXC1GG9mKwPAHNQO3NO9e8yz6GyEOb_fRbLDssYCjPnSqfbDYmBeYsmtiRYrddtmVljp87pkNLrFIA9zA7-zyXcvDQE4WCXLd
Frame ID: 60D29EE17998F83FB3C63FF4C08F96F6
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/iCMrs_fjLwOflX0o?41dbeb5e6e1dcab4=ul_dLJMYJgmx56EaY4mINPzSoetJuLVQO_gkNcEqUKpq7ipsHNrsbTWowh_4jtdHATNpiaAVDh84eIEgqto4lpUXY-WD6P4tk2-b2gW-93DfkCZqDPZSv0NwUXTpFpz4Xn5-fEr9Dz0_zXDS0i4BkNBkBkw9B0QcDCMKjQ636OkLwJxPPoyoh3IZbhNrIDAgyTcGEP9qm_DkekTE8Cl7
Frame ID: A5B58EAF9557CA83A2252FA18254EEFF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cosmetic Criminals | e.l.f. Cosmetics

Page URL History Show full URLs

https://www.cosmeticcriminals.com/ HTTP 301
https://www.elfcosmetics.com/elf-cosmetic-criminals Page URL

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

Dynamic Yield (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

cdn\.dynamicyield\.\w+/

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Rakuten (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

tag\.rmp\.rakuten\.com

basket.js (JavaScript Libraries) Expand

Overall confidence: 10%
Detected patterns

basket.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

133
Requests

90 %
HTTPS

30 %
IPv6

30
Domains

41
Subdomains

42
IPs

4
Countries

12081 kB
Transfer

20686 kB
Size

42
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://cdn.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://st.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://rcom.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@elfyeah/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/eyeslipsfacedotcom

Search URL Search Domain Scan URL

URL: https://twitter.com/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.snapchat.com/add/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/e-l-f-beauty

Search URL Search Domain Scan URL

URL: https://www.elfbeauty.com/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.elfbeauty.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://elfcosmetics.onelink.me/wTtZ/AcrossSiteCosmetics

Search URL Search Domain Scan URL

URL: https://preferences.elfcosmetics.com/dont_sell
Title: Do Not Sell My Personal Info/Opt Out of Targeted Ads

Search URL Search Domain Scan URL

URL: https://preferences.elfcosmetics.com/privacy
Title: Privacy Rights Request Form

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.cosmeticcriminals.com/ HTTP 301
https://www.elfcosmetics.com/elf-cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4

Request Chain 19

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4

Request Chain 20

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4

Request Chain 21

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4

Request Chain 22

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4

Request Chain 38

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=cvixpDsPxUGzHSjRQHndD0psKGxfdwT_kyLVM356hoQ HTTP 303
https://www.elfcosmetics.com/callback?usid=7014b097-c411-4fa7-9e8e-bf0cc65ba0a6&code=qfucI1KcOCreNX1T_IjJFTqh9_9TG9-XlnoPl0KiWmM

Request Chain 44

https://www.google.com/pagead/landing?gcs=G1--&gcd=13l3l3l2l5l1&tag_exp=0&rnd=424909595.1727258484&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=syphamo&dma=1&npa=1&gtm=45He49n0n81WL3STMXv896608294za200&auid=716154409.1727258484 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G1--&gcd=13l3l3l2l5l1&tag_exp=0&rnd=424909595.1727258484&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=syphamo&dma=1&npa=1&gtm=45He49n0n81WL3STMXv896608294za200&auid=716154409.1727258484

Request Chain 96

https://ade.googlesyndication.com/ddm/activity/src=9231397;type=retarget;cat=globa0;ord=7034194132383;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe49n0v9181619921z8896608294za201zb896608294;gcs=G100;gcd=13m3mPm2m5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals HTTP 302
https://ade.googlesyndication.com/ddm/activity/src=9231397;dc_pre=CKvGiaTr3YgDFY3IOwIdXL82Hg;type=retarget;cat=globa0;ord=7034194132383;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe49n0v9181619921z8896608294za201zb896608294;gcs=G100;gcd=13m3mPm2m5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals

Request Chain 99

https://ade.googlesyndication.com/ddm/activity/src=10742279;type=elf8j0;cat=glo_flap;ord=5181065998439;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe49n0v9181663336z8896608294za201zb896608294;gcs=G100;gcd=13m3mPm2m5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals HTTP 302
https://ade.googlesyndication.com/ddm/activity/src=10742279;dc_pre=CPPEiaTr3YgDFXnNOwIdQ8sRQg;type=elf8j0;cat=glo_flap;ord=5181065998439;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe49n0v9181663336z8896608294za201zb896608294;gcs=G100;gcd=13m3mPm2m5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals

133 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request elf-cosmetic-criminals Show response
www.elfcosmetics.com/
Redirect Chain

https://www.cosmeticcriminals.com/
https://www.elfcosmetics.com/elf-cosmetic-criminals

1 MB
265 KB

4692ms
4471ms

Document
text/html

140.174.14.144
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.14.144 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

71a4cb0f4ed855266207e8102d30e19a27ceaf6c46a804ce426aedd7592e653b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 0
alt-svc: h3=":443"; ma=86400
cache-control: public, must-revalidate, s-maxage=900
content-encoding: gzip
content-length: 270285
content-type: text/html; charset=utf-8
date: Wed, 25 Sep 2024 10:01:19 GMT
etag: W/"1014cc-e5+7LALip/8X+yh+BGJ4im2BhEo"
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 81cb77eb84eee291ebbd90b4c274c1c4.cloudfront.net (CloudFront)
x-amz-apigw-id: ep_ZBEEaCYcEgdg=
x-amz-cf-id: GFhBkZhG-74jbwMMPThKUoFdOi7OvAhwdV-6VIhVmm6zWwQUgaM4Yw==
x-amz-cf-pop: FRA60-P6
x-amzn-remapped-connection: close
x-amzn-remapped-content-length: 1053900
x-amzn-remapped-date: Wed, 25 Sep 2024 10:01:19 GMT
x-amzn-requestid: e8e9765a-00b1-4721-ba4f-353611f31df7
x-amzn-trace-id: Root=1-66f3df6c-11586bf8640fcd9d7a1c3941;Parent=04db4f795373afda;Sampled=0;Lineage=1:2b75b0e9:0
x-cache: Miss from cloudfront
x-yottaa-metrics: 36218cae0e2c/[2825,2756,-] 36D18cae0e90/[-,2874.580]
x-yottaa-optimizations: ob/1000000100001000 si/36D18cae0e90-1727198787-4345353370 tts/1727189521438 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os: 200

Redirect headers

age: 0
content-length: 1197
content-type: text/html; charset=utf-8
date: Wed, 25 Sep 2024 10:01:16 GMT
location: https://www.elfcosmetics.com/elf-cosmetic-criminals
vary: User-Agent
x-yottaa-fw: fb/100000 tid/658dc44fd93140973bd48a52 rid/658dc848d93140973bd496fa stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics: 23D1cc8d5972/[-,0.352]
x-yottaa-optimizations: ob/0 si/23D1cc8d5972-1727198788-7776602252 tts/1727258476272 ti/0 ai/658dc44fd93140973bd48a52

GET /
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/ 0
0

GET
H2 200 /
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/ 12 KB
12 KB 145ms
40ms Image
text/html 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

CloudFront /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.elfcosmetics.com
Referer: https://www.elfcosmetics.com/

Response headers

x-amzn-remapped-content-length: 1062455
content-encoding: gzip
x-amzn-remapped-connection: close
etag: W/"103637-PFbJUlNbaaTJj6ac7OZsEo9e0a8"
age: 762
x-amzn-requestid: 9b217687-c5c9-473c-9ecc-02c6320a41b3
x-cache: Hit from cloudfront, HIT
x-amz-cf-id: 6-YXwGLMI2h9P95fwRi7UWBItWKvC-9z9GIUfgbhalMeBUariQOxkQ==
date: Wed, 25 Sep 2024 10:01:21 GMT
content-type: text/html; charset=utf-8
x-served-by: cache-fra-etou8220080-FRA
x-cache-hits: 1
x-yottaa-optimizations: ob/1000000100001000 si/36118cae0e24-1721912170-793919299 tts/1727189521438 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
cache-control: public, must-revalidate, s-maxage=900
x-amz-apigw-id: ep9ieFNyiYcEqOw=
x-amzn-remapped-date: Wed, 25 Sep 2024 09:48:38 GMT
x-timer: S1727258481.431333,VS0,VE2
x-amzn-trace-id: Root=1-66f3dc75-311a22a579914fac176a8ac8;Parent=3ca4681c37d26e18;Sampled=0;Lineage=1:2b75b0e9:0
via: 1.1 fc486e72455da7c1d3be4472dd5ba8b2.cloudfront.net (CloudFront), 1.1 varnish
x-yottaa-metrics: 36218cae0e3f/[96,22,-] 36118cae0e24/[-,148.533]
accept-ranges: bytes
access-control-allow-origin: *
content-length: 268822
x-amz-cf-pop: FRA60-P6
server: CloudFront

GET /
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/ 0
0

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.elfcosmetics.com
Referer

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.elfcosmetics.com
Referer

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H/1.1 200
OK 985935623
player.vimeo.com/video/ Frame 30A3 0
0 430ms
345ms Document
text/html 162.159.138.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://player.vimeo.com/video/985935623?h=0fd60177fc&badge=0&autopause=0&player_id=0&app_id=58479

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' https://.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://player-telemetry.vimeo.com https://.akamaized.net https://.akamaized-staging.net https://.vimeocdn.com https://drm.vhx.com/v2/fairplay/cert https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://.kollective.app https://.kollective.app:31015 https://.kollectivecd.com https://.hivestreaming.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://.wirewax.com https://.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://.vimeocdn.com https://.akamaized.net https://.akamaized-staging.net; media-src 'self' blob: https://.vimeocdn.com https://.akamaized.net https://.akamaized-staging.net https://.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://*; report-uri /_csp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

CF-Cache-Status: DYNAMIC
CF-Ray: 8c8a2c26a87b7264-HAM
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 25 Sep 2024 10:01:22 GMT
Expires: Fri, 15 Dec 1985 19:30:00 GMT
Link: <https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin, <https://i.vimeocdn.com>; rel=preconnect; crossorigin, <https://f.vimeocdn.com>; rel=preconnect; crossorigin
Server: cloudflare
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Transfer-Encoding: chunked
Vary: Accept-Encoding
Via: 1.1 varnish
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline' https://*.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://*.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://drm.vhx.com/v2/fairplay/cert https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.kollective.app https://*.kollective.app:31015 https://*.kollectivecd.com https://*.hivestreaming.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://*.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://*; report-uri /_csp
x-backend-server: player-backend-edge-entry
x-bapp-server: player-backend-559c5bd87d-5lprm
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-host: player-backend-559c5bd87d-5lprm
x-player-backend: g
x-served-by: cache-ams21059-AMS
x-timer: S1727258482.738056,VS0,VE267
x-xss-protection: 1; mode=block

GET
H2 200 rZPCKoUReO0
www.youtube.com/embed/ Frame 74C7 0
0 245ms
155ms Document
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Wed, 25 Sep 2024 10:01:21 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 630 KB
630 KB 428ms
204ms Image
image/jpeg 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-tag: hZVUi1LzQ,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-amp-source-width: 3199
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:21 GMT
content-type: image/jpeg
x-frame-options: DENY
cache-control: max-age=1800, s-maxage=86400
x-req-id: k15Fkb6qk2
x-amp-source-height: 1249
accept-ranges: bytes
access-control-allow-origin: *
content-length: 644728
x-amp-published: Wed, 20 Dec 2023 20:47:39 GMT
x-amp-srv: A
x-xss-protection: 1; mode=block
server: Unknown

GET
H2 200 PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 205 KB
205 KB 297ms
74ms Image
image/png 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-tag: UOGeWU-oN,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-amp-source-width: 800
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:21 GMT
content-type: image/png
x-frame-options: DENY
cache-control: max-age=1800, s-maxage=86400
x-req-id: NXuRp0wkuh
x-amp-source-height: 340
accept-ranges: bytes
access-control-allow-origin: *
content-length: 209440
x-amp-published: Wed, 20 Dec 2023 20:47:39 GMT
x-amp-srv: A
x-xss-protection: 1; mode=block
server: Unknown

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif

GET
H2 200 PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 2 MB
2 MB 610ms
388ms Image
image/png 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-tag: bbZ7I4jYr,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-amp-source-width: 3080
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:21 GMT
content-type: image/png
x-frame-options: DENY
cache-control: max-age=1800, s-maxage=86400
x-req-id: iusGeruuNX
x-amp-source-height: 1484
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2085695
x-amp-published: Wed, 03 Jan 2024 21:02:28 GMT
x-amp-srv: A
x-xss-protection: 1; mode=block
server: Unknown

GET
H2 200 PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 330 KB
331 KB 606ms
384ms Image
image/jpeg 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-tag: dRj4K7h-K,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-amp-source-width: 2806
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:21 GMT
content-type: image/jpeg
x-frame-options: DENY
cache-control: max-age=1800, s-maxage=86400
x-req-id: eTn0FE0PQR
x-amp-source-height: 1062
accept-ranges: bytes
access-control-allow-origin: *
content-length: 338113
x-amp-published: Wed, 27 Dec 2023 17:21:33 GMT
x-amp-srv: A
x-xss-protection: 1; mode=block
server: Unknown

GET
H2 200 PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 180 KB
180 KB 606ms
385ms Image
image/jpeg 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-tag: AiF_FR1th,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-amp-source-width: 1952
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:22 GMT
content-type: image/jpeg
x-frame-options: DENY
cache-control: max-age=1800, s-maxage=86400
x-req-id: bsvsIuh4-k
x-amp-source-height: 1108
accept-ranges: bytes
access-control-allow-origin: *
content-length: 184181
x-amp-published: Fri, 29 Dec 2023 07:51:47 GMT
x-amp-srv: A
x-xss-protection: 1; mode=block
server: Unknown

GET
H2 200 PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 614 KB
614 KB 608ms
387ms Image
image/png 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-tag: epOH068Q-,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-amp-source-width: 3200
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:21 GMT
content-type: image/png
x-frame-options: DENY
cache-control: max-age=1800, s-maxage=86400
x-req-id: rytgyF9Ky4
x-amp-source-height: 525
accept-ranges: bytes
access-control-allow-origin: *
content-length: 628288
x-amp-published: Thu, 28 Dec 2023 16:15:28 GMT
x-amp-srv: A
x-xss-protection: 1; mode=block
server: Unknown

GET
H2 200 jquery-3.7.1.slim.min.js Show response
code.jquery.com/ 69 KB
24 KB 154ms
48ms Script
application/javascript 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-encoding: gzip
etag: W/"28feccc0-11278"
age: 1207189
x-cache: HIT, HIT
date: Wed, 25 Sep 2024 10:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
x-cache-hits: 7597, 7616
x-served-by: cache-lga21987-LGA, cache-mxp6923-MXP
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=604800
x-timer: S1727258482.738187,VS0,VE0
cross-origin-resource-policy: cross-origin
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 24036
server: nginx

GET
H/1.1 200
OK player.js Show response
player.vimeo.com/api/ 37 KB
12 KB 153ms
66ms Script
application/javascript 162.159.138.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://player.vimeo.com/api/player.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

794b9f4fa15362394d9913554121b956f2ee5f5dc368540a8cc761dc9c7668f1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Age: 788
x-backend-server: player-backend-edge-entry
expires: Wed, 25 Sep 2024 06:18:13 GMT
x-player-backend: g
x-cache: HIT
Date: Wed, 25 Sep 2024 10:01:21 GMT
Content-Type: application/javascript;charset=utf-8
x-bapp-server
x-served-by: cache-ams21064-AMS
x-cache-hits: 529
vary: Accept-Encoding
content-security-policy: default-src 'none'; style-src 'unsafe-inline'
Cache-Control: max-age=1800
x-timer: S1727258482.736797,VS0,VE0
Connection: keep-alive
via: 1.1 varnish
CF-RAY: 8c8a2c26b95f6a6b-HAM
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 11434
Server: cloudflare

GET
H2 200 player_api Show response
www.youtube.com/ 993 B
2 KB 145ms
58ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/player_api

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3a64796a62838e6b7b14d9525fec88fcbf20b461fc39a018a1d30c9802545415

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-encoding: br
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
x-content-type-options: nosniff
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
expires: Wed, 25 Sep 2024 10:01:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
date: Wed, 25 Sep 2024 10:01:21 GMT
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cache-control: private, max-age=0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
x-xss-protection: 0
server: ESF

GET
H2

206

8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4

1 MB
1 MB

550ms
270ms

Media
video/mp4

2a02:26f0:3100::1735:2b28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Server: 2a02:26f0:3100::1735:2b28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

access-control-max-age: 3000
x-amp-route: ak-s1
etag: "dd3676819bd88a250c875a11e38c307d"
Content-Range: bytes 0-1060947/1060948
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 1060948
date: Wed, 25 Sep 2024 10:01:22 GMT
x-amp-srv: A
last-modified: Fri, 22 Dec 2023 15:50:27 GMT
content-type: video/mp4
x-amz-server-side-encryption: AES256

Redirect headers

x-amp-srv: A
cache-control: max-age=1800, s-maxage=86400
location: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cache-tag: l-rQWX-Kn,l4p5bDg2e,bgWw7nQ29
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
date: Wed, 25 Sep 2024 10:01:22 GMT
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8
server: Unknown
x-frame-options: DENY

GET
H2

206

c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4

1 MB
1 MB

638ms
339ms

Media
video/mp4

2a02:26f0:3100::1735:2b28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Server: 2a02:26f0:3100::1735:2b28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

access-control-max-age: 3000
x-amp-route: ak-s1
etag: "91a2cbc7ca143aac79d0312d84bb77fb"
Content-Range: bytes 0-1262366/1262367
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 1262367
date: Wed, 25 Sep 2024 10:01:22 GMT
x-amp-srv: A
last-modified: Fri, 22 Dec 2023 17:43:50 GMT
content-type: video/mp4
x-amz-server-side-encryption: AES256

Redirect headers

x-amp-srv: A
cache-control: max-age=1800, s-maxage=86400
location: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cache-tag: 8N0u74LhG,l4p5bDg2e,fH6Lo3_5e
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
date: Wed, 25 Sep 2024 10:01:22 GMT
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8
server: Unknown
x-frame-options: DENY

GET
H2

206

4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4

952 KB
953 KB

638ms
337ms

Media
video/mp4

2a02:26f0:3100::1735:2b28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Server: 2a02:26f0:3100::1735:2b28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: a92babe0280635e6b8a8cd8b631230f248bfa16bfb2ae7a7e04d404df5518ccb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

access-control-max-age: 3000
x-amp-route: ak-s1
etag: "d7fdef501f28cd925baedd782b4e6464"
Content-Range: bytes 0-975135/975136
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 975136
date: Wed, 25 Sep 2024 10:01:22 GMT
x-amp-srv: A
last-modified: Fri, 29 Dec 2023 07:23:44 GMT
content-type: video/mp4
x-amz-server-side-encryption: AES256

Redirect headers

x-amp-srv: A
cache-control: max-age=1800, s-maxage=86400
location: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
cache-tag: B0QAsb_Qu,l4p5bDg2e,6oVxns4D8
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
date: Wed, 25 Sep 2024 10:01:22 GMT
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8
server: Unknown
x-frame-options: DENY

GET
H2

206

45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4

850 KB
850 KB

504ms
211ms

Media
video/mp4

2a02:26f0:3100::1735:2b28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Server: 2a02:26f0:3100::1735:2b28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 7b78b9170d1e1da68dd52e57d79c9e906137b28f87eca1f17b2c350f73d1f3ba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

access-control-max-age: 3000
x-amp-route: ak-s1
etag: "f6c9e900cbfcff8b9f465043b51061d1"
Content-Range: bytes 0-869943/869944
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 869944
date: Wed, 25 Sep 2024 10:01:22 GMT
x-amp-srv: A
last-modified: Tue, 02 Jan 2024 17:30:06 GMT
content-type: video/mp4
x-amz-server-side-encryption: AES256

Redirect headers

x-amp-srv: A
cache-control: max-age=1800, s-maxage=86400
location: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
cache-tag: aso55M63T,l4p5bDg2e,tO41Cj3M_
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
date: Wed, 25 Sep 2024 10:01:22 GMT
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8
server: Unknown
x-frame-options: DENY

GET
H2

206

9c45925d-0761-4101-9a41-aec1046b0de8.mp4
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4

865 KB
866 KB

631ms
338ms

Media
video/mp4

2a02:26f0:3100::1735:2b28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Server: 2a02:26f0:3100::1735:2b28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ea7c1612005824699aa4574b764875370605733abc4d06f0650d309772423239

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

access-control-max-age: 3000
x-amp-route: ak-s1
etag: "78a50c5b4ac482dcd7b7323f59feb0b9"
Content-Range: bytes 0-885663/885664
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 885664
date: Wed, 25 Sep 2024 10:01:22 GMT
x-amp-srv: A
last-modified: Tue, 02 Jan 2024 17:20:49 GMT
content-type: video/mp4
x-amz-server-side-encryption: AES256

Redirect headers

x-amp-srv: A
cache-control: max-age=1800, s-maxage=86400
location: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4
cache-tag: s_GWyFY8J,l4p5bDg2e,nvYvyivv1
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
date: Wed, 25 Sep 2024 10:01:22 GMT
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8
server: Unknown
x-frame-options: DENY

GET
H2 200 vendor.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/ 2 MB
627 KB 200ms
116ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/vendor.js?yocs=Z_14_1K_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d1c837b83e593f154428f1615709ad1146a51818f6973ad5ea0d24c2bb619670

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

x-amz-meta-deploy: 840429
content-encoding: gzip
age: 585205
x-cache: Hit from cloudfront, HIT
x-amz-cf-id: L1Wjdvm1PejJfeKxtALiEFVcGP-RtgGKifn0N6u_Ypi6VUTwVLlNSw==
date: Wed, 25 Sep 2024 10:01:22 GMT
content-type: application/javascript; charset=utf8
x-served-by: cache-fra-etou8220024-FRA
x-cache-hits: 1
x-yottaa-optimizations: ob/1010 si/36118cae0e24-1721912170-788674621 tts/1726673201515 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
vary: Accept-Encoding
x-yottaa-forcecache: true, true
cache-control: public, max-age=31104000
x-timer: S1727258482.019464,VS0,VE2
via: 1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront), 1.1 varnish
x-amz-meta-bundle: 11899
x-yottaa-metrics: 36218cae0e45/[-,-,1726673243262] 36118cae0e24/[-,127.833]
accept-ranges: bytes
access-control-allow-origin: *
content-length: 641170
x-amz-cf-pop: FRA60-P6
server: AmazonS3

GET
H2 200 main.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/ 2 MB
508 KB 134ms
50ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/main.js?yocs=Z_14_1K_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1961d18c3e6b963bbb09b850a484e8c10fca2938ffe503e4f693c6e673618f87

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

x-amz-meta-deploy: 840429
content-encoding: gzip
age: 253771
x-cache: Hit from cloudfront, HIT
x-amz-cf-id: iDltd5ev5-PXtaSfziBKN3qBuxARAoNp1E-TlEyiN4TlpqA4m9JDGQ==
date: Wed, 25 Sep 2024 10:01:22 GMT
content-type: application/javascript; charset=utf8
x-served-by: cache-fra-etou8220024-FRA
x-cache-hits: 1
x-yottaa-optimizations: ob/1100 si/36118cae0e21-1721912096-1720506672 tts/1726771354315 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
vary: Accept-Encoding
x-yottaa-forcecache: true, true
cache-control: public, max-age=31104000
x-timer: S1727258482.019383,VS0,VE2
via: 1.1 59d92388a3a66e5f245f384a437fa024.cloudfront.net (CloudFront), 1.1 varnish
x-amz-meta-bundle: 11899
x-yottaa-metrics: 36218cae0e32/[18,-,1726999432047] 36118cae0e21/[-,122.691]
accept-ranges: bytes
access-control-allow-origin: *
content-length: 518958
x-amz-cf-pop: FRA2-C1
server: AmazonS3

GET
H2 200 pages-product-list-product-list-page.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/ 42 KB
12 KB 142ms
59ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/pages-product-list-product-list-page.js?yocs=Z_14_1K_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 60604eb6ccf99a00d1666b9081d65b4e917ba2b4d295403e2a75887326aa3e15

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

x-amz-meta-deploy: 840429
content-encoding: gzip
age: 585205
x-cache: Hit from cloudfront, HIT
x-amz-cf-id: QM138in3BSZvHYsA5sRvfTSnF9DPIu3nkGnRW3pR2s_n_6WqdQF1Eg==
date: Wed, 25 Sep 2024 10:01:22 GMT
content-type: application/javascript; charset=utf8
x-served-by: cache-fra-etou8220024-FRA
x-cache-hits: 0
x-yottaa-optimizations: ob/1000 si/3211a5fec6ea-1721912122-2214416022 tts/1726673201515 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
vary: Accept-Encoding
x-yottaa-forcecache: true, true
cache-control: public, max-age=31104000
x-timer: S1727258482.019500,VS0,VE2
via: 1.1 edb5724c2fa0963fde9c6c5089b747ce.cloudfront.net (CloudFront), 1.1 varnish
x-amz-meta-bundle: 11899
x-yottaa-metrics: 3221a5fec65e/[9,4,-] 3211a5fec6ea/[-,15.545]
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11984
x-amz-cf-pop: DFW57-P1
server: AmazonS3

GET
H2 200 PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min
cdn.media.amplience.net/i/elfcosmetics/ 73 KB
73 KB 469ms
467ms Image
image/avif 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min?fmt=auto

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

aca990e4ea5c882dcfe05c1b6de93300cc4e0ed49fe61d511422b67c9953ec0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-tag: 6BxHkY6kA,l4p5bDg2e,5-jG4GMEO,WepA0szpz
x-amp-source-width: 855
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:22 GMT
content-type: image/avif
x-frame-options: DENY
cache-control: max-age=1800, s-maxage=86400
x-req-id: IJJ4j3NrqG
x-amp-source-height: 1303
accept-ranges: bytes
access-control-allow-origin: *
content-length: 74677
x-amp-published: Thu, 21 Dec 2023 20:12:24 GMT
x-amp-srv: A
x-xss-protection: 1; mode=block
server: Unknown

GET
H2 200 PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min
cdn.media.amplience.net/i/elfcosmetics/ 16 KB
17 KB 479ms
478ms Image
image/webp 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min?fmt=auto

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

d7d6f2d3cc5c5e3b057e899b45fb372d18890b7b61e0df9ced47891f9bbf0061

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-tag: HSNn11Apz,l4p5bDg2e,QvpKILV5P,DtzGFM5oJ
x-amp-source-width: 2000
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:21 GMT
content-type: image/webp
x-frame-options: DENY
cache-control: max-age=1800, s-maxage=86400
x-req-id: XSQQZiYonf
x-amp-source-height: 2000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16698
x-amp-published: Thu, 21 Dec 2023 20:12:23 GMT
x-amp-srv: A
x-xss-protection: 1; mode=block
server: Unknown

GET
H2 200 PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min
cdn.media.amplience.net/i/elfcosmetics/ 52 KB
52 KB 480ms
479ms Image
image/avif 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min?fmt=auto

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

bb378098ee9eb555df3b46abb37f65c770427b74147322c7707da6f623b28144

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-tag: H2NUbpTr3,l4p5bDg2e,h1qKNVnZ0,WepA0szpz
x-amp-source-width: 862
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:21 GMT
content-type: image/avif
x-frame-options: DENY
cache-control: max-age=1800, s-maxage=86400
x-req-id: VKtFiWps-k
x-amp-source-height: 1324
accept-ranges: bytes
access-control-allow-origin: *
content-length: 52893
x-amp-published: Thu, 21 Dec 2023 20:12:24 GMT
x-amp-srv: A
x-xss-protection: 1; mode=block
server: Unknown

GET
H2 200 PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min
cdn.media.amplience.net/i/elfcosmetics/ 20 KB
21 KB 480ms
479ms Image
image/webp 2a02:26f0:3100::1735:2b10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min?fmt=auto

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2b10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

e79dea9b0707ff2fa615359bdb9683037505ddb2a00daae13de4ae1a80055adf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-tag: fnpu0Og6U,l4p5bDg2e,nb-u70u49,DtzGFM5oJ
x-amp-source-width: 2400
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:21 GMT
content-type: image/webp
x-frame-options: DENY
cache-control: max-age=1800, s-maxage=86400
x-req-id: 8BbA--ul1Z
x-amp-source-height: 2400
accept-ranges: bytes
access-control-allow-origin: *
content-length: 20738
x-amp-published: Thu, 21 Dec 2023 20:12:23 GMT
x-amp-srv: A
x-xss-protection: 1; mode=block
server: Unknown

OPTIONS
H2 204 ga4
api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ Frame 0
0 455ms
143ms Preflight 35.194.25.57
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ga4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.194.25.57 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

57.25.194.35.bc.googleusercontent.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: POST,HEAD,OPTIONS,GET,PATCH,PUT,DELETE
access-control-allow-origin: https://www.elfcosmetics.com
date: Wed, 25 Sep 2024 10:01:23 GMT
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
referrer-policy: strict-origin
server: envoy
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-envoy-upstream-service-time: 1
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 158ms
69ms Script
application/javascript 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/main.js?yocs=Z_14_1K_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-md5: jwlUUXc1HMPClYXMpY+NPQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCDC63EBBD1100
x-ms-lease-status: unlocked
age: 12
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Thu, 26 Sep 2024 10:01:23 GMT
date: Wed, 25 Sep 2024 10:01:23 GMT
content-type: application/javascript
last-modified: Tue, 24 Sep 2024 06:41:29 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: d894fb67-d01e-0063-14b2-0ed5af000000
cf-ray: 8c8a2c319da6d361-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6881
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 api_dynamic.js Show response
cdn.dynamicyield.com/api/8772046/ 536 KB
59 KB 286ms
154ms Script
application/javascript 2600:9000:275d:9e00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275d:9e00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 14e7ab9ccfec687db6bfd80ed77500b39e40e14f79e048ee9556aa51fb9ea974

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

vary: Accept-Encoding
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
cache-control: max-age=30
content-encoding: gzip
etag: W/"bc5cf4cc8a397b672da3e8d5bde933b3"
age: 9
via: 1.1 93f1c701362eb59a676baaac7ea81bd8.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: zPs8JV-CQHkPZW-wab6K4WKmx7uaWYULGlJkrOO-a5fnJtkZ5vGDeQ==
date: Wed, 25 Sep 2024 10:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 23 Sep 2024 07:38:35 GMT
server: DYCDN
x-amz-cf-pop: FRA56-P11
x-amz-server-side-encryption: AES256

GET
H2 200 api_static.js Show response
cdn.dynamicyield.com/api/8772046/ 391 KB
116 KB 178ms
46ms Script
application/javascript 2600:9000:275d:9e00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275d:9e00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 95170df4ce568ac6a712c027a77f8641b01763595b0f0c82a1101f13cdf4dc8f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

vary: Accept-Encoding
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
cache-control: max-age=28800
content-encoding: gzip
etag: W/"5baa8e3436d63184d8760927be2263dd"
age: 3841
via: 1.1 93f1c701362eb59a676baaac7ea81bd8.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: PDJOtn_triVqELZjSlAHhw_j8PpsiEui5oXey0F5fftZ9CXBk_MZKQ==
date: Wed, 25 Sep 2024 08:57:41 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 23 Sep 2024 07:38:35 GMT
server: DYCDN
x-amz-cf-pop: FRA56-P11
x-amz-server-side-encryption: AES256

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 534 KB
139 KB 184ms
85ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

aeee9aebaecc181d6dbe789f0f6ef4ec4311514a17dca3b3e52dc6466d55daed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-encoding: gzip
expires: Wed, 25 Sep 2024 10:01:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 25 Sep 2024 10:01:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 25 Sep 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 141404
x-xss-protection: 0
server: Google Tag Manager

POST
H2 200 ga4 Show response
api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ 105 B
675 B 145ms
143ms Fetch
application/json 35.194.25.57
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ga4

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/main.js?yocs=Z_14_1K_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.194.25.57 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

57.25.194.35.bc.googleusercontent.com

Software

envoy /

Resource Hash

b2c82f5c644642eaf49a35494ac5ff60228d32e3b6fb3bd067693c2ba05efc96

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.elfcosmetics.com/

Response headers

x-frame-options: DENY
strict-transport-security: max-age=15768000
x-envoy-upstream-service-time: 1
access-control-allow-credentials: true
x-content-type-options: nosniff
referrer-policy: strict-origin
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
access-control-allow-origin: https://www.elfcosmetics.com
content-length: 105
access-control-allow-methods: POST,HEAD,OPTIONS,GET,PATCH,PUT,DELETE
x-xss-protection: 1; mode=block
content-type: application/json; charset=utf-8
date: Wed, 25 Sep 2024 10:01:23 GMT
server: envoy
access-control-allow-headers: *

GET
H2 200 / Show response
api.ipify.org/ 21 B
154 B 227ms
135ms XHR
application/json 104.26.13.205
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/vendor.js?yocs=Z_14_1K_
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fc15a92e4e7c6cf01d7e052a3fdc141b0ac780dc447a3e64a08156226b1b362

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8c8a2c31dbeb5c2c-FRA
access-control-allow-origin: *
content-length: 21
date: Wed, 25 Sep 2024 10:01:23 GMT
content-type: application/json
vary: Origin
server: cloudflare

GET
H2 200 / Show response
api.ipify.org/ 21 B
73 B 361ms
131ms XHR
application/json 104.26.13.205
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/vendor.js?yocs=Z_14_1K_
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fc15a92e4e7c6cf01d7e052a3fdc141b0ac780dc447a3e64a08156226b1b362

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8c8a2c32bcb85c2c-FRA
access-control-allow-origin: *
content-length: 21
date: Wed, 25 Sep 2024 10:01:23 GMT
content-type: application/json
vary: Origin
server: cloudflare

GET
H2

200

callback
www.elfcosmetics.com/
Redirect Chain

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
https://www.elfcosmetics.com/callback?usid=7014b097-c411-4fa7-9e8e-bf0cc65ba0a6&code=qfucI1KcOCreNX1T_IjJFTqh9_9TG9-XlnoPl0KiWmM

0
0

333ms
333ms

Fetch
application/json

140.174.14.144
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/callback?usid=7014b097-c411-4fa7-9e8e-bf0cc65ba0a6&code=qfucI1KcOCreNX1T_IjJFTqh9_9TG9-XlnoPl0KiWmM

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Server

140.174.14.144 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

x-amzn-remapped-content-length: 0
x-amzn-remapped-connection: close
age: 0
x-amzn-requestid: fce90c05-dedb-4538-9a4f-c5c766bf02ac
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: mGk64yBju-9CJvzobjVUZV4CCPuJzTQ9HfNM1WdowhCUSvDKCeD2uQ==
date: Wed, 25 Sep 2024 10:01:24 GMT
content-type: application/json
x-yottaa-optimizations: ob/1000 si/36D18cae0e90-1727198787-4345353445 tts/1727189521438 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security: max-age=15552000; includeSubDomains
x-yottaa-os: 200
x-yottaa-forcecache: true
cache-control: public, max-age=604800
x-amz-apigw-id: ep_aRERYiYcEHuA=
x-amzn-remapped-date: Wed, 25 Sep 2024 10:01:24 GMT
x-amzn-trace-id: Root=1-66f3df74-75b110c031a20ce03d09f734;Parent=14582ea1ad07481a;Sampled=0;Lineage=1:2b75b0e9:0
via: 1.1 a84e87b6b82308dbc0e331c3e28c23c6.cloudfront.net (CloudFront)
x-yottaa-metrics: 36218cae0e2d/[288,286,-] 36D18cae0e90/[-,289.807]
access-control-allow-origin: *
content-length: 0
x-amz-cf-pop: FRA60-P6

Redirect headers

x-correlation-id: 8c8a2c35bf909bc5
cf-cache-status: DYNAMIC
age: 0
x-ratelimit-1m-limit: 24000, 2000000
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: LF_8CmQXZ3SRySxIOdHvJa47wtSeAjvlIr85hq86PU_Ts3YRtla4-Q==
date: Wed, 25 Sep 2024 10:01:24 GMT
vary: Accept-Encoding
x-yottaa-optimizations: ob/0 si/36D18cae0e90-1727198787-4345353443 tts/1727189521438 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security: max-age=31536000; includeSubDomains
x-yottaa-os: 303
cache-control: no-store
location: https://www.elfcosmetics.com/callback?usid=7014b097-c411-4fa7-9e8e-bf0cc65ba0a6&code=qfucI1KcOCreNX1T_IjJFTqh9_9TG9-XlnoPl0KiWmM
pragma: no-cache
via: 1.1 997d50190609a53c76124b45ad43b3ec.cloudfront.net (CloudFront)
cf-ray: 8c8a2c35bf909bc5-FRA
x-yottaa-metrics: 36218cae0e2b/[190,188,-] 36D18cae0e90/[-,191.992]
access-control-allow-origin: *
x-ratelimit-1m-remaining: 23554, 1973115
content-length: 0
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=cvixpDsPxUGzHSjRQHndD0psKGxfdwT_kyLVM356hoQ
x-amz-cf-pop: FRA60-P6
x-ratelimit-1m-reset: 35797, 35796

POST
H2 201 / Show response
sdk.iad-05.braze.com/api/v3/data/ 709 B
721 B 309ms
308ms XHR
application/json 2606:4700:4400::ac40:9595
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/vendor.js?yocs=Z_14_1K_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9595 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3ce398755176d7bb65a5a106fd0e3a165297640d7f21323c1509c5d5a0fe794

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/
X-Braze-TriggersRequest: true
X-Braze-Last-Req-Ms-Ago: 7200000
X-Braze-DataRequest: true
X-Braze-Req-Attempt: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type: application/json
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age: 7200
x-request-id: 2b8f02e1-b7b1-4d4c-b26c-849bf94e14a4
access-control-expose-headers
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"c3ce398755176d7bb65a5a106fd0e3a1"
access-control-allow-methods: POST, GET
date: Wed, 25 Sep 2024 10:01:24 GMT
content-type: application/json
vary: Origin,Accept-Encoding
x-runtime: 0.157366
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1727258487
cf-ray: 8c8a2c34c8b6d271-FRA
x-ratelimit-remaining: 499.0
access-control-allow-origin: *
x-ratelimit-limit: 500.0
server: cloudflare

OPTIONS
H2 200 /
sdk.iad-05.braze.com/api/v3/data/ Frame 0
0 275ms
164ms Preflight 2606:4700:4400::ac40:9595
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9595 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 8c8a2c33cd35d271-FRA
content-encoding: gzip
date: Wed, 25 Sep 2024 10:01:23 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

GET
H2 200 6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json Show response
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 6 KB
2 KB 151ms
69ms XHR
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf500a4c158d24ba238d521a5fa775e693d03c507fa3f882bffbbeaf9fedeb64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-md5: aY7kJA0jlzEL9QWHODNZDw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCA5D566A7B63C
age: 43123
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Thu, 26 Sep 2024 10:01:23 GMT
date: Wed, 25 Sep 2024 10:01:23 GMT
content-type: application/json
last-modified: Tue, 16 Jul 2024 20:25:14 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: 1f48b12c-701e-004c-14be-d75495000000
cf-ray: 8c8a2c345d40d399-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1832
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 68 B
315 B 185ms
80ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9433f83f20500145850d5aabddced402dcfc94e310072e9a3f545df0bdb9f96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: application/json
Referer: https://www.elfcosmetics.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
access-control-allow-methods: GET, OPTIONS
cf-ray: 8c8a2c359af95d98-FRA
access-control-allow-origin: *
date: Wed, 25 Sep 2024 10:01:24 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: Content-Type

GET
H2 200 st Show response
st.dynamicyield.com/ 159 KB
13 KB 273ms
149ms Script
text/javascript 2600:9000:2250:4000:15:ad21:c740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=ix6lj6hknmcbx359hnvf4vrbju3x2lat&ref=&scriptVersion=2.42.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-US%22%2C%22data%22%3A%5B%5D%7D
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:4000:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 061955efa53a8b020cc1e1e49c6fb1ac84de54cbed6fb30e4b0553556b53363e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache
content-encoding: gzip
via: 1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
expires: Wed, 25 Sep 2024 10:01:23 GMT
access-control-allow-origin: *
x-cache: Miss from cloudfront
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-amz-cf-id: mtyEO1cdnpUOWQaIdoxD-G0SEPzy9_osWGHRmyMMUHO180vwny3SQA==
date: Wed, 25 Sep 2024 10:01:24 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-amz-cf-pop: FRA60-P2

GET
H3

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G1--&gcd=13l3l3l2l5l1&tag_exp=0&rnd=424909595.1727258484&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=syphamo&dma=1&npa=1&gtm=45...
https://googleads.g.doubleclick.net/pagead/landing?gcs=G1--&gcd=13l3l3l2l5l1&tag_exp=0&rnd=424909595.1727258484&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=syphamo&dma=1...

42 B
65 B

131ms
50ms

Ping
image/gif

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G1--&gcd=13l3l3l2l5l1&tag_exp=0&rnd=424909595.1727258484&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=syphamo&dma=1&npa=1&gtm=45He49n0n81WL3STMXv896608294za200&auid=716154409.1727258484

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 42
date: Wed, 25 Sep 2024 10:01:24 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G1--&gcd=13l3l3l2l5l1&tag_exp=0&rnd=424909595.1727258484&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=syphamo&dma=1&npa=1&gtm=45He49n0n81WL3STMXv896608294za200&auid=716154409.1727258484
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Wed, 25 Sep 2024 10:01:24 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202406.1.0/ 451 KB
110 KB 50ms
49ms Script
application/javascript 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47407e3845cb067265a07cb279ccc7a38b927b0c2dc034b627f089115ac0d306

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-md5: 7I5y/rp4ODu7ul89ty+epQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCA5E56F667161
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 41644
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:24 GMT
content-type: application/javascript
last-modified: Tue, 16 Jul 2024 22:20:01 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: c05e064f-501e-009c-79cf-d7e837000000
cf-ray: 8c8a2c382d45d361-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 112027
x-ms-blob-type: BlockBlob
server: cloudflare

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 0
0 335ms
334ms Preflight 2606:4700:4400::ac40:9595
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9595 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 8c8a2c383b37d271-FRA
content-encoding: gzip
date: Wed, 25 Sep 2024 10:01:24 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 85 B
244 B 229ms
228ms XHR
application/json 2606:4700:4400::ac40:9595
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/vendor.js?yocs=Z_14_1K_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9595 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb6a5a8bd33ff703e2916b7c2b6066ea235e02293da907e3f20cdb2bc0441c6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/
BRAZE-SYNC-RETRY-COUNT: 0
X-Braze-DataRequest: true
X-Braze-Last-Req-Ms-Ago: 7200000
X-Braze-ContentCardsRequest: true
X-Braze-Req-Attempt: 1
X-Braze-Req-Tokens-Remaining: 29
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type: application/json
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age: 7200
x-request-id: 62e88ea4-0fcc-4bbe-8e43-88eceec20158
access-control-expose-headers
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"bb6a5a8bd33ff703e2916b7c2b6066ea"
access-control-allow-methods: POST, GET
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: application/json
vary: Origin,Accept-Encoding
x-runtime: 0.071937
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1727258487
cf-ray: 8c8a2c3a49b8d271-FRA
x-ratelimit-remaining: 498.0
access-control-allow-origin: *
x-ratelimit-limit: 500.0
server: cloudflare

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/feature_flags/ 20 B
180 B 199ms
194ms XHR
application/json 2606:4700:4400::ac40:9595
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/feature_flags/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/vendor.js?yocs=Z_14_1K_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9595 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/
X-Braze-Last-Req-Ms-Ago: 7200000
X-Braze-DataRequest: true
X-Braze-Req-Attempt: 1
X-Braze-Req-Tokens-Remaining: 28
X-Braze-FeatureFlagsRequest: true
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type: application/json
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age: 7200
x-request-id: c545b520-f0a9-47b7-a352-8aef50e3d265
access-control-expose-headers
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"e92f434a50c76d6e52d0d3cc91cdf185"
access-control-allow-methods: POST, GET
date: Wed, 25 Sep 2024 10:01:24 GMT
content-type: application/json
vary: Origin,Accept-Encoding
x-runtime: 0.051043
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1727258487
cf-ray: 8c8a2c393e87d271-FRA
x-ratelimit-remaining: 498.0
access-control-allow-origin: *
x-ratelimit-limit: 500.0
server: cloudflare

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/feature_flags/ Frame 0
0 158ms
158ms Preflight 2606:4700:4400::ac40:9595
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/feature_flags/sync

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9595 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 8c8a2c383b4ed271-FRA
content-encoding: gzip
date: Wed, 25 Sep 2024 10:01:24 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/01909eed-3bdc-7283-8d20-1f7cc7f672d6/ 270 KB
48 KB 64ms
63ms Fetch
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/01909eed-3bdc-7283-8d20-1f7cc7f672d6/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e3e46bfe2e437ec88b337c4893c591c726abfaafe957984466738e317ec5478

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-md5: O2WrPsqEzZtXQecUT5GJ8Q==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCA5D56988B2D3
age: 39445
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Thu, 26 Sep 2024 10:01:24 GMT
date: Wed, 25 Sep 2024 10:01:24 GMT
content-type: application/json
last-modified: Tue, 16 Jul 2024 20:25:19 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: af27292d-401e-0029-15be-d7e5c8000000
cf-ray: 8c8a2c38ebf3d399-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48426
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 iab2V2Data.json Show response
cdn.cookielaw.org/vendorlist/ 591 KB
76 KB 80ms
80ms Fetch
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/vendorlist/iab2V2Data.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2985943acce4e323a6edbcbd4e8e201304daa25ed521eabd42f224f998d75149

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-md5: iDrvq4EDhm/rrMQ/sy48VA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCDCC36EEF656E
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 53685
x-content-type-options: nosniff
expires: Thu, 26 Sep 2024 10:01:24 GMT
date: Wed, 25 Sep 2024 10:01:24 GMT
content-type: application/json
last-modified: Tue, 24 Sep 2024 18:05:11 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 45c3685e-d01e-000e-58b2-0e7f81000000
cf-ray: 8c8a2c38ebf9d399-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 77890
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otTCF.js Show response
cdn.cookielaw.org/scripttemplates/202406.1.0/ 60 KB
17 KB 57ms
57ms Script
application/javascript 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202406.1.0/otTCF.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e40e7b46b99c06e47841ff53e4417b6c887631d383aac28114e4ab83ccddc6f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-md5: w7rriz6IwW2xtS9bVJshOg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCA5E56E73A9D1
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 4964
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:24 GMT
content-type: application/javascript
last-modified: Tue, 16 Jul 2024 22:19:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 768119cb-301e-00c3-1294-d81ac9000000
cf-ray: 8c8a2c38e80dd361-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 17104
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 dy-coll-min.js Show response
cdn.dynamicyield.com/scripts/2.42.0/ 196 KB
65 KB 43ms
43ms Script
text/javascript 2600:9000:275d:9e00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275d:9e00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 851023e8e196d0e90861b94b5fe9bf3d9c4fb03062e3b4cb23e5b3d486a0bbae

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

vary: Accept-Encoding
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
cache-control: max-age=31536000
content-encoding: gzip
etag: W/"ee44de75017c16457be88357c51e4aea"
age: 1419347
via: 1.1 93f1c701362eb59a676baaac7ea81bd8.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: iMaHFbxZ80oI5VNzI_s8PYRMq9aoLhJLsXtKF-zUFxT_m6uPGnGTgA==
date: Sun, 08 Sep 2024 23:45:38 GMT
content-type: text/javascript
last-modified: Sun, 01 Sep 2024 09:01:05 GMT
server: DYCDN
x-amz-cf-pop: FRA56-P11
x-amz-server-side-encryption: AES256

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 13 KB
3 KB 57ms
56ms Fetch
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-md5: sHJXWIgDpMKY35PyRRy4zQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCA5E56B3084E2
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 54276
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:24 GMT
content-type: application/json
last-modified: Tue, 16 Jul 2024 22:19:54 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: efcd7bdf-201e-0054-7b77-d87900000000
cf-ray: 8c8a2c3aa9c8d399-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3003
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/ 62 KB
13 KB 50ms
50ms Fetch
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-md5: LtDYZmcfPNW39lMw/Yu0RQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCA5E56C7CC8BB
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 11022
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:24 GMT
content-type: application/json
last-modified: Tue, 16 Jul 2024 22:19:56 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 125efa87-d01e-00e0-3577-d87502000000
cf-ray: 8c8a2c3aa9cad399-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12723
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 24 KB
4 KB 58ms
58ms Fetch
text/css 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-md5: HyPJ72TNHxdfOI82cqKVqA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 53684
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:24 GMT
content-type: text/css
last-modified: Tue, 16 Jul 2024 22:20:07 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: c2721718-001e-00c0-0f77-d819ce000000
cf-ray: 8c8a2c3aa9cfd399-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

POST
H2 200 token Show response
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 2 KB
2 KB 230ms
229ms Fetch
application/json 140.174.14.144
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/vendor.js?yocs=Z_14_1K_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.14.144 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

2ba5133b915cc8a3827d1aaa2cadb5779f4b251b4d169df08ead2acd0343e36a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Authorization
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
c_x-pwa-request: true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
x-correlation-id: 8c8a2c3adaa95c8c
age: 0
x-ratelimit-1m-limit: 24000, 2000000
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 5PW0gY28w1sPLeWG2uTtYZgdnkKzlx8irk5Afq1m49bECUw-qxiVXA==
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: application/json
vary: Accept-Encoding
x-yottaa-optimizations: ob/1000 si/36D18cae0e90-1727198787-4345353455 tts/1727189521438 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security: max-age=31536000; includeSubDomains
x-yottaa-os: 200
cache-control: no-store
pragma: no-cache
via: 1.1 e221f111ed3ebc025b531e81056d37a4.cloudfront.net (CloudFront)
cf-ray: 8c8a2c3adaa95c8c-FRA
x-yottaa-metrics: 36218cae0e37/[184,183,-] 36D18cae0e90/[-,185.538]
access-control-allow-origin: *
x-ratelimit-1m-remaining: 23533, 1972110
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-amz-cf-pop: FRA60-P6
x-ratelimit-1m-reset: 34981, 34980

POST
H2 200 uia Show response
async-px.dynamicyield.com/ 0
383 B 229ms
132ms XHR
text/plain 13.35.58.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/uia?cnst=1&_=1727258484966
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-72.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-methods: POST, GET, OPTIONS
via: 1.1 aa4673eb0527fb06f7940307fecfc1b6.cloudfront.net (CloudFront)
expires: 0
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: HlYvMn8wPY0_uMpUx8i8ox3WgUUgY1z2ioxMkOlZp88t9It4t2YwVQ==
date: Wed, 25 Sep 2024 10:01:25 GMT
x-amz-cf-pop: FRA60-P10
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
539 B 52ms
41ms Fetch
image/svg+xml 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-md5: tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 11023
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Sep 2024 06:41:30 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 4616ee40-301e-0069-748b-0ecc26000000
cf-ray: 8c8a2c3c2ec8d399-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 53ms
53ms Image
mage/png 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-md5: E8+sk/ECzKgTUVtDLikiIA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
etag: 0x8DCDBEEB3BEDB14
age: 66317
cf-cache-status: HIT
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: mage/png
last-modified: Mon, 23 Sep 2024 16:42:24 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: e764cba9-701e-00ed-32ef-0d9a0e000000
cf-ray: 8c8a2c3c4c0cd361-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4036
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 51ms
51ms Image
image/svg+xml 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-md5: Y+c301RBZNK39PvKQWrIBw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 34877
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Sep 2024 06:41:31 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 103bc9ec-301e-0026-47bd-0e083e000000
cf-ray: 8c8a2c3c4c0ed361-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

POST
H2 200 batch
async-px.dynamicyield.com/ 0
383 B 227ms
136ms Ping
text/plain 13.35.58.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/batch?cnst=1&_=1727258485230_126588
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-72.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-methods: POST, GET, OPTIONS
via: 1.1 133ff3be92540995db4a7234eada8b80.cloudfront.net (CloudFront)
expires: 0
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: Ft39ze87AyMt_hpnbdBBBPmD1pP5qgXqXmB2QpBawu9NODcxdsEeNg==
date: Wed, 25 Sep 2024 10:01:25 GMT
x-amz-cf-pop: FRA60-P10
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With

POST
H2 200 var
async-px.dynamicyield.com/ 0
382 B 225ms
135ms Ping
text/plain 13.35.58.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-72.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-methods: POST, GET, OPTIONS
via: 1.1 133ff3be92540995db4a7234eada8b80.cloudfront.net (CloudFront)
expires: 0
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: UceMV2Fgjk-ttzO2i-vGd-MXT-lzrnNnykN31ynmaYJJ-RbfcnpR7Q==
date: Wed, 25 Sep 2024 10:01:25 GMT
x-amz-cf-pop: FRA60-P10
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With

POST
H2 200 var
async-px.dynamicyield.com/ 0
384 B 253ms
169ms Ping
text/plain 13.35.58.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-72.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-methods: POST, GET, OPTIONS
via: 1.1 133ff3be92540995db4a7234eada8b80.cloudfront.net (CloudFront)
expires: 0
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: NVhV-CuhYM6gWx-8OpFnUi3uKxFxsibdXTKmGJKxzXvtVPeB8dtPyg==
date: Wed, 25 Sep 2024 10:01:25 GMT
x-amz-cf-pop: FRA60-P10
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With

POST
H2 200 var
async-px.dynamicyield.com/ 0
384 B 250ms
167ms Ping
text/plain 13.35.58.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-72.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-methods: POST, GET, OPTIONS
via: 1.1 133ff3be92540995db4a7234eada8b80.cloudfront.net (CloudFront)
expires: 0
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: omxqkX3COUitOnJ_eQg7Sv1OUC-TALMi4Njr4w4-jigNPxGKHNzycw==
date: Wed, 25 Sep 2024 10:01:25 GMT
x-amz-cf-pop: FRA60-P10
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With

POST
H2 200 var
async-px.dynamicyield.com/ 0
383 B 215ms
133ms Ping
text/plain 13.35.58.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-72.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-methods: POST, GET, OPTIONS
via: 1.1 133ff3be92540995db4a7234eada8b80.cloudfront.net (CloudFront)
expires: 0
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: GFAjH3FZhH1cJIId65d8rEOOV0disVLl0ec1pi-AGUIy-CsX8vchig==
date: Wed, 25 Sep 2024 10:01:25 GMT
x-amz-cf-pop: FRA60-P10
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With

GET
H2 200 favicon.ico
www.elfcosmetics.com/ 34 KB
35 KB 90ms
88ms Other
image/x-icon 140.174.14.144
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 140.174.14.144 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

x-amzn-remapped-content-length: 34494
x-amzn-remapped-connection: close
etag: W/"86be-19224fc75d0"
age: 578, 578
x-amzn-requestid: 8b865109-5c6b-4d5e-a49b-8368b983247b
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: Ii8QgsfWU_kQMcWP-BSjnHXr9XVokCl0CyOspBurkJ-cZBNF4nOI9g==
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: image/x-icon
last-modified: Tue, 24 Sep 2024 17:02:58 GMT
vary: Accept-Encoding
x-yottaa-optimizations: ob/100 si/36D18cae0e90-1727198787-4345353456 tts/1727189521438 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
cache-control: max-age=600, s-maxage=600
x-amz-apigw-id: enqZdGQiCYcECGg=
x-amzn-remapped-date: Tue, 24 Sep 2024 17:04:09 GMT
x-amzn-trace-id: Root=1-66f2f109-738861c42b20d4d374823849;Parent=278fbc8d0dd2176d;Sampled=0;Lineage=1:2b75b0e9:0
via: 1.1 34f8e9435dea359238debf97e45feb10.cloudfront.net (CloudFront)
x-yottaa-metrics: 36218cae0e38/[4,-,1727258165679] 36D18cae0e90/[-,5.425]
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34494
x-amz-cf-pop: FRA60-P6

POST
H2 200 event
qoe-1.yottaa.net/log-nt/ 3 B
191 B 148ms
43ms Ping
text/json 140.174.14.77
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://qoe-1.yottaa.net/log-nt/event
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 140.174.14.77 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.elfcosmetics.com/

Response headers

access-control-allow-origin: *
access-control-expose-headers: X-Results-Data-Source
timing-allow-origin: *
cache-control: no-cache
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: text/json
access-control-allow-credentials: true

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/c9dd45ed/www-widgetapi.vflset/ 31 KB
10 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c9dd45ed/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a9667fd6b08fd3a1d424ec68050efcf81b3ff05bcfea4afa13f37ef1c61eea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-encoding: br
age: 2429
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
x-content-type-options: nosniff
expires: Thu, 25 Sep 2025 09:20:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 25 Sep 2024 09:20:56 GMT
last-modified: Mon, 23 Sep 2024 04:13:15 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
content-length: 10444
x-xss-protection: 0
server: sffe

GET
H2 200 110221.ct.js Show response
tag.rmp.rakuten.com/ 47 KB
15 KB 157ms
61ms Script
text/javascript 34.102.147.248
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.rmp.rakuten.com/110221.ct.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

248.147.102.34.bc.googleusercontent.com

Software

Resource Hash

290f9c6084b46b94850626f1dbe6df20c7a805bed18c5aad6360bcc4da3bfae6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=86400
content-encoding: gzip
x-samesite: secure
via: 1.1 google
x-dyn: 0
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-cache: hit
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: text/javascript
last-modified: Wed, 25 Sep 2024 10:01:25 GMT

GET
H2 200 js Show response
www.paypal.com/sdk/ 425 KB
120 KB 146ms
51ms Script
application/javascript 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

31256dcc95c625c3ff460b31f698a79d3daf4357426f853a158c315569b54881

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-NNYSNDUgcgIzXqyakyh7Do/ZHSprxbzkg1tXwLgfC5iy9hun' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-NNYSNDUgcgIzXqyakyh7Do/ZHSprxbzkg1tXwLgfC5iy9hun' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

access-control-expose-headers: Server-Timing
paypal-debug-id: f540177fb0cce
content-encoding: gzip
etag: W/"1d7f6-zhccCZKRd0/LKwl7QFBAihNRAnY"
age: 8183
origin-trial: AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
x-content-type-options: nosniff
disable-set-cookie: true
traceparent: 00-0000000000000000000f540177fb0cce-c7d04d35d8cb3dd3-01
server-timing: "traceparent;desc="00-0000000000000000000f540177fb0cce-7a6f122b47b0c20f-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
p3p: true
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220073-FRA, cache-fra-etou8220073-FRA
x-cache-hits: 1, 0
x-frame-options: SAMEORIGIN
x-cache: HIT, MISS
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-NNYSNDUgcgIzXqyakyh7Do/ZHSprxbzkg1tXwLgfC5iy9hun' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-NNYSNDUgcgIzXqyakyh7Do/ZHSprxbzkg1tXwLgfC5iy9hun' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
cache-control: public, max-age=3600, s-maxage=10800
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
x-timer: S1727258485.384916,VS0,VE5
via: 1.1 varnish, 1.1 varnish
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
access-control-allow-origin: *
content-length: 120822
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK main.js Show response
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 149 KB
52 KB 226ms
45ms Script
application/javascript 95.100.65.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

95.100.65.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-65-127.deploy.static.akamaitechnologies.com

Software

nginx / Express

Resource Hash

89885eb2139e36fe515d72552c6158902bb19df8901ecdd864fda554171a2315

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security: max-age=15768000
Vary: Accept-Encoding
Cache-Control: must-revalidate, max-age=900
Content-Encoding: gzip
ETag: W/"a7f43799dd43e93853cf65aa764c3bbce6e90bd2"
Connection: keep-alive
Expires: Wed, 25 Sep 2024 10:16:25 GMT
Access-Control-Allow-Origin: *
Content-Length: 52946
Date: Wed, 25 Sep 2024 10:01:25 GMT
Content-Type: application/javascript;charset=UTF-8
X-Powered-By: Express
Server: nginx
X-Frame-Options: SAMEORIGIN

GET
H2 200 / Show response
websdk.appsflyer.com/ 51 KB
14 KB 145ms
48ms Script
application/javascript 18.245.60.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://websdk.appsflyer.com/?st=banners&
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.60.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-60-69.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ce6d7f008824d9f6af00150bf70a49369a24381165b5808efa74e68518e6d58d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

x-amz-cf-pop: FRA60-P5
content-encoding: br
etag: W/"ad6e8ace01357e7c84957fc6fc296d42"
age: 624
via: 1.1 a51af242bb87a51c6b17ed13ee788db8.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: C2b6cClzddLxM9tXXVMyAZtis_36TjxH_h-33Bost9uavVgqKtdrNg==
date: Wed, 25 Sep 2024 09:51:02 GMT
content-type: application/javascript
vary: Accept-Encoding
server: AmazonS3
last-modified: Wed, 14 Jun 2023 06:58:46 GMT
x-amz-server-side-encryption: AES256

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 305 KB
102 KB 62ms
61ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1d229271d7e6bd58fcf45a8a3cf3ab6f7270f0f6eb2495d15566f9ae7f184771

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: br
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Wed, 25 Sep 2024 10:01:25 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104191
date: Wed, 25 Sep 2024 10:01:25 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 321 KB
106 KB 65ms
65ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9d79aac06dbaef26269f489aaef0fd5bf465e8275c5cfbf7589583a596cf356b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: br
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Wed, 25 Sep 2024 10:01:25 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 108134
date: Wed, 25 Sep 2024 10:01:25 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 iframe_api Show response
www.youtube.com/ 993 B
588 B 63ms
62ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3a64796a62838e6b7b14d9525fec88fcbf20b461fc39a018a1d30c9802545415

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-encoding: br
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
x-content-type-options: nosniff
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
expires: Wed, 25 Sep 2024 10:01:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cache-control: private, max-age=0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
x-xss-protection: 0
server: ESF

POST
H2 204 sessions Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 0
1 KB 580ms
580ms XHR
text/plain 140.174.14.144
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/vendor.js?yocs=Z_14_1K_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 140.174.14.144 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwYjE3M2Y4Zi00OWYzLTRmOGUtOGQxMC1kY2U0OWFmZmI4MGQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjcwMTRiMDk3LWM0MTEtNGZhNy05ZThlLWJmMGNjNjViYTBhNiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjcyNTg0NTUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJjbFhhVmxlZ1VtckFSd1hvVmtxWVl4S2MxOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNzI2MDI4NSwiaWF0IjoxNzI3MjU4NDg1LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1OTMyOTg1NzcyNTQ3NTgzIn0.wmHAPwBSnjXqJirdhBeAd4LJgoyxOrIBAdDqVIE1ezN0o9SdZLU5NWVr44ziuCN2_z6CPLdWJl4X7jKyIq_QRw
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-dw-request-base-id: cD24vHXf82YBAAB_
x-dw-version-status: obsolete
age: 0
cf-cache-status: DYNAMIC
expires: Thu, 01 Dec 1994 16:00:00 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: BH93_us4arEb1xjeAev1FT4Nt88r_v4vVi3P2GsYIwNOhyi8Kt6Tpg==
date: Wed, 25 Sep 2024 10:01:25 GMT
x-yottaa-optimizations: ob/0 si/36D18cae0e90-1727198787-4345353458 tts/1727189521438 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os: 204
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
allow: OPTIONS,POST
cf-ray: 8c8a2c3e08291c24-FRA
x-yottaa-metrics: 36218cae0e3a/[530,529,-] 36D18cae0e90/[-,532.170]
via: 1.1 b4f72de8ce5f3b4b4240eccfbd3d12a6.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
x-amz-cf-pop: FRA60-P6

POST
H2 200 shoppercontext Show response
www.elfcosmetics.com/api/v1/ 134 B
911 B 852ms
848ms XHR
application/json 140.174.14.144
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/vendor.js?yocs=Z_14_1K_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.14.144 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

b50038ad6b0d87bfbfaa940f269aff36d438741d119d8aaf57fbf97712a5caa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwYjE3M2Y4Zi00OWYzLTRmOGUtOGQxMC1kY2U0OWFmZmI4MGQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjcwMTRiMDk3LWM0MTEtNGZhNy05ZThlLWJmMGNjNjViYTBhNiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjcyNTg0NTUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJjbFhhVmxlZ1VtckFSd1hvVmtxWVl4S2MxOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNzI2MDI4NSwiaWF0IjoxNzI3MjU4NDg1LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1OTMyOTg1NzcyNTQ3NTgzIn0.wmHAPwBSnjXqJirdhBeAd4LJgoyxOrIBAdDqVIE1ezN0o9SdZLU5NWVr44ziuCN2_z6CPLdWJl4X7jKyIq_QRw
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: application/json

Response headers

x-amzn-remapped-content-length: 134
content-encoding: gzip
x-amzn-remapped-connection: close
etag: W/"86-+zmIPv8Gmh5rUok6wVFQOBt53BE"
age: 0
x-amzn-requestid: 4f429366-d570-4b09-9888-032697d1c4cd
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: jvkghjC7gWIJVUXWvXHSABHMqDt48YgEfh6ZIodESsI4np_OWsj5-A==
date: Wed, 25 Sep 2024 10:01:26 GMT
content-type: application/json; charset=utf-8
x-yottaa-optimizations: ob/1000 si/36D18cae0e90-1727198787-4345353459 tts/1727189521438 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security: max-age=15552000; includeSubDomains
x-yottaa-os: 200
x-amz-apigw-id: ep_abEmpCYcEAMw=
x-amzn-remapped-date: Wed, 25 Sep 2024 10:01:26 GMT
x-amzn-trace-id: Root=1-66f3df75-0a21b5160387637f4c4187c2;Parent=3ed7d809f1b2473f;Sampled=0;Lineage=1:2b75b0e9:0
via: 1.1 104bdf965b5b1cb596af463b142160de.cloudfront.net (CloudFront)
x-yottaa-metrics: 36218cae0e3b/[803,803,-] 36D18cae0e90/[-,805.461]
access-control-allow-origin: *
content-length: 119
x-amz-cf-pop: FRA60-P6

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 85 B
228 B 234ms
233ms XHR
application/json 2606:4700:4400::ac40:9595
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/vendor.js?yocs=Z_14_1K_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9595 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76c71261b7947b5f77fea2e63f2290f5b0db429de26396663fae8e3114083907

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/
BRAZE-SYNC-RETRY-COUNT: 0
X-Braze-DataRequest: true
X-Braze-Last-Req-Ms-Ago: 809
X-Braze-ContentCardsRequest: true
X-Braze-Req-Attempt: 1
X-Braze-Req-Tokens-Remaining: 27
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type: application/json
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age: 7200
x-request-id: 9347deca-4fbd-4ef9-91a9-a897bc1df4e5
access-control-expose-headers
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"76c71261b7947b5f77fea2e63f2290f5"
access-control-allow-methods: POST, GET
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: application/json
vary: Origin,Accept-Encoding
x-runtime: 0.087892
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1727258487
cf-ray: 8c8a2c3d4c25d271-FRA
x-ratelimit-remaining: 496.0
access-control-allow-origin: *
x-ratelimit-limit: 500.0
server: cloudflare

GET
H2 200 geo-ip Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 179 B
913 B 310ms
305ms XHR
application/json 140.174.14.144
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=80.255.7.103

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/vendor.js?yocs=Z_14_1K_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.14.144 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

70c3c8c11fe43a3931b5540cbbad1392a48dcfb133574102e3cb7045d062b93f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
c_x-pwa-request: true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: application/json

Response headers

content-encoding: gzip
x-dw-request-base-id: cD2zvHXf82YBAAB_
x-dw-version-status: obsolete
age: 0
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 9ismd9eZtN7egir3KMakOVSixW-zc1_YCvR09ShXbtXKqI1-UQ1dFw==
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: application/json;charset=UTF-8
x-yottaa-optimizations: ob/1000 si/36D18cae0e90-1727198787-4345353461 tts/1727189521438 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
sfdc_customization: HOOK
x-yottaa-os: 200
cache-control: max-age=0,no-cache,no-store,must-revalidate
allow: GET,HEAD,OPTIONS
cf-ray: 8c8a2c3e88ff8c4c-FRA
x-yottaa-metrics: 36218cae0e3d/[264,262,-] 36D18cae0e90/[-,265.654]
via: 1.1 9d1f21fface75767578955e1853e754e.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=80.255.7.103
x-amz-cf-pop: FRA60-P6

GET
H2 200 geo-ip Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 179 B
917 B 909ms
598ms XHR
application/json 140.174.14.144
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=80.255.7.103

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/vendor.js?yocs=Z_14_1K_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.14.144 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

70c3c8c11fe43a3931b5540cbbad1392a48dcfb133574102e3cb7045d062b93f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
c_x-pwa-request: true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: application/json

Response headers

content-encoding: gzip
x-dw-request-base-id: cD2-vHbf82YBAAB_
x-dw-version-status: obsolete
age: 0
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: V3jqZpFQ_yCCHjmjdEvNFYRmf7g0CqlCTshqlQTYPFkgrkmzCpH3hQ==
date: Wed, 25 Sep 2024 10:01:26 GMT
content-type: application/json;charset=UTF-8
x-yottaa-optimizations: ob/1000 si/36D18cae0e90-1727198787-4345353466 tts/1727189521438 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
sfdc_customization: HOOK
x-yottaa-os: 200
cache-control: max-age=0,no-cache,no-store,must-revalidate
allow: GET,HEAD,OPTIONS
cf-ray: 8c8a2c407b56047e-FRA
x-yottaa-metrics: 36218cae0e42/[547,545,-] 36D18cae0e90/[-,548.607]
via: 1.1 a2ce61e5ddc66736c9e2bfb6581fa2da.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=80.255.7.103
x-amz-cf-pop: FRA60-P6

GET
H2 200 baskets Show response
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bclXaVlegUmrARwXoVkqYYxKc1/ 11 B
924 B 252ms
250ms Fetch
application/json 140.174.14.144
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bclXaVlegUmrARwXoVkqYYxKc1/baskets?siteId=elf-us

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/vendor.js?yocs=Z_14_1K_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.14.144 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwYjE3M2Y4Zi00OWYzLTRmOGUtOGQxMC1kY2U0OWFmZmI4MGQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjcwMTRiMDk3LWM0MTEtNGZhNy05ZThlLWJmMGNjNjViYTBhNiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjcyNTg0NTUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJjbFhhVmxlZ1VtckFSd1hvVmtxWVl4S2MxOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNzI2MDI4NSwiaWF0IjoxNzI3MjU4NDg1LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1OTMyOTg1NzcyNTQ3NTgzIn0.wmHAPwBSnjXqJirdhBeAd4LJgoyxOrIBAdDqVIE1ezN0o9SdZLU5NWVr44ziuCN2_z6CPLdWJl4X7jKyIq_QRw
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
c_x-pwa-request: true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

x-yottaa-metrics: 36218cae0e3e/[205,204,-] 36D18cae0e90/[-,206.992]
x-correlation-id: 8c8a2c3e78b4bb8b
cf-cache-status: DYNAMIC
content-encoding: gzip
age: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: TwFgtDWAj7_tvo3XELLJ4Ka9YxefMK9lgC0hn4aupIwthoKOHdRW2w==
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding
x-yottaa-optimizations: ob/1000 si/36D18cae0e90-1727198787-4345353462 tts/1727189521438 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security: max-age=31536000; includeSubDomains
sfdc_customization: HOOK
x-yottaa-os: 200
cache-control: max-age=0,no-cache,no-store
via: 1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
cf-ray: 8c8a2c3e78b4bb8b-FRA
x-ratelimit-remaining: 999
accept-ranges: bytes
access-control-allow-origin: *
sfdc_load: 0
content-length: 37
dnt: 0
x-ratelimit-limit: 99999
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bclXaVlegUmrARwXoVkqYYxKc1/baskets?siteId=elf-us
x-amz-cf-pop: FRA60-P6

POST
H2 200 viewPage Show response
api.cquotient.com/v3/activities/bbxc-elf-us/ 98 B
516 B 74ms
70ms Fetch
application/json 52.31.227.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/main.js?yocs=Z_14_1K_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.31.227.66 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-31-227-66.eu-west-1.compute.amazonaws.com

Software

envoy /

Resource Hash

77e2c94900d184c63156b92c0ceb733df24e0d0ce9e94ab9fe59834d6c9c954f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains

Request headers

Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
x-cq-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b

Response headers

strict-transport-security: max-age=15552000; includeSubdomains
etag: W/"62-DezHn3Ti5oqLcuA886YzrTllZ90"
x-envoy-upstream-service-time: 5
access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.elfcosmetics.com
content-length: 98
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: application/json; charset=utf-8
server: envoy

OPTIONS
H2 200 viewPage
api.cquotient.com/v3/activities/bbxc-elf-us/ Frame 0
0 208ms
56ms Preflight 52.31.227.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.31.227.66 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-31-227-66.eu-west-1.compute.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-cq-client-id
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization, content-type, x-cq-tenant, x-cq-client-id
access-control-allow-methods: POST
access-control-allow-origin: https://www.elfcosmetics.com
content-length: 0
date: Wed, 25 Sep 2024 10:01:25 GMT
server: envoy
strict-transport-security: max-age=15552000; includeSubdomains
x-envoy-upstream-service-time: 1

GET
H2 200 1a8bfa042c9c5.js Show response
t.contentsquare.net/uxa/ 347 KB
83 KB 145ms
46ms Script
application/javascript 18.244.18.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.18.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-18-115.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 17a0777d51bc31456f20c1bfa381b4aefa5e35c6b99c588f7210d69f05f55c63

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-encoding: br
etag: "a3593264fe69649bf66b0aa65cd3eb8e"
age: 0
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: UIL7OhHsDd7RhOBY6AvaLHMhGimee36ty-4kLPvpnB-v-sVvmvk2Iw==
date: Wed, 25 Sep 2024 09:04:29 GMT
content-type: application/javascript;charset=utf-8
last-modified: Mon, 23 Sep 2024 07:41:33 GMT
vary: Origin
cache-control: max-age=900
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
via: 1.1 7daf545331a4f565a58e22b0fa952528.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 84579
x-amz-cf-pop: FRA56-P11
server: AmazonS3
x-amz-server-side-encryption: AES256

POST
H2 200 batch
async-px.dynamicyield.com/ 0
383 B 139ms
128ms Ping
text/plain 13.35.58.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/batch?cnst=1&_=1727258485485_521246
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-72.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-methods: POST, GET, OPTIONS
via: 1.1 133ff3be92540995db4a7234eada8b80.cloudfront.net (CloudFront)
expires: 0
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: rBFbM7XTNr4S7wPb-ss1ilGcavY0cVcI5L7kCYI_Mw8JMMIpLtFA0Q==
date: Wed, 25 Sep 2024 10:01:25 GMT
x-amz-cf-pop: FRA60-P10
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 220 KB
79 KB 56ms
55ms Script
application/javascript 172.217.16.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.136 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

429b9a757e5aae34ab5c96905f653e47626363ccbc1ae943376af9756d0b7df5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-encoding: br
expires: Wed, 25 Sep 2024 10:01:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 25 Sep 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 80391
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 220 KB
79 KB 60ms
59ms Script
application/javascript 172.217.16.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.136 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

4b9c25804ec3934f4a8c8e636ed7aa2212cfafcccf903a5c60bd5b98d028d2f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

content-encoding: br
expires: Wed, 25 Sep 2024 10:01:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 25 Sep 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 80363
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 local
www.paypal.com/credit-presentment/experiments/ Frame 1E71 0
0 118ms
45ms Document
text/html 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.64.11&integrationType=SDK

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com https:; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-expose-headers: Server-Timing
age: 65381
cache-control: s-maxage=86400, max-age=0
content-encoding: gzip
content-length: 1526
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type: text/html; charset=utf-8
date: Wed, 25 Sep 2024 10:01:25 GMT
dc: ccg11-origin-www-1.paypal.com
edge-cache-tag: up-treatments-zoid
etag: W/"1479-K2mS5eassyfvXXLuuWOBasENhJU"
origin-trial: AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f63201912e3dc
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: "traceparent;desc="00-0000000000000000000f63201912e3dc-b0f16f15b6cdd844-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f63201912e3dc-37ee9375afd6d603-01
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, MISS
x-cache-hits: 13271, 0
x-served-by: cache-fra-etou8220109-FRA, cache-fra-etou8220109-FRA
x-timer: S1727258486.757001,VS0,VE6
x-xss-protection: 1; mode=block

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 14 KB
5 KB 45ms
45ms Script
application/x-javascript 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.458&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

cf6d9b086af287c89886354eedeb71e3e186c8d3922096eb2cacb3d509075ab6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-zQKjyvQ+/Xlo+HT9RZNXTGpEgbGAbGVQenOWH2z2wghl3wye' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

paypal-debug-id: f393001728cf0
content-encoding: gzip
etag: W/"36a7-CdFSSxPJSAaqTr+2401KZyYjNoQ"
age: 82803
origin-trial: AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
x-content-type-options: nosniff
traceparent: 00-0000000000000000000f393001728cf0-57751b7718dc7120-01
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT, MISS
date: Wed, 25 Sep 2024 10:01:25 GMT
content-type: application/x-javascript; charset=utf-8
x-served-by: cache-fra-etou8220073-FRA, cache-fra-etou8220073-FRA
x-cache-hits: 1, 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-zQKjyvQ+/Xlo+HT9RZNXTGpEgbGAbGVQenOWH2z2wghl3wye' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
cache-control: public, max-age=3600
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
x-timer: S1727258486.669913,VS0,VE6
via: 1.1 varnish, 1.1 varnish
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
content-length: 4792
x-xss-protection: 1; mode=block

GET
H2 200 collect Show response
sgtm.elfcosmetics.com/g/ 65 B
296 B 321ms
211ms XHR
text/plain 34.49.124.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je49n0v9125640115z8896608294za200zb896608294&gcs=G100&gcd=13m3m3m2m5l1&npa=1&dma_cps=-&dma=1&tcfd=10001&tag_exp=0&cid=380035125.1727258486&ecid=1792812093&ul=de-de&sr=1600x1200&_fplc=0&ir=1&ur=DE-BW&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&sst.rnd=424909595.1727258484&sst.etld=google.de&sst.gcsub=region1&sst.adr=1&sst.ude=0&_s=1&sid=1727258485&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=9913&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.124.49.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache
x-accel-buffering: no
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
access-control-allow-origin: https://www.elfcosmetics.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 25 Sep 2024 10:01:26 GMT
content-type: text/plain
server: Google Frontend

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 154ms
52ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je49n0v879088318z8896608294za200zb896608294&gcs=G100&gcd=13m3mPm2m5l1&npa=1&dma_cps=-&dma=1&tcfd=10001&tag_exp=0&cid=380035125.1727258486&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&_s=1&sid=1727258485&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_ss=2&tfd=10010
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.elfcosmetics.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 25 Sep 2024 10:01:26 GMT
content-type: text/plain
server: Golfe2

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 975 B
839 B 222ms
221ms XHR
application/json 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

195ddb8f46ffd7bc967f35c5618b15a03707ecf7dce188f217dfb1d7abf247d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: application/json
content-type: application/json

Response headers

paypal-debug-id: f4156744ccc47
content-encoding: br
etag: W/"3cf-5VjjP1Rhu002FL+rqRC47VBOZxY"
origin-trial: AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
x-content-type-options: nosniff
traceparent: 00-0000000000000000000f4156744ccc47-f95ed0a44224b20f-01
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-cache: MISS, MISS
date: Wed, 25 Sep 2024 10:01:26 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-fra-etou8220030-FRA, cache-fra-etou8220030-FRA
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
x-timer: S1727258486.292073,VS0,VE173
access-control-allow-credentials: true
via: 1.1 varnish, 1.1 varnish
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: none
access-control-allow-origin: https://www.elfcosmetics.com

OPTIONS
H2 204 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 287ms
206ms Preflight 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
date: Wed, 25 Sep 2024 10:01:26 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f415674eae695
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f415674eae695-ecb5f9c92fca8c13-01
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-served-by: cache-fra-etou8220030-FRA, cache-fra-etou8220030-FRA
x-timer: S1727258486.079895,VS0,VE167

GET
H2 200 jsp Show response
ut.rd.linksynergy.com/ 148 B
404 B 205ms
56ms Script
text/plain 34.98.67.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.67.98.34.bc.googleusercontent.com

Software

Resource Hash

dca15999e1000a38044db4f1c001807099495b9cee6f57f54addd6a1efd1e738

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

via: 1.1 google
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 148
date: Wed, 25 Sep 2024 10:01:26 GMT
x-samesite: secure
content-type: text/plain; charset=utf-8

GET
H2

200

src=9231397;dc_pre=CKvGiaTr3YgDFY3IOwIdXL82Hg;type=retarget;cat=globa0;ord=7034194132383;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;ua...
ade.googlesyndication.com/ddm/activity/
Redirect Chain

https://ade.googlesyndication.com/ddm/activity/src=9231397;type=retarget;cat=globa0;ord=7034194132383;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=;uab=;uafvl=;uamb=0...
https://ade.googlesyndication.com/ddm/activity/src=9231397;dc_pre=CKvGiaTr3YgDFY3IOwIdXL82Hg;type=retarget;cat=globa0;ord=7034194132383;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefine...

42 B
107 B

82ms
76ms

Image
image/gif

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/src=9231397;dc_pre=CKvGiaTr3YgDFY3IOwIdXL82Hg;type=retarget;cat=globa0;ord=7034194132383;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe49n0v9181619921z8896608294za201zb896608294;gcs=G100;gcd=13m3mPm2m5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Wed, 25 Sep 2024 10:01:26 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://ade.googlesyndication.com/ddm/activity/src=9231397;dc_pre=CKvGiaTr3YgDFY3IOwIdXL82Hg;type=retarget;cat=globa0;ord=7034194132383;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe49n0v9181619921z8896608294za201zb896608294;gcs=G100;gcd=13m3mPm2m5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
pragma: no-cache
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Wed, 25 Sep 2024 10:01:26 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET
H2 200 ts
t.paypal.com/ 42 B
598 B 320ms
185ms Image
image/gif 151.101.67.1
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1727258486097&g=-120&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.67.1 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

access-control-expose-headers: Server-Timing
paypal-debug-id: 14ca36931ee56
correlation-id: 14ca36931ee56
expires: Wed, 25 Sep 2024 10:01:26 GMT
traceparent: 00-000000000000000000014ca36931ee56-febf99b0ed048051-01
x-cache: MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
server-timing: "traceparent;desc="00-000000000000000000014ca36931ee56-673cfef61458491d-01"";content-encoding;desc="",x-cdn;desc="fastly"
date: Wed, 25 Sep 2024 10:01:26 GMT
content-type: image/gif
x-served-by: cache-fra-etou8220031-FRA
x-cache-hits: 0
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: max-age=0, no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
x-timer: S1727258486.253035,VS0,VE144
via: 1.1 varnish
accept-ranges: bytes

POST
H2 200 baskets Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 3 KB
2 KB 548ms
547ms XHR
application/json 140.174.14.144
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/mobify/bundle/11899/vendor.js?yocs=Z_14_1K_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.14.144 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

f4338432a4f77cc8cdc083e79c3cd4766ad95810a7fe2e0ba5e2f1905df53f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwYjE3M2Y4Zi00OWYzLTRmOGUtOGQxMC1kY2U0OWFmZmI4MGQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjcwMTRiMDk3LWM0MTEtNGZhNy05ZThlLWJmMGNjNjViYTBhNiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjcyNTg0NTUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmJjbFhhVmxlZ1VtckFSd1hvVmtxWVl4S2MxOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNzI2MDI4NSwiaWF0IjoxNzI3MjU4NDg1LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1OTMyOTg1NzcyNTQ3NTgzIn0.wmHAPwBSnjXqJirdhBeAd4LJgoyxOrIBAdDqVIE1ezN0o9SdZLU5NWVr44ziuCN2_z6CPLdWJl4X7jKyIq_QRw
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals
c_x-pwa-request: true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: application/json

Response headers

x-dw-resource-state: 7b80e96281dc471910c6df964142a41f65f7255e8f0e645f1bcac8cd3dcd062c
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
content-encoding: gzip
x-dw-request-base-id: fJQsiXbf82YBAAB_
etag: 7b80e96281dc471910c6df964142a41f65f7255e8f0e645f1bcac8cd3dcd062c
age: 0
x-dw-version-status: obsolete
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
expires: Thu, 01 Dec 1994 16:00:00 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: ubEqJXC-kU2lI4sMfg09QxlzJhd8ldrLs3gWXG3Yk2q5m2Z0--6nkw==
date: Wed, 25 Sep 2024 10:01:26 GMT
content-type: application/json;charset=UTF-8
x-yottaa-optimizations: ob/1000 si/36D18cae0e90-1727198787-4345353469 tts/1727189521438 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
sfdc_customization: HOOK
x-yottaa-os: 200
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
allow: OPTIONS,POST
cf-ray: 8c8a2c42890a381c-FRA
x-yottaa-metrics: 36218cae0e45/[489,487,-] 36D18cae0e90/[-,491.657]
via: 1.1 fc486e72455da7c1d3be4472dd5ba8b2.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1102
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
x-amz-cf-pop: FRA60-P6

GET
H2

200

src=10742279;dc_pre=CPPEiaTr3YgDFXnNOwIdQ8sRQg;type=elf8j0;cat=glo_flap;ord=5181065998439;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv...
ade.googlesyndication.com/ddm/activity/
Redirect Chain

https://ade.googlesyndication.com/ddm/activity/src=10742279;type=elf8j0;cat=glo_flap;ord=5181065998439;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=;uab=;uafvl=;uamb=0;u...
https://ade.googlesyndication.com/ddm/activity/src=10742279;dc_pre=CPPEiaTr3YgDFXnNOwIdQ8sRQg;type=elf8j0;cat=glo_flap;ord=5181065998439;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-c...

42 B
118 B

83ms
77ms

Image
image/gif

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/src=10742279;dc_pre=CPPEiaTr3YgDFXnNOwIdQ8sRQg;type=elf8j0;cat=glo_flap;ord=5181065998439;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe49n0v9181663336z8896608294za201zb896608294;gcs=G100;gcd=13m3mPm2m5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Wed, 25 Sep 2024 10:01:26 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://ade.googlesyndication.com/ddm/activity/src=10742279;dc_pre=CPPEiaTr3YgDFXnNOwIdQ8sRQg;type=elf8j0;cat=glo_flap;ord=5181065998439;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe49n0v9181663336z8896608294za201zb896608294;gcs=G100;gcd=13m3mPm2m5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
pragma: no-cache
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Wed, 25 Sep 2024 10:01:26 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET 3f62973b-59a8-48f9-a469-771a19752e15
https://www.elfcosmetics.com/ Frame 0
0

GET
H2 204 pageview
c.contentsquare.net/ 0
320 B 204ms
56ms Image
text/plain 34.246.128.189
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/pageview?ex=&dt=196&pvt=n&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=de-DE&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dr=&dw=1600&dh=7549&ww=1600&wh=1200&sw=1600&sh=1200&uu=69496b14-5f77-a1f0-f429-acd3e0c887bf&sn=1&hd=1727258486&v=15.16.0&pid=1926&pn=1&r=429863
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.128.189 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-128-189.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
timing-allow-origin: *
pragma: no-cache
access-control-allow-methods: GET, POST, OPTIONS
expires: Sun, 24 Oct 1982 23:00:00 GMT
access-control-allow-origin: *
date: Wed, 25 Sep 2024 10:01:26 GMT
content-disposition: inline
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With

GET
H2 200 us.svg
www.elfcosmetics.com/mobify/bundle/11899/static/img/flag-icons/ 9 KB
1 KB 51ms
48ms Image
image/svg+xml 140.174.14.144
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elfcosmetics.com/mobify/bundle/11899/static/img/flag-icons/us.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 140.174.14.144 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

x-amz-meta-deploy: 840429
content-encoding: gzip
age: 2942869
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: CzaZc18C5_RlpDX8a6xAHbiT3ZpoFqLoEiX2KAB3rg9ebhhLJVYshA==
date: Wed, 25 Sep 2024 10:01:26 GMT
content-type: image/svg+xml
x-yottaa-optimizations: ob/1001 si/36D18cae0e90-1724260931-8265866931 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os: 200
x-yottaa-forcecache: true, true
cache-control: public, max-age=31104000
via: 1.1 9d1f21fface75767578955e1853e754e.cloudfront.net (CloudFront)
x-amz-meta-bundle: 11899
x-yottaa-metrics: 36218cae0e42/[6,2,-] 36D18cae0e90/[hit]
access-control-allow-origin: *
content-length: 676
x-amz-cf-pop: FRA60-P6

GET
H2 200 collect Show response
sgtm.elfcosmetics.com/g/ 65 B
127 B 461ms
459ms XHR
text/plain 34.49.124.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je49n0v9125640115z8896608294za200zb896608294&gcs=G100&gcd=13m3m3m2m5l1&npa=1&dma_cps=-&dma=1&tcfd=10001&tag_exp=0&cid=380035125.1727258486&ecid=1792812093&ul=de-de&sr=1600x1200&_fplc=0&ir=1&ur=DE-BW&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&sst.rnd=424909595.1727258484&sst.etld=google.de&sst.gcsub=region1&sst.adr=1&sst.ude=0&_s=2&sid=1727258485&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=pageview&ep.vendor_id=pinterest&ep.email=&ep.event_id=1727259320287_17272592058889&ep.external_id=&ep.pinterest_pixel_id=549755876323&_et=4&tfd=10626&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.124.49.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache
x-accel-buffering: no
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
access-control-allow-origin: https://www.elfcosmetics.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 25 Sep 2024 10:01:26 GMT
content-type: text/plain
server: Google Frontend

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ 55 KB
16 KB 198ms
45ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CA9) /

Resource Hash

20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

paypal-debug-id: 9373300366e53
content-encoding: gzip
etag: W/"64f25363-daa8"
x-content-type-options: nosniff
expires: Wed, 25 Sep 2024 11:01:26 GMT
traceparent: 00-00000000000000000009373300366e53-8f1a512f7839ae6e-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Wed, 25 Sep 2024 10:01:26 GMT
content-type: application/javascript
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=3600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges: bytes
content-length: 16355
server: ECAcc (frc/4CA9)

GET
H2 200 NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 5 KB
6 KB 294ms
65ms Image
image/png 2a02:26f0:3100::210:6e08
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::210:6e08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Unknown /
Resource Hash: 210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

x-amz-server-side-encryption: AES256
cache-control: max-age=1800, s-maxage=86400
x-amz-version-id: null
access-control-allow-methods: POST, GET, OPTIONS
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5378
date: Wed, 25 Sep 2024 10:01:27 GMT
x-amp-srv: A
content-type: image/png
server: Unknown
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 2 KB
1 KB 294ms
66ms Image
image/svg+xml 2a02:26f0:3100::210:6e08
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::210:6e08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Unknown /
Resource Hash: 4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cache-control: max-age=1800, s-maxage=86400
content-encoding: gzip
x-amz-version-id: null
access-control-allow-methods: POST, GET, OPTIONS
accept-ranges: bytes
access-control-allow-origin: *
content-length: 996
date: Wed, 25 Sep 2024 10:01:27 GMT
x-amp-srv: A
content-type: image/svg+xml
vary: Accept-Encoding
server: Unknown
x-amz-server-side-encryption: AES256

GET
H2 200 icon-noun-hearts-257768v2
elfcosmetics.a.bigcontent.io/v1/static/ 2 KB
1 KB 310ms
81ms Image
image/svg+xml 2a02:26f0:3100::210:6e08
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-hearts-257768v2?%24Desktop%24=&fmt=auto
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::210:6e08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Unknown /
Resource Hash: 1ddc89ba3c2a29bf8b6a376737d491efdb8f9bcebc7c635639cda62390f45a06

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cache-control: max-age=1800, s-maxage=86400
content-encoding: gzip
x-amz-version-id: null
access-control-allow-methods: POST, GET, OPTIONS
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1031
date: Wed, 25 Sep 2024 10:01:27 GMT
x-amp-srv: A
content-type: image/svg+xml
vary: Accept-Encoding
server: Unknown
x-amz-server-side-encryption: AES256

GET
H2 200 elf-customer-quiz-icon
elfcosmetics.a.bigcontent.io/v1/static/ 3 KB
1 KB 294ms
65ms Image
image/svg+xml 2a02:26f0:3100::210:6e08
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/elf-customer-quiz-icon?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/elf-customer-quiz-icon?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/elf-customer-quiz-icon?%24Desktop%24=&fmt=auto%203x
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::210:6e08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Unknown /
Resource Hash: 444a7c79f9643674d1cd3921674999c6b30e74b01441e4e931f1efa7d1775537

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cache-control: max-age=1800, s-maxage=86400
content-encoding: gzip
x-amz-version-id: null
access-control-allow-methods: POST, GET, OPTIONS
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1136
date: Wed, 25 Sep 2024 10:01:27 GMT
x-amp-srv: A
content-type: image/svg+xml
vary: Accept-Encoding
server: Unknown
x-amz-server-side-encryption: AES256

GET
H2 204 dvar
c.contentsquare.net/ 0
319 B 58ms
58ms Image
text/plain 34.246.128.189
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/dvar?v=15.16.0&pid=1926&pn=1&sn=1&uu=69496b14-5f77-a1f0-f429-acd3e0c887bf&dv=H4sIAAAAAAAAA6tWcnSKd4mMd8%2FJT0rMUXDOzyspys9RCEktLlGyUnKpzEvMzUxWiMxMzUlRcK0oSC3KTM1LTi1W0oHqQ4gpGAI1hCUWZSaWZObnAXkwJT755QqeeSWpeSATA%2FILSnOAikoqlWoB8S1cunwAAAA%3D&ct=2&r=385375
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.128.189 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-128-189.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
timing-allow-origin: *
pragma: no-cache
access-control-allow-methods: GET, POST, OPTIONS
expires: Sun, 24 Oct 1982 23:00:00 GMT
access-control-allow-origin: *
date: Wed, 25 Sep 2024 10:01:27 GMT
content-disposition: inline
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With

GET
H2 200 us.svg
www.elfcosmetics.com/mobify/bundle/11899/static/img/flag-icons/ 9 KB
0 0ms
0ms Image
image/svg+xml 140.174.14.144
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elfcosmetics.com/mobify/bundle/11899/static/img/flag-icons/us.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 140.174.14.144 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

x-amz-meta-deploy: 840429
content-encoding: gzip
age: 2942869
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: CzaZc18C5_RlpDX8a6xAHbiT3ZpoFqLoEiX2KAB3rg9ebhhLJVYshA==
date: Wed, 25 Sep 2024 10:01:26 GMT
content-type: image/svg+xml
x-yottaa-optimizations: ob/1001 si/36D18cae0e90-1724260931-8265866931 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os: 200
x-yottaa-forcecache: true, true
cache-control: public, max-age=31104000
via: 1.1 9d1f21fface75767578955e1853e754e.cloudfront.net (CloudFront)
x-amz-meta-bundle: 11899
x-yottaa-metrics: 36218cae0e42/[6,2,-] 36D18cae0e90/[hit]
access-control-allow-origin: *
content-length: 676
x-amz-cf-pop: FRA60-P6

GET
H2 200 index.html
www.paypalobjects.com/muse/analytics/ Frame 8899 0
0 160ms
41ms Document
text/html 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CBF) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-length: 16754
content-type: text/html
date: Wed, 25 Sep 2024 10:01:27 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "64f25363-dacc+gzip"
expires: Wed, 25 Sep 2024 11:01:27 GMT
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id: 24e2318d08cd5
server: ECAcc (frc/4CBF)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-000000000000000000024e2318d08cd5-2e2ac5a44324cfdb-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff

GET
H2 200 PWA-UpdateSession Show response
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/ 56 B
1 KB 298ms
298ms XHR
application/json 140.174.14.144
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 140.174.14.144 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6

Request headers

c_x-pwa-request: true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

content-encoding: gzip
x-dw-request-base-id: cD3gvHff82YBAAB_
cf-cache-status: DYNAMIC
age: 0
expires: Thu, 01 Dec 1994 16:00:00 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: xokBR45_A-ToniRFZjOOEOKIolDHVDnfZ7ZejUomJudITm3xqgcUGg==
date: Wed, 25 Sep 2024 10:01:27 GMT
content-type: application/json
x-yottaa-optimizations: ob/1000 si/36D18cae0e90-1727198787-4345353480 tts/1727189521438 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os: 200
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
via: 1.1 81cb77eb84eee291ebbd90b4c274c1c4.cloudfront.net (CloudFront)
cf-ray: 8c8a2c4a9b5bd364-FRA
x-yottaa-metrics: 36218cae0e29/[254,252,-] 36D18cae0e90/[-,254.697]
access-control-allow-origin: *
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
x-amz-cf-pop: FRA60-P6

GET
H2 200 ts
t.paypal.com/ 42 B
306 B 187ms
187ms Image
image/gif 151.101.67.1
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1727258487628&g=-120&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.67.1 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

access-control-expose-headers: Server-Timing
paypal-debug-id: 05a23883870c6
correlation-id: 05a23883870c6
expires: Wed, 25 Sep 2024 10:01:27 GMT
traceparent: 00-000000000000000000005a23883870c6-ee3436dadddf97fe-01
x-cache: MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
server-timing: "traceparent;desc="00-000000000000000000005a23883870c6-5a5b44c93b5c848e-01"";content-encoding;desc="",x-cdn;desc="fastly"
date: Wed, 25 Sep 2024 10:01:27 GMT
content-type: image/gif
x-served-by: cache-fra-etou8220031-FRA
x-cache-hits: 0
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: max-age=0, no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
x-timer: S1727258488.649349,VS0,VE144
via: 1.1 varnish
accept-ranges: bytes

POST
H2 200 exist Show response
srm.ba.contentsquare.net/ 2 B
94 B 202ms
63ms Fetch
application/json 63.32.124.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://srm.ba.contentsquare.net/exist?v=15.16.0&pid=1926&pn=1&sn=1&uu=69496b14-5f77-a1f0-f429-acd3e0c887bf
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.124.192 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-124-192.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.elfcosmetics.com/

Response headers

access-control-allow-origin: *
content-length: 2
date: Wed, 25 Sep 2024 10:01:28 GMT
content-type: application/json

GET
H2 200 script-tag.js Show response
cdn-scripts.signifyd.com/api/ 10 KB
4 KB 165ms
39ms Script
application/javascript 108.138.26.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.26.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-26-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

vary: Accept-Encoding
cache-control: max-age=1800
content-encoding: gzip
etag: W/"73ca6f23f3e08738233832c7a7a0c30c"
age: 355
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: 6L_7TrQfz71DyVeh1NKQTbNiY1OvyqvAgeN9Q-gz84Y7RsJInfn1eg==
date: Wed, 25 Sep 2024 09:55:34 GMT
content-type: application/javascript
last-modified: Tue, 23 Apr 2024 14:51:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256

GET
H2 200 company_toolkit.js Show response
cdn-scripts.signifyd.com/api/ 4 KB
2 KB 43ms
43ms Script
application/javascript 108.138.26.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.26.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-26-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

vary: Accept-Encoding
cache-control: max-age=1800
content-encoding: gzip
etag: W/"2c3950f122b3977df61b0e077aaa92c8"
age: 791
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: oXfQqP-CjMfcgOjn0eN8tkY9VrhA7cK6s3TvNcrJDNFsDmO6oaVwMA==
date: Wed, 25 Sep 2024 09:48:18 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2023 10:18:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256

GET
H2 200 us.svg
www.elfcosmetics.com/mobify/bundle/11899/static/img/flag-icons/ 9 KB
0 1ms
0ms Image
image/svg+xml 140.174.14.144
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elfcosmetics.com/mobify/bundle/11899/static/img/flag-icons/us.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 140.174.14.144 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

x-amz-meta-deploy: 840429
content-encoding: gzip
age: 2942869
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: CzaZc18C5_RlpDX8a6xAHbiT3ZpoFqLoEiX2KAB3rg9ebhhLJVYshA==
date: Wed, 25 Sep 2024 10:01:26 GMT
content-type: image/svg+xml
x-yottaa-optimizations: ob/1001 si/36D18cae0e90-1724260931-8265866931 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os: 200
x-yottaa-forcecache: true, true
cache-control: public, max-age=31104000
via: 1.1 9d1f21fface75767578955e1853e754e.cloudfront.net (CloudFront)
x-amz-meta-bundle: 11899
x-yottaa-metrics: 36218cae0e42/[6,2,-] 36D18cae0e90/[hit]
access-control-allow-origin: *
content-length: 676
x-amz-cf-pop: FRA60-P6

GET
H/1.1 200
OK s4122dai6sk7lfp5.js Show response
imgs.signifyd.com/ 96 KB
14 KB 168ms
45ms Script
text/javascript 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/s4122dai6sk7lfp5.js?i37l49p476zdrbge=w2txo5aa&mvlgntart112v30s=L2Q3NTBlYjUxYTFkNjE0YTA4OWMwYThiNTQ5

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

9ad5efa95bffc74ea0c27de7f2e45ab2482d3116bd8ce99aef06050e30fd8f9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP=IVAa PSAa
Keep-Alive: timeout=2, max=100
Date: Wed, 25 Sep 2024 10:01:28 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Server: Apache

GET
H2 451 458359.gif
idsync.rlcdn.com/ 0
98 B 145ms
49ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/458359.gif?partner_uid=b11b6c55-e689-4962-a550-5c1981c3becf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 25 Sep 2024 10:01:28 GMT

GET
H/1.1 200
OK uoj082F-TB69czO5 Show response
imgs.signifyd.com/ Frame BAE5 302 KB
51 KB 60ms
60ms Script
text/javascript 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/uoj082F-TB69czO5?4c8889e9339af2cd=GOR6fwd4L1BumEjIaeSmUWyPLt0FODTiOKNnpRjsfDG0Nx44a900tUb2SOEq6VAchr_Xhum87Fgyp-5i51EKKascYW1v1lZtRFcFUloRRj9Oel9jcwG7XHfD7x9vq8RW0cHZbB5iJflFCDRJr7ANrzV8GLliC6vcanabfadYoSZpSIW0MHQ_9e4uvy0fi0Ms0an3hU60GrhE8xN5&jb=3d32262460736d7d354669667d78246079653d4c616e75782c687b607d3d4b60786f6d652e68736037436a7a6767652d3a30333833

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/s4122dai6sk7lfp5.js?i37l49p476zdrbge=w2txo5aa&mvlgntart112v30s=L2Q3NTBlYjUxYTFkNjE0YTA4OWMwYThiNTQ5

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

a8ae335e33cd6353e47d5171c4b90e91d5fd3840890e6e01156109de0001f5f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Date: Wed, 25 Sep 2024 10:01:28 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
tmx-nonce: d77c1b61074f7393
X-XSS-Protection: 1; mode=block
Server: Apache

GET
H/1.1 200
OK Y6QNg54CUO8affau
imgs.signifyd.com/ Frame BAE5 81 B
475 B 127ms
42ms Image
image/png 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/Y6QNg54CUO8affau?0e86a97db515cfd6=S5mrAtjz2YRCtkf10Ab-NYvzD9_Ht4iXkt9x8cZRj7DO6J-XpwD268R8uL35OqngRa_tXnQHgIci945zR_Ha_rhPM_suEdYBeAnHWmEou_GYifRgKcjib8WzauSKCvxdmbN4SIRxxphXJj8bHqK41s--fCaGlLEqyZKWjgg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=100
Date: Wed, 25 Sep 2024 10:01:28 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/png
Server: Apache

GET
H/1.1 200
OK gIPYFDMgXcax28S0
imgs.signifyd.com/ Frame BAE5 81 B
475 B 124ms
43ms Image
image/png 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/gIPYFDMgXcax28S0?27ac7accaeb80458=z1Hl6ytQeE54AI91GpS9ubRP4Q0yTMgWw6jB6QD_iM_swL9Yjfos7xVIm3Kagxa85ritMxz0oz8jqJxEDAChAqGiWG1JjVNkU5peOH1lee1N71PlyISh5Bgd76HwQ8RmX-y1NQcsV9aQ_iPRruONA7_T3ZVFdPibhgGwcEI

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=100
Date: Wed, 25 Sep 2024 10:01:28 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/png
Server: Apache

GET
H/1.1 200
OK clear.png Show response
imgs.signifyd.com/fp/ Frame BAE5 81 B
536 B 143ms
43ms XHR
image/png 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/clear.png

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/uoj082F-TB69czO5?4c8889e9339af2cd=GOR6fwd4L1BumEjIaeSmUWyPLt0FODTiOKNnpRjsfDG0Nx44a900tUb2SOEq6VAchr_Xhum87Fgyp-5i51EKKascYW1v1lZtRFcFUloRRj9Oel9jcwG7XHfD7x9vq8RW0cHZbB5iJflFCDRJr7ANrzV8GLliC6vcanabfadYoSZpSIW0MHQ_9e4uvy0fi0Ms0an3hU60GrhE8xN5&jb=3d32262460736d7d354669667d78246079653d4c616e75782c687b607d3d4b60786f6d652e68736037436a7a6767652d3a30333833

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: */*, w2txo5aa/d77c1b61074f7393l2q3ntblyjuxytfknje0yta4owmwythintq5
Referer: https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: private, must-revalidate, max-age=0
Etag: cc91ed0ba7854d5290edc49717f3e6ed
Connection: Keep-Alive
Expires: Mon, 24 Sep 2029 10:01:29 GMT
Access-Control-Allow-Origin: https://www.elfcosmetics.com
Content-Length: 81
Keep-Alive: timeout=2, max=100
Date: Wed, 25 Sep 2024 10:01:29 GMT
Last-Modified: Wed, 25 Sep 2024 10:01:29 GMT
Content-Type: image/png
Server: Apache

GET
H/1.1 200
OK xRUdxcRyNqDeaC1x
imgs.signifyd.com/ Frame E9AB 0
0 133ms
42ms Document
text/html 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/xRUdxcRyNqDeaC1x?7c798575de61218c=aLH3pFEglXBKW2KPHOoMefCRTL18sJPWZJq6JW2t7U-HlXtb2AGzemYIgSdpKxtmhglmN71PGWTs6L1ieB2lRQ3F4gNvDGIsjmMZnvr-WpLeuBF8VdU3jaNEFHhTSNce_bdjUfQkOYhZM8kAHX4bJcKXusvFDj7A-KgHZIjZxiU00xpVqBkwljfknMP9IPLy4rEWDlZZ_hn17uFyDEw

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Wed, 25 Sep 2024 10:01:29 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK RUgh340ikQN5nzDh Show response
imgs.signifyd.com/ Frame BAE5 0
398 B 53ms
44ms Script
text/javascript 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=2, max=99
Date: Wed, 25 Sep 2024 10:01:29 GMT
X-XSS-Protection: 1; mode=block
Content-Type: text/javascript
Server: Apache

GET
H/1.1 200
OK DeCOEjL5bq50hJI- Show response
imgs.signifyd.com/ Frame BAE5 134 B
654 B 56ms
48ms Script
text/javascript 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/DeCOEjL5bq50hJI-?ff28b13698c996d7=4aeSfm_RG3S2UplNrwfCNl1GTv9YNiUS_6KZvJh9viWy7NR4iFPr36DkKaX7i2dX01A88RxoY66xInjya-V6gLIXh5fKxr05oDlYAbqdRQJewMXHdvIDvR9zBanArI4dZrkeGsrjzbNkjd3607ByRg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

50c3eb43047304feefb26888400d7851e8ed872ef1f86f8c1e2abddbc2b318d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Date: Wed, 25 Sep 2024 10:01:29 GMT
X-XSS-Protection: 1; mode=block
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Server: Apache

GET
H/1.1 200
OK sKpWi9iLqpruXJGy
h.online-metrix.net/ Frame 60D2 0
0 181ms
46ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/sKpWi9iLqpruXJGy?a2465f0ed43e03d8=X9MfANfrCgtjamHhQs8TN4w73JQLSa-btthl-Nxm7ryxbHaLzwpkKPYtN0Jb9k6te9_2Tux4aw3FZpAEpVzCFFgKjG9CUNOpb-c9FqhvoZNWq5XWscmOXC1GG9mKwPAHNQO3NO9e8yz6GyEOb_fRbLDssYCjPnSqfbDYmBeYsmtiRYrddtmVljp87pkNLrFIA9zA7-zyXcvDQE4WCXLd

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Wed, 25 Sep 2024 10:01:29 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK iCMrs_fjLwOflX0o
imgs.signifyd.com/ Frame A5B5 0
0 143ms
50ms Document
text/html 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/iCMrs_fjLwOflX0o?41dbeb5e6e1dcab4=ul_dLJMYJgmx56EaY4mINPzSoetJuLVQO_gkNcEqUKpq7ipsHNrsbTWowh_4jtdHATNpiaAVDh84eIEgqto4lpUXY-WD6P4tk2-b2gW-93DfkCZqDPZSv0NwUXTpFpz4Xn5-fEr9Dz0_zXDS0i4BkNBkBkw9B0QcDCMKjQ636OkLwJxPPoyoh3IZbhNrIDAgyTcGEP9qm_DkekTE8Cl7

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Wed, 25 Sep 2024 10:01:29 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 1gaUdm70YBepUdm1 Show response
h64.online-metrix.net/ Frame BAE5 0
399 B 584ms
186ms Script
text/javascript 2620:f3:0:14:b401:8ee8:4321:ad82
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h64.online-metrix.net/1gaUdm70YBepUdm1?1c961d13fae1db24=qVhgykZRhyY2L1ySySNczcQHahoGIXVw5zmTTKosGbGWkqhwB021B7XDHO19QIQjbnnv-b_jlFSJLTiQhlycW8vecA4yreJbG0I--PExSarPLn0whKsFBaYHLVQKAo8pVnb3ZOKGJi7PspdlxPLL-9qAqyID1ydd

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2620:f3:0:14:b401:8ee8:4321:ad82 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=2, max=100
Date: Wed, 25 Sep 2024 10:01:29 GMT
X-XSS-Protection: 1; mode=block
Content-Type: text/javascript
Server: Apache

GET
H/1.1 204
204 RUgh340ikQN5nzDh Show response
imgs.signifyd.com/ Frame BAE5 0
218 B 44ms
43ms Script
text/javascript 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/RUgh340ikQN5nzDh?0873e1e46425b1b1=FMtLIl3cSYCACsDSY4l0x9o8EsTFyDj-FvtKyADCXW9KnCCItj5EpX6EHfiAl6uBSi_noHpfXFQAUfzhtGGkBTYDcTHvjCQ-nIna2fdVG_Q8h3D8V_dRn3R2a_hfuZ3oVKvqi-eRQlDxWY9gVQpy9QTC9_I&ja=3a3236322c2661353e3a26723536322c6c3731363830783138323824696635393c303078393030322c737a71353830387032323a2c6e707235312c313c32382e3932383826313630382e31303a302e393e3a30243932323a263b3630382c3132323724303830243a3a30266d7c3f32356c35336c3b3b34316d36606c383a39623e366264393a3f6038616e3b6934266d663f3224796366353a3e2664603d6a7e7e7a73253b4125324c273a447f777f266f6c666367716d677e69617b26696f652d32446f666c2d6367736d657e6b6b2f6b726165636e616c7b24706e37352478603765303832666c6b3f3535393933663e676a673039313b6f623461313b323b3a642460603738303031323f3a323064303539626e673a633e636b6b3d62353431343260383724627b653d44616e77722c60736235436872656f6d273a30393a33266a7367773d4e636e77702e60736a7d3d416278656d652e6e686337333a246664653532266e6d7c723d322c74786c354f757a6770672f384c42657a6c696e2c6f69766072353c3a303364396132606f63323a6d3c636b3d36323a32386164393535343a336e663c3530303b3431643e6761633834666b313e616e6a643538393b3331313661266e70356a7c74787b2f3341253a4425304c77757f266f6c6e6b6f71676f7e69637b2e636f67273a446d6c6e25696f736d6d7669612763706165636e696473247a377a6c756f696e5f6c6e697160253d4d6c616c736d23706e7f676b66577d69666c6f75795567656461615f70666371677a253d4d6c616c736d23706e7f676b66576b64676a655d6b69786f62697425354f64696e7b65297866756769665d71776363697c6167652d3d45646b66796521786c7567636c5771606f6b637d6176652d3745646b6c716d297a6c7d6f696c55786f616c786c61796f702d374d666964796521706477676b645f74646b557064697967782f3f4566696c73652b7264776f6966576e657661647472273f45646964796529786c776d63645f737e675f7663677f677a253d4d6c616c736d23706e7f676b665760617e6925374f6c6b6c736d26676c556135756d626f645d656247442732323b2e322d3a3a284778656c4d462f32304d5325323a3026322d32384b62726f6d61776d2b5d65604f442f32384f4c51462f3830455b2532303b2c38273a3020477a656e47442732324f53273a384d4c5b4425303a4f59253238312e302f3038416072676563756d295f6762496374556d6a41697c2d32325d6f68474c494e474c4f5d616c7b7469666965645f697072637373273b4a2f32384d5856556866656e6c5f6d69646f697a2d334a2d383045585c5d636e63705d6b6764747a676c2739482f32304d58545f696d646d7a5f6a7d6c666572576a616e6c5f6464676b742d3b4227383a4f5854576465707e6a5761646165782f3342253a32455a5e5f6464676b74576a6c67646e2f33422d323045525657647a616f576e657074602733402f32324d505e5f78676c7b6d65645f6f6e6673657e5d6b6e696d782d394225323847585655736a696c6f72577c657a7e7f78655f646f642539402d303845505c557465787c77726755636d657878657b7b696d64556870746b2533422f3038475054577c6f7874757a675f61656d727a6d797361676e5d786d7e63253b4225323a47505657746d707e7572655764696e7e6570576964697b677470657a6363253b4225323a47505657746d707e757265576f6970786f70576b666165785f7665556f64676d2533422f3038475054577b584742253b4025303a4f475b576f6c6d65656c7e55636e646d785f75636c7c273b422d3a3a4f45535764626d557267666c6f7257656972676b7a25334a25323045475b5d7b7469666e617264576665706376637c617c657b2d33402f383a4f455b5f746572767d706d5f6e64656174253b4025303a4f475b577e65707c75706f556c6c6f69745f6c636c6d637a253b4a2f32304f4d515f766f78767d7a6f5f60696c64556c666f617c2533422f30384d4d53577c6f7874757a675f6a6b6c64576e666f697c5f6e63646f61722d334225383247475b5f7e6d78746578576372706b795d676a60656b7c2531482f3830574d42474c5561676e6772576a7f6666657a5d666e6561762d3b48253a385747484d465f63676d70726f717b676c5f7c6d727475726d5d61717e63273b4a2f32385f45404d4655636f6570726579716d6657746d707e757265576774612f33402d3a3a574d4a474e5569656d707a6573736f6657766d787c7d78655f657c6131273942273a385d454a4f4c5d69656770726d7373656e5d7c6770747d7a6f5f73337c612531482530385f4f424f445f6165677a72657b73656455766d7a7c757a6d557333746b5d73706d62273b4a2f32385f45404d465564656a75675f786766666d726d7a55696e66672733402f32325f4d484744576467687f6d5f736061646578712d314a253a385d454247445d64677a746a577c6f787c7d72672f39482532385745424d4e57667a617f57687566666d7073273942273a385d454a4f4c5d666579655f6b6f6e746f7a7c273b422d3a3a5745424f4e5f6f7f6c7661576e72697f2531482f3830574d42474c5572676e71676766556d6f646d3336246d6c5d603532366e3b633a3e6b3237316a3438656b6630363e39696c3e6137623d61363232623a696c3f35393e26756d667c3d496674656c2f30384b6663262e7d676c72354b6e766f6c273a384372617b25303a457a656e4f4c25323a476665616e6d2e6963643d3931266566685d60353f65313f653532693362303d3861363933693b3132693d3c363065386666356f30633e303d656e6c&jb=3931342466713f4567706964646127384c3f2e302d323028523339273b422d3a3a4c696e7d7a25303a783a3e573c34212d32324b7a7a6c655f65624b63762d304e353b3f243336253a32284942544f442d38432d3a306e63616f253238476563616d21273a304b60786f6d652d30463338392c38263a2e382d3232596b6c6172612532463f313f2c3b36

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security: max-age=31536000
Keep-Alive: timeout=2, max=98
Date: Wed, 25 Sep 2024 10:01:29 GMT
Content-Type: text/javascript;charset=UTF-8
Server: Apache
Connection: Keep-Alive

GET
H/1.1 200
OK VGcealnjnOyLxW7x
w2txo5aadb4ml5w5n5hoeglkih3y7p5fhiq3ymypd77c1b61074f7393am1.e.aa.online-metrix.net/ Frame BAE5 81 B
438 B 202ms
41ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w2txo5aadb4ml5w5n5hoeglkih3y7p5fhiq3ymypd77c1b61074f7393am1.e.aa.online-metrix.net/VGcealnjnOyLxW7x?17a1c8f1ebd86394=Ta59wtJVotXbL5COQ-PppavMykC3TT6er5l8L0jLTdT3pacdNtX_75lAPQTtE2tGIEfAFgLod-bJujpPg--92fCy1Zs7rYC7C0c9g3IdnfuA22e7HXZyLbUCHRITvDkLWl8a8sGvrVF-HSWBJJHSQgDb8jG_YiimKOxF

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.134.131 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: close
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Date: Wed, 25 Sep 2024 10:01:29 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/png
Server: Apache

GET
H/1.1 204
204 aCx5RJ6SE84sVGET Show response
imgs.signifyd.com/ Frame BAE5 0
218 B 57ms
57ms Script
text/javascript 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/aCx5RJ6SE84sVGET?9c0e6ddab209f5fb=bWpDOV_ldVc79z3WKKoqP7aSl_6N2WmY6mf0M737CdWmnva9k5Whxe5kmZHPHz7w94CXgGxtAvPmkl7q9JevAs_fUlAWij_bFA6l-M2E5Zs207cJNn2G6uKZOEDBX7Jqhv2wG6yJfRBWQkipkokog_MkW0cYscJGQcxJ0kdJH2fudgEGTXGCnvxDYKbxjh_9qJySF4NBr94Zp5zKNbo&jac=1&je=30362624676566603522332d3a43332f384933253a43343538643d636c34393a686262326b6039303f32606b6e69623a6e3067693f6837656d3036663c616c3130393a313b643765383664676e3734696a6c396e3f622b

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security: max-age=31536000
Keep-Alive: timeout=2, max=97
Date: Wed, 25 Sep 2024 10:01:29 GMT
Content-Type: text/javascript;charset=UTF-8
Server: Apache
Connection: Keep-Alive

GET
H/1.1 204
204 _Cy8KDYTir7y3yRS
imgs.signifyd.com/ Frame BAE5 0
400 B 53ms
53ms Image
image/png 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/_Cy8KDYTir7y3yRS?d7d0eef6ce65f476=-ggXWonKgZMHsdRRk28OPD9a9-DnY-hrTstshMF7v_30xJMxE47x5oa7LLYLK3kJ78TD9-Y9ffGbxk9zptomX6OJ8U3BFRaZH05HVFzA5vciKkoqF9oIxyqdSi9TowTBIMuZ1_fLbT4L5Rs2iX14n5PowJcaS44voVJvq87BrVOma4MZq98cjYLdC8MtlEM9cjVYLTaSgL6VPkQVtT0&jf=3c333824796966577a6464357c6470556d4846363a34623546455d6b6c70654d2c736964576661766f3d333f3a3d323d30343a332c796964577479706f3f7f676a3a6d6b6e7361267b6b645d61657b353b3a35313b3033393a3c30373a6138363e3a6b673b64383a3a313036383a3263323636306b6f336c3833323b3a3d30333c3230303a366a616935396c3d3262343e67373b383760303d3d626a303530386f6833313963383233663d633a343d6b333935613a3133353d6666693d69326a3b36356b3f6f65373b3638393c336d6469633d3b323830636936666132343b3e303c33313c64343c323b65663b6532646c6169353d643d30693537626b6365666e36676c6e68267b61645d79636d3d33383436303830393238653e3b6933326530316561336630303e68646a3032673c333e61633b6161313b643f606c31316a6b3136623e3b35323e363b3e6b6e653c6c31603c6c3a39353e3032323b3238666e343f3968346635313066313b61356d383f666b3c61673e333835323161393269603b336a373f3a6e6537663f6461676933616b6a32626e3c36376b683e65267b6966723732

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=98
Date: Wed, 25 Sep 2024 10:01:29 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/png;charset=UTF-8
Server: Apache

GET
H/1.1 200
OK RUgh340ikQN5nzDh Show response
imgs.signifyd.com/ Frame BAE5 0
398 B 45ms
41ms Script
text/javascript 91.235.133.113
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

91.235.133.113 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=2, max=97
Date: Wed, 25 Sep 2024 10:01:29 GMT
X-XSS-Protection: 1; mode=block
Content-Type: text/javascript
Server: Apache

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/

Domain: www.elfcosmetics.com
URL: blob:https://www.elfcosmetics.com/3f62973b-59a8-48f9-a469-771a19752e15

Verdicts & Comments Add Verdict or Comment

149 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

42 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: evJQCKxu458
.youtube.com/	1970-01-21 04:06:50	Name: VISITOR_INFO1_LIVE Value: P54Wd2toBT0
.youtube.com/	1970-01-21 04:06:50	Name: VISITOR_PRIVACY_METADATA Value: CgJERRIEEgAgEQ%3D%3D
.vimeo.com/	1970-01-21 09:23:38	Name: vuid Value: pl1611565700.1213841494
.vimeo.com/	1970-01-20 23:47:40	Name: __cf_bm Value: 8Gru9OQ2DRCEcjBbB1_16MWGhXCGyjM255KrfJlPELE-1727258482-1.0.1.1-OfcaiPZc.InWtYcGbWxeMrtRJK9c01exgpR5sCsqHXw3zxrZuxHrQ2_ki44JcL2b
.vimeo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: Avg98LclhTjdagNEwCGepNxuBU6qrGk2OS68IPIx820-1727258482888-0.0.1.1-604800000
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: initAuthComplete Value: true
.elfcosmetics.com/	1970-01-21 09:23:38	Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57 Value: g%3A72408676-6c9f-1e9f-8981-432e4c8c4b53%7Ce%3A1727260283399%7Cc%3A1727258483399%7Cl%3A1727258483399
.elfcosmetics.com/	1970-01-21 09:23:38	Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57 Value: g%3A7bf2a97d-6134-68ac-d60d-7999ec3566b6%7Ce%3Aundefined%7Cc%3A1727258483401%7Cl%3A1727258483401
.elfcosmetics.com/	1970-01-20 23:47:40	Name: _dyjsession Value: ix6lj6hknmcbx359hnvf4vrbju3x2lat
.elfcosmetics.com/	1969-12-31 23:59:59	Name: dy_fs_page Value: www.elfcosmetics.com%2Felf-cosmetic-criminals
.elfcosmetics.com/	1970-01-20 23:47:40	Name: _dy_csc_ses Value: ix6lj6hknmcbx359hnvf4vrbju3x2lat
.elfcosmetics.com/	1970-01-21 01:57:14	Name: _gcl_au Value: 1.1.716154409.1727258484
.dynamicyield.com/	1970-01-21 08:33:14	Name: DYID Value: 4476578267556732788
.elfcosmetics.com/	1970-01-21 00:30:50	Name: _dycnst Value: dg
.doubleclick.net/	1970-01-20 23:47:39	Name: test_cookie Value: CheckForPermission
.elfcosmetics.com/	1970-01-21 00:30:50	Name: _dyid Value: 4476578267556732788
.elfcosmetics.com/	1970-01-21 00:30:50	Name: _dycst Value: dk.l.c.ws.fst.
.elfcosmetics.com/	1970-01-21 00:30:50	Name: _dy_geo Value: DE.EU.DE_BY.DE_BY_Erlangen
.elfcosmetics.com/	1970-01-21 00:30:50	Name: _dy_df_geo Value: Germany..Erlangen
.elfcosmetics.com/	1970-01-21 00:30:50	Name: _dy_toffset Value: 0
.elfcosmetics.com/	1970-01-21 08:33:14	Name: _dy_soct Value: 1727258485!1652212.-1'1654610.0'1750272.-1!ix6lj6hknmcbx359hnvf4vrbju3x2lat~1248068.-1
.elfcosmetics.com/	1970-01-20 23:49:04	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+Sep+25+2024+12%3A01%3A25+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202406.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=558623b4-eaf0-4393-96a5-3e3df6d3fb18&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0%2C5%3A0%2CV2STACK42%3A0
.elfcosmetics.com/	1970-01-21 00:30:50	Name: rmStore Value: dmid:9097
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: dwsid Value: ogVVYZLLDu_VWl-imIlmxGOAK8IT0b7Fx0JqjxJ95uiNWfpqSix9cBFtGug5f2IJwPoKEPgn46mgunN8BXP0tw==
www.elfcosmetics.com/	1970-01-21 04:06:50	Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92 Value: bclXaVlegUmrARwXoVkqYYxKc1
.linksynergy.com/	1970-01-21 08:33:14	Name: rmuid Value: b11b6c55-e689-4962-a550-5c1981c3becf
.elfcosmetics.com/	1970-01-21 09:17:02	Name: _cs_c Value: 0
.elfcosmetics.com/	1970-01-21 09:17:02	Name: _cs_id Value: 69496b14-5f77-a1f0-f429-acd3e0c887bf.1727258486.1.1727258486.1727258486.1558384338.1761422486257.1
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.currency Value: USD
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: sid Value: FFpAO4VyM8yewvPwRImZ5tXfPpgEaIPmjNo
www.elfcosmetics.com/	1970-01-21 08:33:35	Name: _dyid_server Value: 4476578267556732788
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.InternationalUser Value: ""
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.location Value: US
www.elfcosmetics.com/	1970-01-20 23:49:04	Name: currentLocale Value: en_US
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.sessionid Value: bclXaVlegUmrARwXoVkqYYxKc1
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.LanguageIsoCode Value: en_US
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: __cq_dnt Value: 1
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: dw_dnt Value: 1
.elfcosmetics.com/	1970-01-20 23:47:40	Name: _cs_s Value: 1.5.0.1727260287723
imgs.signifyd.com/	1970-01-21 09:23:38	Name: thx_guid Value: 9d6d6ce761a4a8c7d5d7395c01be5b14
imgs.signifyd.com/	1970-01-21 09:23:38	Name: tmx_guid Value: AAyZV_CYPyv_eFhX7Xs_Guo4io97zEQTbr3T6uIjHlwVGeMlFnOxQlWPx31GttiMxZqY-jITVQCzSYEGumYPBvp82XMUTg

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 343) Message: Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/ from frame with URL https://www.elfcosmetics.com/elf-cosmetic-criminals. Domains, protocols and ports must match.
security	error	URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 343) Message: Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/ from frame with URL https://www.elfcosmetics.com/elf-cosmetic-criminals. Domains, protocols and ports must match.
security	error	URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 343) Message: Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.a7/ from frame with URL https://www.elfcosmetics.com/elf-cosmetic-criminals. Domains, protocols and ports must match.
network	error	URL: https://idsync.rlcdn.com/458359.gif?partner_uid=b11b6c55-e689-4962-a550-5c1981c3becf Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ade.googlesyndication.com
api.cquotient.com
api.ipify.org
api.retail.adeptmind.ai
async-px.dynamicyield.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
code.jquery.com
elfcosmetics.a.bigcontent.io
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
h64.online-metrix.net
idsync.rlcdn.com
imgs.signifyd.com
player.vimeo.com
qoe-1.yottaa.net
region1.google-analytics.com
sdk.iad-05.braze.com
sgtm.elfcosmetics.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.ordergroove.com
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
ut.rd.linksynergy.com
w2txo5aadb4ml5w5n5hoeglkih3y7p5fhiq3ymypd77c1b61074f7393am1.e.aa.online-metrix.net
websdk.appsflyer.com
www.cosmeticcriminals.com
www.elfcosmetics.com
www.google.com
www.googletagmanager.com
www.paypal.com
www.paypalobjects.com
www.youtube.com
cdn-fsly.yottaa.net
www.elfcosmetics.com
104.26.13.205
108.138.26.43
13.35.58.72
140.174.14.144
140.174.14.77
142.250.185.162
142.250.185.194
151.101.1.21
151.101.193.21
151.101.2.133
151.101.67.1
162.159.138.60
172.217.16.136
172.217.16.196
18.244.18.115
18.245.60.69
192.229.221.25
2001:4860:4802:32::36
204.141.89.114
2600:9000:2250:4000:15:ad21:c740:93a1
2600:9000:275d:9e00:a:b89d:a6c0:93a1
2606:4700:4400::6812:2089
2606:4700:4400::ac40:9595
2606:4700::6812:562a
2620:f3:0:14:b401:8ee8:4321:ad82
2a00:1450:4001:808::2008
2a00:1450:4001:82b::200e
2a02:26f0:3100::1735:2b10
2a02:26f0:3100::1735:2b28
2a02:26f0:3100::210:6e08
2a04:4e42:600::649
34.102.147.248
34.246.128.189
34.49.124.132
34.98.67.3
35.194.25.57
35.244.174.68
52.31.227.66
63.32.124.192
91.235.132.130
91.235.133.113
91.235.134.131
95.100.65.127
061955efa53a8b020cc1e1e49c6fb1ac84de54cbed6fb30e4b0553556b53363e
12a9667fd6b08fd3a1d424ec68050efcf81b3ff05bcfea4afa13f37ef1c61eea
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a
14e7ab9ccfec687db6bfd80ed77500b39e40e14f79e048ee9556aa51fb9ea974
17a0777d51bc31456f20c1bfa381b4aefa5e35c6b99c588f7210d69f05f55c63
195ddb8f46ffd7bc967f35c5618b15a03707ecf7dce188f217dfb1d7abf247d4
1961d18c3e6b963bbb09b850a484e8c10fca2938ffe503e4f693c6e673618f87
1d229271d7e6bd58fcf45a8a3cf3ab6f7270f0f6eb2495d15566f9ae7f184771
1ddc89ba3c2a29bf8b6a376737d491efdb8f9bcebc7c635639cda62390f45a06
1e3e46bfe2e437ec88b337c4893c591c726abfaafe957984466738e317ec5478
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
290f9c6084b46b94850626f1dbe6df20c7a805bed18c5aad6360bcc4da3bfae6
2985943acce4e323a6edbcbd4e8e201304daa25ed521eabd42f224f998d75149
2ba5133b915cc8a3827d1aaa2cadb5779f4b251b4d169df08ead2acd0343e36a
31256dcc95c625c3ff460b31f698a79d3daf4357426f853a158c315569b54881
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
3a64796a62838e6b7b14d9525fec88fcbf20b461fc39a018a1d30c9802545415
429b9a757e5aae34ab5c96905f653e47626363ccbc1ae943376af9756d0b7df5
444a7c79f9643674d1cd3921674999c6b30e74b01441e4e931f1efa7d1775537
47407e3845cb067265a07cb279ccc7a38b927b0c2dc034b627f089115ac0d306
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4b9c25804ec3934f4a8c8e636ed7aa2212cfafcccf903a5c60bd5b98d028d2f0
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50c3eb43047304feefb26888400d7851e8ed872ef1f86f8c1e2abddbc2b318d8
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
60604eb6ccf99a00d1666b9081d65b4e917ba2b4d295403e2a75887326aa3e15
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
70c3c8c11fe43a3931b5540cbbad1392a48dcfb133574102e3cb7045d062b93f
71a4cb0f4ed855266207e8102d30e19a27ceaf6c46a804ce426aedd7592e653b
76c71261b7947b5f77fea2e63f2290f5b0db429de26396663fae8e3114083907
77e2c94900d184c63156b92c0ceb733df24e0d0ce9e94ab9fe59834d6c9c954f
794b9f4fa15362394d9913554121b956f2ee5f5dc368540a8cc761dc9c7668f1
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7b78b9170d1e1da68dd52e57d79c9e906137b28f87eca1f17b2c350f73d1f3ba
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
851023e8e196d0e90861b94b5fe9bf3d9c4fb03062e3b4cb23e5b3d486a0bbae
89885eb2139e36fe515d72552c6158902bb19df8901ecdd864fda554171a2315
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
8fc15a92e4e7c6cf01d7e052a3fdc141b0ac780dc447a3e64a08156226b1b362
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac
95170df4ce568ac6a712c027a77f8641b01763595b0f0c82a1101f13cdf4dc8f
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9ad5efa95bffc74ea0c27de7f2e45ab2482d3116bd8ce99aef06050e30fd8f9d
9d79aac06dbaef26269f489aaef0fd5bf465e8275c5cfbf7589583a596cf356b
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a8ae335e33cd6353e47d5171c4b90e91d5fd3840890e6e01156109de0001f5f0
a92babe0280635e6b8a8cd8b631230f248bfa16bfb2ae7a7e04d404df5518ccb
aca990e4ea5c882dcfe05c1b6de93300cc4e0ed49fe61d511422b67c9953ec0d
aeee9aebaecc181d6dbe789f0f6ef4ec4311514a17dca3b3e52dc6466d55daed
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22
b2c82f5c644642eaf49a35494ac5ff60228d32e3b6fb3bd067693c2ba05efc96
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b50038ad6b0d87bfbfaa940f269aff36d438741d119d8aaf57fbf97712a5caa3
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb378098ee9eb555df3b46abb37f65c770427b74147322c7707da6f623b28144
bb6a5a8bd33ff703e2916b7c2b6066ea235e02293da907e3f20cdb2bc0441c6b
bf500a4c158d24ba238d521a5fa775e693d03c507fa3f882bffbbeaf9fedeb64
c3ce398755176d7bb65a5a106fd0e3a165297640d7f21323c1509c5d5a0fe794
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
ce6d7f008824d9f6af00150bf70a49369a24381165b5808efa74e68518e6d58d
cf6d9b086af287c89886354eedeb71e3e186c8d3922096eb2cacb3d509075ab6
d1c837b83e593f154428f1615709ad1146a51818f6973ad5ea0d24c2bb619670
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca
d7d6f2d3cc5c5e3b057e899b45fb372d18890b7b61e0df9ced47891f9bbf0061
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
dca15999e1000a38044db4f1c001807099495b9cee6f57f54addd6a1efd1e738
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40e7b46b99c06e47841ff53e4417b6c887631d383aac28114e4ab83ccddc6f7
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e79dea9b0707ff2fa615359bdb9683037505ddb2a00daae13de4ae1a80055adf
e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029
e9433f83f20500145850d5aabddced402dcfc94e310072e9a3f545df0bdb9f96
ea7c1612005824699aa4574b764875370605733abc4d06f0650d309772423239
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4338432a4f77cc8cdc083e79c3cd4766ad95810a7fe2e0ba5e2f1905df53f7b
f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6

www.elfcosmetics.com Open in urlscan Pro 140.174.14.144 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

133 Requests

90 %HTTPS

30 %IPv6

30 Domains

41 Subdomains

42 IPs

4 Countries

12081 kBTransfer

20686 kBSize

42 Cookies

18 Outgoing links

Page URL History

Redirected requests

133 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.elfcosmetics.com Open in urlscan Pro
140.174.14.144 Public Scan

Screenshot
Live screenshot

Full Image

133
Requests

90 %
HTTPS

30 %
IPv6

30
Domains

41
Subdomains

42
IPs

4
Countries

12081 kB
Transfer

20686 kB
Size

42
Cookies

133 HTTP transactions
3 data transactions