urlscan.io logo urlscan.io
SecurityTrails logo

www.elfcosmetics.com Open in urlscan Pro
204.2.50.125  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.cosmeticcriminals.com/
Effective URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Submission: On December 25 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 78 IPs in 3 countries across 55 domains to perform 258 HTTP transactions. The main IP is 204.2.50.125, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 72365.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 11th 2024. Valid for: a year.
This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 165.254.198.210 393259 (YOTTAA-AS-1)
1 26 204.2.50.125 393259 (YOTTAA-AS-1)
4 151.101.66.133 54113 (FASTLY)
2 162.159.138.60 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
3 172.64.145.183 13335 (CLOUDFLAR...)
5 19 2606:4700:440... 13335 (CLOUDFLAR...)
1 2a04:4e42::649 54113 (FASTLY)
3 2607:f8b0:400... 15169 (GOOGLE)
5 2606:4700:440... 13335 (CLOUDFLAR...)
12 2606:4700::68... 13335 (CLOUDFLAR...)
3 2600:9000:28a... 16509 (AMAZON-02)
6 2607:f8b0:400... 15169 (GOOGLE)
2 104.26.13.205 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
8 104.18.38.107 13335 (CLOUDFLAR...)
1 2600:9000:27c... 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 3 172.253.115.104 15169 (GOOGLE)
1 2600:9000:230... 16509 (AMAZON-02)
10 18.165.83.57 16509 (AMAZON-02)
1 1 54.90.6.32 14618 (AMAZON-AES)
1 18.160.18.74 16509 (AMAZON-02)
2 3 68.67.161.208 29990 (ASN-APPNEX)
4 4 35.71.131.137 16509 (AMAZON-02)
1 1 69.173.146.5 26667 (RUBICONPR...)
2 2 142.251.174.157 15169 (GOOGLE)
1 2 104.18.27.193 13335 (CLOUDFLAR...)
1 15.197.236.154 16509 (AMAZON-02)
1 34.102.147.248 396982 (GOOGLE-CL...)
4 151.101.1.21 54113 (FASTLY)
1 23.47.22.7 16625 (AKAMAI-AS)
1 18.160.10.125 16509 (AMAZON-02)
2 2600:1408:c40... 20940 (AKAMAI-AS...)
2 2600:1408:c40... 20940 (AKAMAI-AS...)
2 31.13.66.19 32934 (FACEBOOK)
2 2a04:4e42::396 54113 (FASTLY)
3 2620:1ec:33::10 8075 (MICROSOFT...)
10 151.101.1.44 54113 (FASTLY)
14 23.212.248.141 20940 (AKAMAI-AS...)
2 2600:9000:27c... 16509 (AMAZON-02)
1 34.120.253.250 396982 (GOOGLE-CL...)
4 104.18.8.17 13335 (CLOUDFLAR...)
4 34.49.124.132 396982 (GOOGLE-CL...)
2 173.194.207.149 15169 (GOOGLE)
1 151.101.129.21 54113 (FASTLY)
1 3.167.88.57 16509 (AMAZON-02)
1 209.85.201.148 15169 (GOOGLE)
1 209.85.201.149 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
4 74.125.192.94 15169 (GOOGLE)
2 151.101.129.140 54113 (FASTLY)
1 2607:f8b0:400... 15169 (GOOGLE)
1 99.84.188.31 16509 (AMAZON-02)
1 151.101.3.1 54113 (FASTLY)
1 3.213.38.112 14618 (AMAZON-AES)
2 34.98.67.3 396982 (GOOGLE-CL...)
6 23.220.128.196 16625 (AKAMAI-AS)
1 2600:9000:247... 16509 (AMAZON-02)
2 157.240.229.35 32934 (FACEBOOK)
8 34.98.72.95 396982 (GOOGLE-CL...)
2 172.253.115.103 15169 (GOOGLE)
1 1 172.217.222.157 15169 (GOOGLE)
1 1 173.194.66.156 15169 (GOOGLE)
4 104.18.9.17 13335 (CLOUDFLAR...)
1 173.194.205.102 15169 (GOOGLE)
1 141.226.224.32 200478 (TABOOLA-A...)
2 3.162.103.75 16509 (AMAZON-02)
4 141.226.224.48 200478 (TABOOLA-A...)
1 34.149.157.115 396982 (GOOGLE-CL...)
1 35.201.112.105 396982 (GOOGLE-CL...)
1 34.120.126.172 396982 (GOOGLE-CL...)
1 1 2600:9000:26c... 16509 (AMAZON-02)
1 2 52.85.132.4 16509 (AMAZON-02)
3 44.217.190.26 14618 (AMAZON-AES)
2 108.138.64.38 16509 (AMAZON-02)
5 50.16.172.121 14618 (AMAZON-AES)
2 34.149.130.207 396982 (GOOGLE-CL...)
4 34.111.8.32 396982 (GOOGLE-CL...)
1 2600:1901:0:5... 396982 (GOOGLE-CL...)
13 192.225.157.157 30286 (THM)
1 34.248.124.161 16509 (AMAZON-02)
2 2 35.244.154.8 396982 (GOOGLE-CL...)
2 192.225.158.1 30286 (THM)
1 192.225.158.3 30286 (THM)
258 78
1    165.254.198.210 (United States)

ASN393259 (YOTTAA-AS-1, US)
www.cosmeticcriminals.com
26    204.2.50.125 (United States)

ASN393259 (YOTTAA-AS-1, US)
www.elfcosmetics.com
4    151.101.66.133 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn-fsly.yottaa.net
2    162.159.138.60 (None, )

ASN13335 (CLOUDFLARENET, US)
player.vimeo.com
1    2607:f8b0:400d:c00::5b (Morganton, United States)

ASN15169 (GOOGLE, US)
www.youtube.com
3    172.64.145.183 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
elfcosmetics.a.bigcontent.io
19    2606:4700:4400::ac40:9b23 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.media.amplience.net
1    2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
3    2607:f8b0:400d:c01::5d (Morganton, United States)

ASN15169 (GOOGLE, US)
www.youtube.com
5    2606:4700:4400::6812:252f (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.static.amplience.net
12    2606:4700::6812:572a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
3    2600:9000:28a9:a000:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.dynamicyield.com
6    2607:f8b0:400d:c09::61 (Morganton, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    104.26.13.205 (None, )

ASN13335 (CLOUDFLARENET, US)
api.ipify.org
2    2606:4700:3037::ac43:8ef5 (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
8    104.18.38.107 (None, )

ASN13335 (CLOUDFLARENET, US)
sdk.iad-05.braze.com
1    2600:9000:27c2:5c00:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)
st.dynamicyield.com
1    2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
3    172.253.115.104 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f104.1e100.net
www.google.com
1    2600:9000:2305:5400:1c:df99:ffc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rcom.dynamicyield.com
10    18.165.83.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-83-57.iad55.r.cloudfront.net
async-px.dynamicyield.com
1    54.90.6.32 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-90-6-32.compute-1.amazonaws.com
pixel.pointmediatracker.com
1    18.160.18.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-18-74.iad12.r.cloudfront.net
cdn.blisspointmedia.com
3    68.67.161.208 (Colonia, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
ib.adnxs.com
4    35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
insight.adsrvr.org
match.adsrvr.org
1    69.173.146.5 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
2    142.251.174.157 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: qc-in-f157.1e100.net
cm.g.doubleclick.net
2    104.18.27.193 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
1    15.197.236.154 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0540a066b92ce4ca.awsglobalaccelerator.com
qoe-1.yottaa.net
1    34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com
tag.rmp.rakuten.com
4    151.101.1.21 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.paypal.com
1    23.47.22.7 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-22-7.deploy.static.akamaitechnologies.com
static.ordergroove.com
1    18.160.10.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-10-125.iad12.r.cloudfront.net
websdk.appsflyer.com
2    2600:1408:c400:22::17d4:fb0b (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
a42cdn.usablenet.com
2    2600:1408:c400:387::1931 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
s.pinimg.com
2    31.13.66.19 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-iad3.fbcdn.net
connect.facebook.net
2    2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
3    2620:1ec:33::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
10    151.101.1.44 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn.taboola.com
psb.taboola.com
trc.taboola.com
pips.taboola.com
14    23.212.248.141 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-212-248-141.deploy.static.akamaitechnologies.com
analytics.tiktok.com
2    2600:9000:27c2:b000:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.jebbit.com
1    34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com
tag.wknd.ai
4    104.18.8.17 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn8.eu.inside.chat
4    34.49.124.132 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 132.124.49.34.bc.googleusercontent.com
sgtm.elfcosmetics.com
2    173.194.207.149 (United States)

ASN15169 (GOOGLE, US)
PTR: qk-in-f149.1e100.net
ad.doubleclick.net
1    151.101.129.21 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.paypal.com
1    3.167.88.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-167-88-57.iad55.r.cloudfront.net
t.contentsquare.net
1    209.85.201.148 (United States)

ASN15169 (GOOGLE, US)
PTR: qu-in-f148.1e100.net
9231397.fls.doubleclick.net
1    209.85.201.149 (United States)

ASN15169 (GOOGLE, US)
PTR: qu-in-f149.1e100.net
10742279.fls.doubleclick.net
2    2607:f8b0:400d:c02::64 (Morganton, United States)

ASN15169 (GOOGLE, US)
analytics.google.com
2    2607:f8b0:4004:c06::9b (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
4    74.125.192.94 (United States)

ASN15169 (GOOGLE, US)
PTR: qn-in-f94.1e100.net
www.google.ca
2    151.101.129.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
pixel-config.reddit.com
alb.reddit.com
1    2607:f8b0:400d:c1d::5e (Morganton, United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    99.84.188.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-188-31.iad89.r.cloudfront.net
banner.appsflyer.com
1    151.101.3.1 (San Francisco, United States)

ASN54113 (FASTLY, US)
t.paypal.com
1    3.213.38.112 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-38-112.compute-1.amazonaws.com
external-api.jebbit.com
2    34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com
ut.rd.linksynergy.com
tags.rd.linksynergy.com
6    23.220.128.196 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-220-128-196.deploy.static.akamaitechnologies.com
ct.pinterest.com
1    2600:9000:2479:4400:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.cnnx.link
2    157.240.229.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-iad3.facebook.com
www.facebook.com
8    34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com
assets.bounceexchange.com
2    172.253.115.103 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f103.1e100.net
www.google.com
1    172.217.222.157 (United States)

ASN15169 (GOOGLE, US)
PTR: qi-in-f157.1e100.net
www.googleadservices.com
1    173.194.66.156 (United States)

ASN15169 (GOOGLE, US)
PTR: qo-in-f156.1e100.net
googleads.g.doubleclick.net
4    104.18.9.17 (None, )

ASN13335 (CLOUDFLARENET, US)
www8.eu.inside.chat
1    173.194.205.102 (United States)

ASN15169 (GOOGLE, US)
PTR: qm-in-f102.1e100.net
analytics.google.com
1    141.226.224.32 (United States)

ASN200478 (TABOOLA-AS Taboola.com ltd, IL)
cds.taboola.com
2    3.162.103.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-103-75.iad61.r.cloudfront.net
cdn.us.heap-api.com
4    141.226.224.48 (United States)

ASN200478 (TABOOLA-AS Taboola.com ltd, IL)
trc-events.taboola.com
1    34.149.157.115 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 115.157.149.34.bc.googleusercontent.com
data.cdnbasket.net
1    35.201.112.105 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 105.112.201.35.bc.googleusercontent.com
page.cdnbasket.net
1    34.120.126.172 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 172.126.120.34.bc.googleusercontent.com
view.cdnbasket.net
1    2600:9000:26c1:8000:1b:6b7d:2300:93a1 (United States)

ASN16509 (AMAZON-02, US)
sync.intentiq.com
2    52.85.132.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-132-4.iad50.r.cloudfront.net
syncv4.intentiq.com
3    44.217.190.26 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-217-190-26.compute-1.amazonaws.com
c.contentsquare.net
2    108.138.64.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-64-38.iad12.r.cloudfront.net
cdn-scripts.signifyd.com
5    50.16.172.121 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-172-121.compute-1.amazonaws.com
c.us.heap-api.com
2    34.149.130.207 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 207.130.149.34.bc.googleusercontent.com
pd.cdnwidget.com
idr.cdnwidget.com
4    34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com
api.bounceexchange.com
events.bouncex.net
1    2600:1901:0:56e0:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
ids.cdnwidget.com
13    192.225.157.157 (United States)

ASN30286 (THM, US)
imgs.signifyd.com
1    34.248.124.161 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-124-161.eu-west-1.compute.amazonaws.com
srm.ba.contentsquare.net
2    35.244.154.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com
idsync.rlcdn.com
2    192.225.158.1 (United States)

ASN30286 (THM, US)
h.online-metrix.net
h64.online-metrix.net
1    192.225.158.3 (United States)

ASN30286 (THM, US)
w2txo5aa36h3wt3vvakc6zoy7kfwjwmfka6ngrkod8fb95c47a7079e5sac.d.aa.online-metrix.net
Apex Domain
Subdomains		 Transfer
30 elfcosmetics.com
www.elfcosmetics.com — Cisco Umbrella Rank: 72365
sgtm.elfcosmetics.com — Cisco Umbrella Rank: 164582
438 KB
24 amplience.net
cdn.media.amplience.net — Cisco Umbrella Rank: 12022
cdn.static.amplience.net — Cisco Umbrella Rank: 44218
9 MB
15 signifyd.com
cdn-scripts.signifyd.com — Cisco Umbrella Rank: 8305
imgs.signifyd.com — Cisco Umbrella Rank: 6976
77 KB
15 taboola.com
cdn.taboola.com — Cisco Umbrella Rank: 934
psb.taboola.com — Cisco Umbrella Rank: 6026
trc.taboola.com — Cisco Umbrella Rank: 763
pips.taboola.com — Cisco Umbrella Rank: 1948
cds.taboola.com — Cisco Umbrella Rank: 1786
trc-events.taboola.com — Cisco Umbrella Rank: 2914
125 KB
15 dynamicyield.com
cdn.dynamicyield.com — Cisco Umbrella Rank: 8471
st.dynamicyield.com — Cisco Umbrella Rank: 7736
rcom.dynamicyield.com — Cisco Umbrella Rank: 8193
async-px.dynamicyield.com — Cisco Umbrella Rank: 8200
261 KB
14 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 799
245 KB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 329
188 KB
9 bounceexchange.com
assets.bounceexchange.com — Cisco Umbrella Rank: 2528
api.bounceexchange.com — Cisco Umbrella Rank: 2892
175 KB
9 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 284
ad.doubleclick.net — Cisco Umbrella Rank: 145
9231397.fls.doubleclick.net — Cisco Umbrella Rank: 228654
10742279.fls.doubleclick.net — Cisco Umbrella Rank: 228413
stats.g.doubleclick.net — Cisco Umbrella Rank: 135
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
3 KB
8 inside.chat
cdn8.eu.inside.chat — Cisco Umbrella Rank: 169444
www8.eu.inside.chat — Cisco Umbrella Rank: 219679
125 KB
8 google.com
www.google.com — Cisco Umbrella Rank: 3
analytics.google.com — Cisco Umbrella Rank: 142
1 KB
8 braze.com
sdk.iad-05.braze.com — Cisco Umbrella Rank: 2839
1 KB
7 heap-api.com
cdn.us.heap-api.com — Cisco Umbrella Rank: 13696
c.us.heap-api.com — Cisco Umbrella Rank: 11180
79 KB
6 pinterest.com
ct.pinterest.com — Cisco Umbrella Rank: 953
4 KB
6 paypal.com
www.paypal.com — Cisco Umbrella Rank: 3003
t.paypal.com — Cisco Umbrella Rank: 3701
127 KB
6 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
551 KB
5 contentsquare.net
t.contentsquare.net — Cisco Umbrella Rank: 3248
c.contentsquare.net — Cisco Umbrella Rank: 4183
srm.ba.contentsquare.net — Cisco Umbrella Rank: 17164
91 KB
5 yottaa.net
cdn-fsly.yottaa.net — Cisco Umbrella Rank: 36667 Failed
qoe-1.yottaa.net — Cisco Umbrella Rank: 11187
2 MB
4 google.ca
www.google.ca — Cisco Umbrella Rank: 11557
253 B
4 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 960
match.adsrvr.org — Cisco Umbrella Rank: 377
3 KB
4 youtube.com
www.youtube.com — Cisco Umbrella Rank: 79
13 KB
3 online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 2565
h64.online-metrix.net — Cisco Umbrella Rank: 2033
w2txo5aa36h3wt3vvakc6zoy7kfwjwmfka6ngrkod8fb95c47a7079e5sac.d.aa.online-metrix.net
837 B
3 bouncex.net
events.bouncex.net — Cisco Umbrella Rank: 2435
401 B
3 cdnwidget.com
pd.cdnwidget.com — Cisco Umbrella Rank: 3926
ids.cdnwidget.com — Cisco Umbrella Rank: 4081
idr.cdnwidget.com — Cisco Umbrella Rank: 6194
1 KB
3 intentiq.com
sync.intentiq.com — Cisco Umbrella Rank: 1052
syncv4.intentiq.com — Cisco Umbrella Rank: 23409
3 KB
3 cdnbasket.net
data.cdnbasket.net — Cisco Umbrella Rank: 5144
page.cdnbasket.net — Cisco Umbrella Rank: 5151
view.cdnbasket.net — Cisco Umbrella Rank: 5149
1014 B
3 jebbit.com
js.jebbit.com — Cisco Umbrella Rank: 43163
external-api.jebbit.com — Cisco Umbrella Rank: 43760
61 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 359
15 KB
3 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 495
ib.adnxs.com — Cisco Umbrella Rank: 281
3 KB
3 bigcontent.io
elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 142112
9 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 476
838 B
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 120
217 B
2 linksynergy.com
ut.rd.linksynergy.com — Cisco Umbrella Rank: 9852
tags.rd.linksynergy.com — Cisco Umbrella Rank: 5905
697 B
2 reddit.com
pixel-config.reddit.com — Cisco Umbrella Rank: 2010
alb.reddit.com — Cisco Umbrella Rank: 1418
761 B
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1095
13 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 192
77 KB
2 pinimg.com
s.pinimg.com — Cisco Umbrella Rank: 1065
25 KB
2 usablenet.com
a42cdn.usablenet.com — Cisco Umbrella Rank: 54007
7 KB
2 appsflyer.com
websdk.appsflyer.com — Cisco Umbrella Rank: 5968
banner.appsflyer.com — Cisco Umbrella Rank: 15896
15 KB
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 607
1 KB
2 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1331
8 KB
2 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2001
549 B
2 vimeo.com
player.vimeo.com — Cisco Umbrella Rank: 2102
12 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 96
23 B
1 cnnx.link
js.cnnx.link — Cisco Umbrella Rank: 9678
1 KB
1 gstatic.com
www.gstatic.com
216 KB
1 wknd.ai
tag.wknd.ai — Cisco Umbrella Rank: 3897
6 KB
1 ordergroove.com
static.ordergroove.com — Cisco Umbrella Rank: 26396
52 KB
1 rakuten.com
tag.rmp.rakuten.com — Cisco Umbrella Rank: 8119
15 KB
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 419
2 KB
1 blisspointmedia.com
cdn.blisspointmedia.com — Cisco Umbrella Rank: 7547
1 KB
1 pointmediatracker.com
pixel.pointmediatracker.com — Cisco Umbrella Rank: 13817
451 B
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 514
295 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 847
24 KB
1 cosmeticcriminals.com
www.cosmeticcriminals.com
2 KB
258 55
Domain Requested by
26 www.elfcosmetics.com 1 redirects cdn-fsly.yottaa.net
www.elfcosmetics.com
19 cdn.media.amplience.net 5 redirects www.elfcosmetics.com
14 analytics.tiktok.com www.elfcosmetics.com
analytics.tiktok.com
13 imgs.signifyd.com www.elfcosmetics.com
imgs.signifyd.com
12 cdn.cookielaw.org cdn-fsly.yottaa.net
cdn.cookielaw.org
www.elfcosmetics.com
10 async-px.dynamicyield.com cdn.dynamicyield.com
t.contentsquare.net
8 assets.bounceexchange.com www.elfcosmetics.com
8 sdk.iad-05.braze.com cdn-fsly.yottaa.net
6 ct.pinterest.com s.pinimg.com
www.elfcosmetics.com
6 www.googletagmanager.com www.elfcosmetics.com
www.googletagmanager.com
5 c.us.heap-api.com cdn.us.heap-api.com
5 cdn.taboola.com www.elfcosmetics.com
5 www.paypal.com www.elfcosmetics.com
www.paypal.com
5 www.google.com 1 redirects www.googletagmanager.com
www.elfcosmetics.com
cdn-fsly.yottaa.net
www.gstatic.com
5 cdn.static.amplience.net www.elfcosmetics.com
4 trc-events.taboola.com cdn.taboola.com
t.contentsquare.net
4 www8.eu.inside.chat cdn8.eu.inside.chat
t.contentsquare.net
4 www.google.ca
4 sgtm.elfcosmetics.com www.googletagmanager.com
t.contentsquare.net
4 cdn8.eu.inside.chat www.elfcosmetics.com
4 www.youtube.com www.elfcosmetics.com
4 cdn-fsly.yottaa.net www.elfcosmetics.com
3 events.bouncex.net
3 c.contentsquare.net
3 trc.taboola.com www.elfcosmetics.com
cdn.taboola.com
3 analytics.google.com www.googletagmanager.com
3 bat.bing.com www.elfcosmetics.com
3 match.adsrvr.org 3 redirects
3 cdn.dynamicyield.com www.elfcosmetics.com
3 elfcosmetics.a.bigcontent.io www.elfcosmetics.com
2 idsync.rlcdn.com 2 redirects
2 cdn-scripts.signifyd.com www.elfcosmetics.com
2 syncv4.intentiq.com 1 redirects
2 cdn.us.heap-api.com www.elfcosmetics.com
2 www.facebook.com
2 stats.g.doubleclick.net www.googletagmanager.com
2 ad.doubleclick.net
2 js.jebbit.com www.elfcosmetics.com
2 www.redditstatic.com www.elfcosmetics.com
www.redditstatic.com
2 connect.facebook.net www.elfcosmetics.com
2 s.pinimg.com www.elfcosmetics.com
2 a42cdn.usablenet.com www.elfcosmetics.com
2 dsum-sec.casalemedia.com 1 redirects
2 cm.g.doubleclick.net 2 redirects
2 secure.adnxs.com 1 redirects
2 use.fontawesome.com www.elfcosmetics.com
use.fontawesome.com
2 api.ipify.org cdn-fsly.yottaa.net
2 player.vimeo.com www.elfcosmetics.com
1 idr.cdnwidget.com
1 w2txo5aa36h3wt3vvakc6zoy7kfwjwmfka6ngrkod8fb95c47a7079e5sac.d.aa.online-metrix.net
1 h64.online-metrix.net imgs.signifyd.com
1 h.online-metrix.net imgs.signifyd.com
1 tags.rd.linksynergy.com
1 srm.ba.contentsquare.net t.contentsquare.net
1 ids.cdnwidget.com t.contentsquare.net
1 api.bounceexchange.com www.elfcosmetics.com
1 pd.cdnwidget.com t.contentsquare.net
1 sync.intentiq.com 1 redirects
1 view.cdnbasket.net assets.bounceexchange.com
1 page.cdnbasket.net assets.bounceexchange.com
1 data.cdnbasket.net assets.bounceexchange.com
1 cds.taboola.com cdn.taboola.com
1 pips.taboola.com cdn.taboola.com
1 googleads.g.doubleclick.net 1 redirects
1 www.googleadservices.com 1 redirects
1 js.cnnx.link www.elfcosmetics.com
1 ut.rd.linksynergy.com www.elfcosmetics.com
1 external-api.jebbit.com js.jebbit.com
1 t.paypal.com
1 banner.appsflyer.com websdk.appsflyer.com
1 www.gstatic.com www.elfcosmetics.com
1 psb.taboola.com cdn.taboola.com
1 alb.reddit.com
1 pixel-config.reddit.com www.redditstatic.com
1 10742279.fls.doubleclick.net www.elfcosmetics.com
1 9231397.fls.doubleclick.net www.elfcosmetics.com
1 t.contentsquare.net www.elfcosmetics.com
1 tag.wknd.ai www.elfcosmetics.com
1 websdk.appsflyer.com www.elfcosmetics.com
1 static.ordergroove.com www.elfcosmetics.com
1 tag.rmp.rakuten.com www.elfcosmetics.com
1 qoe-1.yottaa.net www.elfcosmetics.com
1 ib.adnxs.com 1 redirects
1 pixel.rubiconproject.com 1 redirects
1 insight.adsrvr.org 1 redirects
1 cdn.blisspointmedia.com
1 pixel.pointmediatracker.com 1 redirects
1 rcom.dynamicyield.com cdn.dynamicyield.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 st.dynamicyield.com www.elfcosmetics.com
1 code.jquery.com www.elfcosmetics.com
1 www.cosmeticcriminals.com 1 redirects
258 92
Subject Issuer Validity Valid
*.elfcosmetics.com
Sectigo RSA Domain Validation Secure Server CA		 2024-10-11 -
2025-11-11		 a year crt.sh
*.yottaa.net
GlobalSign RSA OV SSL CA 2018		 2024-09-05 -
2025-10-07		 a year crt.sh
vimeo.com
WE1		 2024-11-23 -
2025-02-21		 3 months crt.sh
*.google.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
*.bigcontent.io
GeoTrust TLS RSA CA G1		 2024-04-02 -
2025-05-03		 a year crt.sh
dm.amplience.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-08-05 -
2025-08-14		 a year crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
cookielaw.org
WE1		 2024-12-09 -
2025-03-09		 3 months crt.sh
*.dynamicyield.com
Amazon RSA 2048 M03		 2024-08-18 -
2025-09-16		 a year crt.sh
*.google-analytics.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
ipify.org
WE1		 2024-11-13 -
2025-02-11		 3 months crt.sh
use.fontawesome.com
WE1		 2024-11-07 -
2025-02-06		 3 months crt.sh
sdk.iad-05.braze.com
WE1		 2024-12-11 -
2025-03-11		 3 months crt.sh
geolocation.onetrust.com
WE1		 2024-12-09 -
2025-03-09		 3 months crt.sh
tag.rmp.rakuten.com
WR3		 2024-11-24 -
2025-02-22		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-08 -
2025-02-08		 a year crt.sh
*.ordergroove.com
Go Daddy Secure Certificate Authority - G2		 2024-08-09 -
2025-08-20		 a year crt.sh
*.appsflyer.com
Amazon RSA 2048 M03		 2024-02-04 -
2025-03-03		 a year crt.sh
cert-00025-cdnedge-bluemix.akamaized.net
R11		 2024-12-17 -
2025-03-17		 3 months crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-08-02 -
2025-08-07		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-10-03 -
2025-01-01		 3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-10-06 -
2025-04-03		 6 months crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 08		 2024-12-15 -
2025-06-13		 6 months crt.sh
*.taboola.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-12-01 -
2025-12-31		 a year crt.sh
*.tiktok.com
RapidSSL TLS ECC CA G1		 2024-07-15 -
2025-07-15		 a year crt.sh
*.jebbit.com
Amazon RSA 2048 M02		 2024-04-23 -
2025-05-21		 a year crt.sh
tag.wknd.ai
R10		 2024-11-14 -
2025-02-12		 3 months crt.sh
eu.inside.chat
WE1		 2024-11-26 -
2025-02-24		 3 months crt.sh
sgtm.elfcosmetics.com
WR3		 2024-11-05 -
2025-02-03		 3 months crt.sh
*.doubleclick.net
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
t.contentsquare.net
Amazon RSA 2048 M03		 2024-08-13 -
2025-09-10		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
*.google.ca
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-10-13 -
2025-04-11		 6 months crt.sh
*.gstatic.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-06-21 -
2025-06-20		 a year crt.sh
*.rd.linksynergy.com
ZeroSSL RSA Domain Secure Site CA		 2024-01-23 -
2025-01-22		 a year crt.sh
js.cnnx.link
Amazon RSA 2048 M02		 2024-06-09 -
2025-07-08		 a year crt.sh
assets.bounceexchange.com
WR3		 2024-11-10 -
2025-02-08		 3 months crt.sh
cdn.us.heap-api.com
Amazon RSA 2048 M02		 2024-10-10 -
2025-11-08		 a year crt.sh
data.cdnbasket.net
WR3		 2024-10-28 -
2025-01-26		 3 months crt.sh
page.cdnbasket.net
WR3		 2024-11-06 -
2025-02-04		 3 months crt.sh
view.cdnbasket.net
WR3		 2024-11-05 -
2025-02-03		 3 months crt.sh
dep.bf.contentsquare.net
R11		 2024-10-30 -
2025-01-28		 3 months crt.sh
cdn-scripts.signifyd.com
Amazon RSA 2048 M02		 2024-06-02 -
2025-06-30		 a year crt.sh
c.us.heap-api.com
Amazon RSA 2048 M03		 2024-02-01 -
2025-03-02		 a year crt.sh
pd.cdnwidget.com
R11		 2024-11-07 -
2025-02-05		 3 months crt.sh
*.wunderkind.co
R11		 2024-11-29 -
2025-02-27		 3 months crt.sh
ids.cdnwidget.com
R10		 2024-11-07 -
2025-02-05		 3 months crt.sh
imgs.signifyd.com
Go Daddy Secure Certificate Authority - G2		 2024-11-13 -
2025-12-15		 a year crt.sh
srm.ba.contentsquare.net
Amazon RSA 2048 M03		 2024-10-08 -
2025-11-07		 a year crt.sh
online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2024-09-19 -
2025-10-20		 a year crt.sh
*.aa.online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2024-09-19 -
2025-10-20		 a year crt.sh
idr.cdnwidget.com
R11		 2024-11-07 -
2025-02-05		 3 months crt.sh

This page contains 15 frames:

Primary Page: https://www.elfcosmetics.com/elf-cosmetic-criminals
Frame ID: C9C5496110749616AA90FCDC16C49C51
Requests: 226 HTTP requests in this frame

Frame: https://player.vimeo.com/video/985935623?h=0fd60177fc&badge=0&autopause=0&player_id=0&app_id=58479
Frame ID: 09FC78EF3D8A8F15A183FCD8F4AA3EC0
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: FB7ED6FE417982C0675370025238EBF9
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fwww.elfcosmetics.com
Frame ID: 1488F7DC63D6828D710E64D943580619
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.65.2&integrationType=SDK
Frame ID: 4E8FDDEABEED3E73437A14E42E4AA1C3
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=7411371936582;npa=1;auiddc=538264627.1735108761;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;ps=1;pcor=1170017987;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals
Frame ID: B9F102BFB405F4B135B13691AD724EC7
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=4599730919444;npa=1;auiddc=538264627.1735108761;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;ps=1;pcor=1426075789;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals
Frame ID: 785D014440C92333E8ADB6E4ECA83D8B
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcA2G4UAAAAAK-fHuRDYBsNQoJlqlDqQvrjGwQu&co=aHR0cHM6Ly93d3cuZWxmY29zbWV0aWNzLmNvbTo0NDM.&hl=en&type=image&v=zIriijn3uj5Vpknvt_LnfNbF&theme=light&size=invisible&badge=bottomright&cb=yqm7nwwx3yx3
Frame ID: 58CC372DEB0D716C042C00D88A76020D
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: CBEC875F5DA8D13AD664865E586C704E
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&k=6LcA2G4UAAAAAK-fHuRDYBsNQoJlqlDqQvrjGwQu
Frame ID: 2611D1799ACB1AAC2B9B5ADE0D11726B
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: 0087A682215DC4F860FE9D4E2BD484C7
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/IMgq4MsY2W1EY7a5?49c2fc47459820ea=o40MXJIS3FiXEtFL52K2DzBvohOrGeT6mREfI2gM_HZ8PtM18SL6XBZcoJ0qRvAvWQp704_VyGXFVVl0-c9AJ5_WQcPlZy8Aq_a2HZHZjq_P5ieWXE-fG2-Vb3BUxNd7XMToAXJzAfU8Pz9GsgGdet2mh0a62QkkFEFkSdeXmmbEIx1fOZ1YC95nFI-P8r9tgGmUsxFBYLv0VkOx&jb=3d3d2c2c627b657d374e696c7d722460796d35416464726d616e273a3a3b322662796a7d3549627867656f2e6071623f4b62706567672d323a31323a
Frame ID: 40BDBAA5B0CB49B7AF73FAD209DA71A3
Requests: 12 HTTP requests in this frame

Frame: https://imgs.signifyd.com/4WHs15UjbZhel5qz?418b9845bbde9bc6=8cjK7T3KD18OD36EpamH9GPZNILZ60EMB6XIY1atrk-jEH9rdmiKqkmNWRY4FVNDBnZwE7PH9udxyqnBarf-B2iojuqqDyNi_LsUUxQZ9YSdB5zJLo2-tX8QzfkhE9H5ooRwgvQG9obNOlKqkkezag4IBPc-5vHAXhJh3bSDjZBT1Ct_7Av5o7IO-nf2CkTMBG2mRGANFBQq_nkLA3s
Frame ID: 76D39FF051755D887B80030D62B2EF0F
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/eAZyc6XrnnMdyOMY?3280478d3406992a=wO1VbKnu9D6qFS-2utsQgG77Pplt8vlmLlChCPMeyojLVo6JSwq4SYNDNnmkBqSw3Gyc5Y4RwO58mJi4CuwKBOQnoJPSdN3pn1FAQ654w5y1oP_ZB7jRoYigFhtG6-D3mF2Rfk1JauhVXnZNl5fMVdWKz61EAg28hqheo7yJKILunVJZ3SxQYA125XJBuVPDDSNXTLqM_wOUfp8ETf8i
Frame ID: 99E29863CC8B3239896336DA8E026DC3
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/5JWgBCEnOyiRQEIg?c84aefedb5238f5a=v83VSmfey7nYsHBeUWDpaf1D-A-ihUYF_qhocW27B-D-zr8K_TeKXA46rpFY8M3RcB1eZ7X-l-RuMAIu65tCiR50G0QnEZa7CZ0QRmTFPCQZpbjx2L3LO0Y837zLUjDsR9HAGkIwi3r4PrD4OJWm5PwfUVJjRbWkpN63w2TKrWA5R1CgnAGuhifMVMaR6_cLsN0GUoCJdJdkO2FDBD7m
Frame ID: E956BB1BE02932C528A4B34A93CE2494
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Cosmetic Criminals | e.l.f. Cosmetics

Page URL History Show full URLs

  1. http://www.cosmeticcriminals.com/ HTTP 307
    https://www.cosmeticcriminals.com/ HTTP 301
    https://www.elfcosmetics.com/elf-cosmetic-criminals Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /demandware\.static/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • cdn\.dynamicyield\.\w+/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • tag\.rmp\.rakuten\.com
Overall confidence: 10%
Detected patterns
  • basket.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

258
Requests

94 %
HTTPS

27 %
IPv6

55
Domains

92
Subdomains

78
IPs

3
Countries

14462 kB
Transfer

27108 kB
Size

101
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.cosmeticcriminals.com/ HTTP 307
    https://www.cosmeticcriminals.com/ HTTP 301
    https://www.elfcosmetics.com/elf-cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Request Chain 20
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Request Chain 21
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
Request Chain 22
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
Request Chain 23
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4
Request Chain 42
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=AEIxiC0_Tg4DqcUsESkOyJMZRQiFvgzF9qjvqnlYmDA HTTP 303
  • https://www.elfcosmetics.com/callback?usid=35f384e5-82e3-4375-b8d3-0c3c2b739364&code=_tUr8BlRMR7XSgrw2cFf76x0H4MNAR1xRZdprhDjTog
Request Chain 64
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=761ea7b8-57b2-4f57-800d-548f1ad16918&user_id=undefined&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=1277818115 HTTP 302
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
Request Chain 65
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Request Chain 66
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=72c8fcec-78ea-47a7-be8f-717b5f36ab37&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=NzJjOGZjZWMtNzhlYS00N2E3LWJlOGYtNzE3YjVmMzZhYjM3&gdpr=0&gdpr_consent=&ttd_tdid=72c8fcec-78ea-47a7-be8f-717b5f36ab37 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm=&google_sc=&google_hm=NzJjOGZjZWMtNzhlYS00N2E3LWJlOGYtNzE3YjVmMzZhYjM3&gdpr=0&gdpr_consent=&ttd_tdid=72c8fcec-78ea-47a7-be8f-717b5f36ab37&google_tc= HTTP 302
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=72c8fcec-78ea-47a7-be8f-717b5f36ab37&google_gid=CAESEF2V_bZ1HaevAb-Ws3jptEY&google_cver=1 HTTP 302
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=72c8fcec-78ea-47a7-be8f-717b5f36ab37 HTTP 302
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=3617860799656001286&ttd_tdid=72c8fcec-78ea-47a7-be8f-717b5f36ab37 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=72c8fcec-78ea-47a7-be8f-717b5f36ab37&expiration=1737700762&gdpr=0&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=72c8fcec-78ea-47a7-be8f-717b5f36ab37&expiration=1737700762&gdpr=0&gdpr_consent=&C=1
Request Chain 164
  • https://www.googleadservices.com/pagead/conversion/698270988/?random=1181221083&fst=1735108762907&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=538264627.1735108761&bttype=purchase&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067555~102067808~102081485~102198178&s3p=1 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1176875637&fst=1735108762907&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=538264627.1735108761&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067555~102067808~102081485~102198178&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAkosbm90LW5hdmlnYXRpb24tc291cmNlLCB0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&eitems=ChEIgNSpuwYQzur4-f7d6rXoARIdANBGMnPzib3Ushc9BoySlaMrOcVC_ejBYD7hsKc&pscrd=IhMI87SV7KfCigMV6BeICR2r-R_kMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JXQ2hBSWdOU3B1d1lRaWUyTzhOZW1wOUVxRWkwQXFvRS1GMkNDcllvZ0M0R0o3TlAzRGh3cll3ZzlQWGlONG5WMGJVTHlseGEwamlHTHFsc1Z0S1BHLVdn HTTP 302
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1176875637&fst=1735108762907&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=538264627.1735108761&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067555~102067808~102081485~102198178&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAkosbm90LW5hdmlnYXRpb24tc291cmNlLCB0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI87SV7KfCigMV6BeICR2r-R_kMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JXQ2hBSWdOU3B1d1lRaWUyTzhOZW1wOUVxRWkwQXFvRS1GMkNDcllvZ0M0R0o3TlAzRGh3cll3ZzlQWGlONG5WMGJVTHlseGEwamlHTHFsc1Z0S1BHLVdn&is_vtc=1&cid=CAQSKQCa7L7de-2b_12xH7dRTd05hEu_Qv_DOmRJ1SQ0bGWVeAs_WqQJLDcX&eitems=ChEIgNSpuwYQzur4-f7d6rXoARIdANBGMnNZJ3RjlelyI59V3dGt-SVl0cp0bSFcg_M&random=4138076371 HTTP 302
  • https://www.google.ca/pagead/1p-conversion/698270988/?random=1176875637&fst=1735108762907&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=538264627.1735108761&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067555~102067808~102081485~102198178&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAkosbm90LW5hdmlnYXRpb24tc291cmNlLCB0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI87SV7KfCigMV6BeICR2r-R_kMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JXQ2hBSWdOU3B1d1lRaWUyTzhOZW1wOUVxRWkwQXFvRS1GMkNDcllvZ0M0R0o3TlAzRGh3cll3ZzlQWGlONG5WMGJVTHlseGEwamlHTHFsc1Z0S1BHLVdn&is_vtc=1&cid=CAQSKQCa7L7de-2b_12xH7dRTd05hEu_Qv_DOmRJ1SQ0bGWVeAs_WqQJLDcX&eitems=ChEIgNSpuwYQzur4-f7d6rXoARIdANBGMnNZJ3RjlelyI59V3dGt-SVl0cp0bSFcg_M&random=4138076371&ipr=y
Request Chain 208
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=359446293&iiqidtype=2&iiqpcid=e73872ec-2524-e2c5-8fb3-2b819405a1f0&iiqpciddate=1735108764687&tsrnd=354_1735108764792&pcid=03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a&idtype=0&vrref=www.elfcosmetics.com&jsver=6.072&dw=1600&dh=1200&dpr=1&lan=en-CA&testPercentage=100&testGroup=A&uh=%7B%220%22%3A%22%22%2C%221%22%3A%22%3F0%22%2C%227%22%3A%22%3F0%22%2C%228%22%3A%22%22%7D&gdpr=0 HTTP 302
  • https://syncv4.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=359446293&iiqidtype=2&iiqpcid=e73872ec-2524-e2c5-8fb3-2b819405a1f0&iiqpciddate=1735108764687&tsrnd=354_1735108764792&pcid=03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a&idtype=0&vrref=www.elfcosmetics.com&jsver=6.072&dw=1600&dh=1200&dpr=1&lan=en-CA&testPercentage=100&testGroup=A&uh=%7B%220%22%3A%22%22%2C%221%22%3A%22%3F0%22%2C%227%22%3A%22%3F0%22%2C%228%22%3A%22%22%7D&gdpr=0&ripv6=2607:5300:60:7867::13 HTTP 302
  • https://syncv4.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=359446293&iiqidtype=2&iiqpcid=e73872ec-2524-e2c5-8fb3-2b819405a1f0&iiqpciddate=1735108764687&tsrnd=354_1735108764792&pcid=03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a&idtype=0&vrref=www.elfcosmetics.com&jsver=6.072&dw=1600&dh=1200&dpr=1&lan=en-CA&testPercentage=100&testGroup=A&uh=%7B%220%22%3A%22%22%2C%221%22%3A%22%3F0%22%2C%227%22%3A%22%3F0%22%2C%228%22%3A%22%22%7D&gdpr=&ripv6=2607:5300:60:7867::13&ckls=true&ci=Z5q6J2qBTs&nc=false&trid=1243591788
Request Chain 241
  • https://idsync.rlcdn.com/458359.gif?partner_uid=f2e1bfcf-c526-400b-ae5c-19e7426d7810 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGYyZTFiZmNmLWM1MjYtNDAwYi1hZTVjLTE5ZTc0MjZkNzgxMBAAGg0IntGuuwYSBQjoBxAAQgBKAA HTTP 307
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=bb7271111cfc4eb2c08fddc4f5153d87dc299ba293eb754589c0099e09c4973e6ac34734d8e453ee

258 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request elf-cosmetic-criminals
www.elfcosmetics.com/
Redirect Chain
  • http://www.cosmeticcriminals.com/
  • https://www.cosmeticcriminals.com/
  • https://www.elfcosmetics.com/elf-cosmetic-criminals
1 MB
252 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
fb4c235be8ee324fdecbbaa5ddcd4123c7afbcc3006c13aaf7bcdbdaeebbf434
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

access-control-allow-origin
*
age
7 7
alt-svc
h3=":443"; ma=86400
cache-control
public, must-revalidate, s-maxage=900
content-encoding
gzip
content-length
256914
content-type
text/html; charset=utf-8
date
Wed, 25 Dec 2024 06:39:18 GMT
etag
W/"e3a3d-HXmz9LtRm7lgKfR305z/fmGOExw"
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
via
1.1 2f0b2738cc23726bda17eb28418ee9c2.cloudfront.net (CloudFront)
x-amz-apigw-id
DVdGXE6ZCYcEvpw=
x-amz-cf-id
5Ja7X_OkZLkDvv9K9uLJPrn4Ror1TsKKbqgoUN6Xpte0dAaBcIYOYw==
x-amz-cf-pop
PHL50-C1
x-amzn-remapped-connection
close
x-amzn-remapped-content-length
932413
x-amzn-remapped-date
Wed, 25 Dec 2024 06:39:11 GMT
x-amzn-requestid
7573837b-d1e2-4e45-95ee-2866b3c48404
x-amzn-trace-id
Root=1-676ba88e-542a8c2048ada9bb4ba16c4c;Parent=5d71f082af2a6ba8;Sampled=0;Lineage=1:2b75b0e9:0
x-cache
Hit from cloudfront
x-yottaa-metrics
23214047a169/[248,52,-] 23D1cc02327d/[-,380.759]
x-yottaa-optimizations
ob/1000000100001000 si/23D1cc02327d-1734717344-5046381953 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200

Redirect headers

age
0
content-length
1198
content-type
text/html; charset=utf-8
date
Wed, 25 Dec 2024 06:39:17 GMT
location
https://www.elfcosmetics.com/elf-cosmetic-criminals
vary
User-Agent
x-yottaa-fw
fb/100000 tid/658dc44fd93140973bd48a52 rid/658dc848d93140973bd496fa stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics
32D1a5fec6d2/[-,0.413]
x-yottaa-optimizations
ob/0 si/32D1a5fec6d2-1734717345-2933076668 tts/1735108757999 ti/0 ai/658dc44fd93140973bd48a52
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/ 		0
0
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://www.elfcosmetics.com
Referer
https://www.elfcosmetics.com/

Response headers

x-amzn-remapped-content-length
1006218
content-encoding
gzip
x-amzn-remapped-connection
close
etag
W/"f5a8a-wn6a+diQ9BHGas5xpvHdUG657Y0"
age
731
x-amzn-requestid
697ad787-d243-403a-8008-7a5a3d3d8c1d
x-cache
Hit from cloudfront, MISS
x-amz-cf-id
7Mcc_oJLu8FZxUno4Q-yUDCn4cht598B57lQr1RMhUNsHRcf4KAOow==
date
Wed, 25 Dec 2024 06:39:19 GMT
content-type
text/html; charset=utf-8
x-served-by
cache-yul1970065-YUL
x-cache-hits
0
x-yottaa-optimizations
ob/1000000100001000 si/2511cc028a75-1730386261-1199979335 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
cache-control
public, must-revalidate, s-maxage=900
x-amz-apigw-id
DVbVfHWTiYcEN2Q=
x-amzn-remapped-date
Wed, 25 Dec 2024 06:27:08 GMT
x-timer
S1735108759.875279,VS0,VE1113
x-amzn-trace-id
Root=1-676ba5bc-4a56a29f3aadb1ab73f57f84;Parent=1099c443dc59795f;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 139fcf0656ce62dcfe3841c9c385a5c6.cloudfront.net (CloudFront), 1.1 varnish
x-yottaa-metrics
2521cc028a85/[140,77,-] 2511cc028a75/[-,182.772]
accept-ranges
bytes
access-control-allow-origin
*
content-length
272146
x-amz-cf-pop
SFO53-P2
server
CloudFront
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/ 		0
0
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/ 		0
0
985935623
player.vimeo.com/video/ Frame 09FC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/video/985935623?h=0fd60177fc&badge=0&autopause=0&player_id=0&app_id=58479
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' https://*.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://browser-intake-datadoghq.com https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://*.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://drm.vhx.com/v2/fairplay/cert https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://browser-intake-datadoghq.com https://live-api.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.kollective.app https://*.kollective.app:31015 https://*.kollectivecd.com https://*.hivestreaming.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com https://player-telemetry.vimeo.com https://lensflare.vimeo.com https://arclight.vimeo.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://*.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://*; worker-src blob:; report-uri /_csp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

CF-Cache-Status
DYNAMIC
CF-Ray
8f76d54ecf64ac0c-YYZ
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 25 Dec 2024 06:39:19 GMT
Expires
Fri, 15 Dec 1985 19:30:00 GMT
Link
<https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin, <https://i.vimeocdn.com>; rel=preconnect; crossorigin, <https://f.vimeocdn.com>; rel=preconnect; crossorigin
Server
cloudflare
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
Vary
Origin, Referer, Accept-Encoding
Via
1.1 varnish
content-security-policy
default-src 'none'; script-src 'self' 'unsafe-inline' https://*.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://browser-intake-datadoghq.com https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://*.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://drm.vhx.com/v2/fairplay/cert https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://browser-intake-datadoghq.com https://live-api.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.kollective.app https://*.kollective.app:31015 https://*.kollectivecd.com https://*.hivestreaming.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com https://player-telemetry.vimeo.com https://lensflare.vimeo.com https://arclight.vimeo.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://*.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://*; worker-src blob:; report-uri /_csp
x-backend-server
player-backend-edge-entry
x-bapp-server
player-backend-cc96c996c-nkf7v
x-cache
MISS
x-cache-hits
0
x-content-type-options
nosniff
x-host
player-backend-cc96c996c-nkf7v
x-player-backend
g
x-served-by
cache-yyz4564-YYZ
x-timer
S1735108759.862420,VS0,VE232
x-xss-protection
1; mode=block
rZPCKoUReO0
www.youtube.com/embed/ Frame FB7E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c00::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-security-policy
require-trusted-types-for 'script'
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Wed, 25 Dec 2024 06:39:18 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
Icon-BeautySquad-Logo-png
elfcosmetics.a.bigcontent.io/v1/static/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/Icon-BeautySquad-Logo-png?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.145.183 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
359722b660d0b4a5afb34561728a3918b96bdccf3a3cddc4291ee4cd15f65c3f

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amz-version-id
null
age
64798
access-control-allow-methods
POST, GET, OPTIONS
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
image/png
last-modified
Tue, 24 Dec 2024 09:09:40 GMT
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cache-control
s-maxage=86400, max-age=1800
x-amp-cf-worker
true
cf-ray
8f76d5507ef5ab76-YYZ
accept-ranges
bytes
access-control-allow-origin
*
content-length
6783
server
cloudflare
x-amz-server-side-encryption
AES256
icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.145.183 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
x-amz-version-id
null
age
11613
access-control-allow-methods
POST, GET, OPTIONS
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
image/svg+xml
last-modified
Tue, 24 Dec 2024 13:15:06 GMT
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cache-control
s-maxage=86400, max-age=1800
x-amp-cf-worker
true
cf-ray
8f76d5507ef7ab76-YYZ
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
icon-noun-rewind-7272650-D
elfcosmetics.a.bigcontent.io/v1/static/ 		1 KB
963 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-rewind-7272650-D?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.145.183 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a52852e4f3a8c6b4617559bc00b2045665b7387c2acc83f9353167334073f47

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
x-amz-version-id
null
age
48729
access-control-allow-methods
POST, GET, OPTIONS
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
image/svg+xml
last-modified
Tue, 24 Dec 2024 16:57:19 GMT
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cache-control
s-maxage=86400, max-age=1800
x-amp-cf-worker
true
cf-ray
8f76d5507ef6ab76-YYZ
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 		630 KB
630 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
3199
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
image/jpeg
last-modified
Tue, 24 Dec 2024 15:43:07 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
WnnDsAa7X,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
cache-control
s-maxage=86400, max-age=1800
x-req-id
_fBkKbZfUE
x-amp-source-height
1249
x-amp-cf-worker
true
cf-ray
8f76d54fabe4a25a-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
644728
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 		205 KB
205 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
800
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
image/png
last-modified
Tue, 24 Dec 2024 15:43:07 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
110n0_Q9x,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
cache-control
s-maxage=86400, max-age=1800
x-req-id
xpDdge-AAA
x-amp-source-height
340
x-amp-cf-worker
true
cf-ray
8f76d54fabe6a25a-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
209440
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer

Response headers

Content-Type
image/gif
PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
3080
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
image/png
last-modified
Tue, 24 Dec 2024 15:43:07 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
06AYkBm0p,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
cache-control
s-maxage=86400, max-age=1800
x-req-id
-O4Fx-lq47
x-amp-source-height
1484
x-amp-cf-worker
true
cf-ray
8f76d54fabe8a25a-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
2085695
x-amp-published
Wed, 03 Jan 2024 21:02:28 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 		330 KB
331 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
2806
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
image/jpeg
last-modified
Tue, 24 Dec 2024 15:43:07 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
pToRCMyrF,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
cache-control
s-maxage=86400, max-age=1800
x-req-id
OrwrrMpp-c
x-amp-source-height
1062
x-amp-cf-worker
true
cf-ray
8f76d54fabe9a25a-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
338113
x-amp-published
Wed, 27 Dec 2023 17:21:33 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 		180 KB
180 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
1952
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
image/jpeg
last-modified
Tue, 24 Dec 2024 15:43:07 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
pVmNrJ7uK,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
cache-control
s-maxage=86400, max-age=1800
x-req-id
i2LRYp7iYG
x-amp-source-height
1108
x-amp-cf-worker
true
cf-ray
8f76d54fabeca25a-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
184181
x-amp-published
Fri, 29 Dec 2023 07:51:47 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 		614 KB
614 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
EXPIRED
x-amp-source-width
3200
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
image/png
last-modified
Wed, 25 Dec 2024 06:39:19 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
YFs8LtPvK,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
cache-control
s-maxage=86400, max-age=1800
x-req-id
RQNX0Kgr3p
x-amp-source-height
525
x-amp-cf-worker
true
cf-ray
8f76d54fabeda25a-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
628288
x-amp-published
Thu, 28 Dec 2023 16:15:28 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
jquery-3.7.1.slim.min.js
code.jquery.com/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
W/"28feccc0-11278"
age
3691230
x-cache
HIT, HIT
date
Wed, 25 Dec 2024 06:39:18 GMT
content-type
application/javascript; charset=utf-8
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
x-cache-hits
6229, 9250
x-served-by
cache-lga21942-LGA, cache-yul1970071-YUL
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=604800
x-timer
S1735108759.811985,VS0,VE0
cross-origin-resource-policy
cross-origin
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
24036
server
nginx
player.js
player.vimeo.com/api/ 		37 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/api/player.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
498a41eab15456686643b139ae2c289c961bb02da852aaad698540831d0e9bb5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Age
0
x-backend-server
player-backend-edge-entry
expires
Wed, 25 Dec 2024 02:09:18 GMT
x-player-backend
g
x-cache
MISS
Date
Wed, 25 Dec 2024 06:39:18 GMT
Content-Type
application/javascript;charset=utf-8
x-bapp-server
x-served-by
cache-yyz4551-YYZ
x-cache-hits
0
vary
Origin, Referer, Accept-Encoding
content-security-policy
default-src 'none'; style-src 'unsafe-inline'
Cache-Control
max-age=1800
x-timer
S1735108759.901205,VS0,VE81
Connection
keep-alive
via
1.1 varnish
CF-RAY
8f76d54f1e63aaf7-YYZ
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
11437
Server
cloudflare
player_api
www.youtube.com/ 		993 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/player_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c01::5d Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1daeb8f2b20e643498e588a0f3bc753699fe28c787205ece9b0fc5cd5a7b06be
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
x-content-type-options
nosniff
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
expires
Wed, 25 Dec 2024 06:39:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
date
Wed, 25 Dec 2024 06:39:18 GMT
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
require-trusted-types-for 'script'
cache-control
private, max-age=0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
x-xss-protection
0
server
ESF
8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::6812:252f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
3000
cf-cache-status
HIT
x-amz-version-id
null
etag
"dd3676819bd88a250c875a11e38c307d"
access-control-allow-methods
GET, HEAD
date
Wed, 25 Dec 2024 06:39:20 GMT
content-type
video/mp4
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Fri, 22 Dec 2023 15:50:27 GMT
x-amz-id-2
Fingwn12L9pgi2I18b+05Nmqm2o4CEmw+oe9RHiQDryJPajJ3k1M2u9bvXJx8nOxwIt2JrZBVEk=
Content-Range
bytes 0-1060947/1060948
x-amz-request-id
T7RYQKM70J2YGY7J
cf-ray
8f76d5584f13a2e0-YUL
access-control-allow-origin
*
Content-Length
1060948
server
cloudflare

Redirect headers

cf-cache-status
EXPIRED
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
_3BmQX9Yi,l4p5bDg2e,bgWw7nQ29
cache-control
s-maxage=86400, max-age=1800
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
x-amp-cf-worker
true
cf-ray
8f76d54fdc06a25a-YUL
access-control-allow-origin
*
content-length
0
x-xss-protection
1; mode=block
x-amp-srv
CF
server
cloudflare
c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::6812:252f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
3000
cf-cache-status
HIT
x-amz-version-id
null
etag
"91a2cbc7ca143aac79d0312d84bb77fb"
access-control-allow-methods
GET, HEAD
date
Wed, 25 Dec 2024 06:39:19 GMT
content-type
video/mp4
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Fri, 22 Dec 2023 17:43:50 GMT
x-amz-id-2
4OZynibV/EgeZbsehmBLioRp90X9l8VRQMShW2bBdK0b3RrholMCdNQAr8dSQ6IyX77iCawDj8E=
Content-Range
bytes 0-1262366/1262367
x-amz-request-id
55B9FEDJK960K9HB
cf-ray
8f76d551fb86a2e0-YUL
access-control-allow-origin
*
Content-Length
1262367
server
cloudflare

Redirect headers

cf-cache-status
HIT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
WrvkTt2Po,l4p5bDg2e,fH6Lo3_5e
cache-control
s-maxage=86400, max-age=1800
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
x-amp-cf-worker
true
cf-ray
8f76d54fdc07a25a-YUL
access-control-allow-origin
*
content-length
0
x-xss-protection
1; mode=block
x-amp-srv
CF
server
cloudflare
4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
952 KB
954 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::6812:252f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a92babe0280635e6b8a8cd8b631230f248bfa16bfb2ae7a7e04d404df5518ccb

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
3000
cf-cache-status
MISS
x-amz-version-id
null
etag
"d7fdef501f28cd925baedd782b4e6464"
access-control-allow-methods
GET, HEAD
date
Wed, 25 Dec 2024 06:39:19 GMT
content-type
video/mp4
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Fri, 29 Dec 2023 07:23:44 GMT
x-amz-id-2
NcOr5VRQ1D3ysWvQPx9FpO/cfG81DOPxoFKNwqQEDTVuz6LY7fOt+OhFy6Qo+gjA14MO5+RwLTU=
Content-Range
bytes 0-975135/975136
x-amz-request-id
SDRNE6WMCY8A2AZH
cf-ray
8f76d551fb84a2e0-YUL
access-control-allow-origin
*
Content-Length
975136
server
cloudflare

Redirect headers

cf-cache-status
HIT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
Xsio4nH_H,l4p5bDg2e,6oVxns4D8
cache-control
s-maxage=86400, max-age=1800
location
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4
x-amp-cf-worker
true
cf-ray
8f76d54fdc08a25a-YUL
access-control-allow-origin
*
content-length
0
x-xss-protection
1; mode=block
x-amp-srv
CF
server
cloudflare
45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
850 KB
851 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::6812:252f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b78b9170d1e1da68dd52e57d79c9e906137b28f87eca1f17b2c350f73d1f3ba

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
3000
cf-cache-status
MISS
x-amz-version-id
null
etag
"f6c9e900cbfcff8b9f465043b51061d1"
access-control-allow-methods
GET, HEAD
date
Wed, 25 Dec 2024 06:39:19 GMT
content-type
video/mp4
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Tue, 02 Jan 2024 17:30:06 GMT
x-amz-id-2
+rNb+TIptWzErf9MZoIfdCl8lRJtA/P1+vQVzKXqDBjKAlu7xOD7/48zmVdTW1r6n8JRBHsla1A=
Content-Range
bytes 0-869943/869944
x-amz-request-id
SDRZ55K7SMB21QKM
cf-ray
8f76d551fb8aa2e0-YUL
access-control-allow-origin
*
Content-Length
869944
server
cloudflare

Redirect headers

cf-cache-status
HIT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
BXcHZD1Pz,l4p5bDg2e,tO41Cj3M_
cache-control
s-maxage=86400, max-age=1800
location
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4
x-amp-cf-worker
true
cf-ray
8f76d54fdc09a25a-YUL
access-control-allow-origin
*
content-length
0
x-xss-protection
1; mode=block
x-amp-srv
CF
server
cloudflare
9c45925d-0761-4101-9a41-aec1046b0de8.mp4
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4
865 KB
866 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::6812:252f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea7c1612005824699aa4574b764875370605733abc4d06f0650d309772423239

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
3000
cf-cache-status
MISS
x-amz-version-id
null
etag
"78a50c5b4ac482dcd7b7323f59feb0b9"
access-control-allow-methods
GET, HEAD
date
Wed, 25 Dec 2024 06:39:19 GMT
content-type
video/mp4
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Tue, 02 Jan 2024 17:20:49 GMT
x-amz-id-2
ULrwqCErqxDOed3oh08jS1kgQKwW8836Esh04KdrvUxuPuChWVp+47O06IVeJULVhgwIv1H6w7c=
Content-Range
bytes 0-885663/885664
x-amz-request-id
SDRMRZG7KX2PNK5M
cf-ray
8f76d551fb89a2e0-YUL
access-control-allow-origin
*
Content-Length
885664
server
cloudflare

Redirect headers

cf-cache-status
HIT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
SwHLuW2ej,l4p5bDg2e,nvYvyivv1
cache-control
s-maxage=86400, max-age=1800
location
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4
x-amp-cf-worker
true
cf-ray
8f76d54fdc0aa25a-YUL
access-control-allow-origin
*
content-length
0
x-xss-protection
1; mode=block
x-amp-srv
CF
server
cloudflare
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://www.elfcosmetics.com
Referer

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://www.elfcosmetics.com
Referer

Response headers

Content-Type
application/font-woff2;charset=utf-8
vendor.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/ 		2 MB
643 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
495b6c4a195f2e48f175b6e86696578e7716c3053ef82277f81290025eb7d5b1

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-meta-deploy
964016
content-encoding
gzip
age
56974
x-cache
Hit from cloudfront, HIT
x-amz-cf-id
gG1kKB4vwlr4PbXnq7yvz00n1jNMeSks_KrLIjXRQAYf8SloZq-yag==
date
Wed, 25 Dec 2024 06:39:18 GMT
content-type
application/javascript; charset=utf8
x-served-by
cache-yul1970076-YUL
x-cache-hits
1
x-yottaa-optimizations
ob/1100 si/2511cc02853d-1730386260-823477444 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
vary
Accept-Encoding
x-yottaa-forcecache
true, true
cache-control
public, max-age=31104000
x-timer
S1735108759.874997,VS0,VE1
via
1.1 fd35f1fff2f9fd0955b7c73222980a2c.cloudfront.net (CloudFront), 1.1 varnish
x-amz-meta-bundle
12898
x-yottaa-metrics
2521cc028528/[14,-,1735051783047] 2511cc02853d/[-,163.652]
accept-ranges
bytes
access-control-allow-origin
*
content-length
657956
x-amz-cf-pop
SFO53-P2
server
AmazonS3
main.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/ 		2 MB
582 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/main.js?yocs=Z_14_1K_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c9dc8b4206fa8a943926774e6d6b9da08c2ee10e23ea04ba2715769104859eee

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-meta-deploy
964016
content-encoding
gzip
age
56974
x-cache
Hit from cloudfront, HIT
x-amz-cf-id
hI-W-I4wYXArV9U2aPMgxWaYYvwS2BWM8gSyw_ljajH00FJUHYB9ug==
date
Wed, 25 Dec 2024 06:39:18 GMT
content-type
application/javascript; charset=utf8
x-served-by
cache-yul1970076-YUL
x-cache-hits
1
x-yottaa-optimizations
ob/1100 si/2511cc02853e-1730386261-1449860740 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
vary
Accept-Encoding
x-yottaa-forcecache
true, true
cache-control
public, max-age=31104000
x-timer
S1735108759.875217,VS0,VE2
via
1.1 68a8bf1c51ac47222204adb56c4024ac.cloudfront.net (CloudFront), 1.1 varnish
x-amz-meta-bundle
12898
x-yottaa-metrics
2521cc028a77/[13,-,1735051783024] 2511cc02853e/[-,120.572]
accept-ranges
bytes
access-control-allow-origin
*
content-length
595099
x-amz-cf-pop
SFO53-P2
server
AmazonS3
pages-product-list-product-list-page.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/ 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/pages-product-list-product-list-page.js?yocs=Z_14_1K_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a80b10ec0c44ff82a283f3d78f81623e15d8381656a111ad9211878700f89c2

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-meta-deploy
964016
content-encoding
gzip
age
56497
x-cache
Miss from cloudfront, HIT
x-amz-cf-id
nL6JAqSTJAUmAZLsLTRnbR6vUHx7GfydgmH-NZMvsqgzjxpw4uVX8Q==
date
Wed, 25 Dec 2024 06:39:18 GMT
content-type
application/javascript; charset=utf8
x-served-by
cache-yul1970076-YUL
x-cache-hits
13
x-yottaa-optimizations
ob/1100 si/36118cae0e1f-1733882031-1117850057 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
vary
Accept-Encoding
x-yottaa-forcecache
true, true
cache-control
public, max-age=31104000
x-timer
S1735108759.875191,VS0,VE0
via
1.1 0d78cc90106520d13c1b5c5b16dd8246.cloudfront.net (CloudFront), 1.1 varnish
x-amz-meta-bundle
12898
x-yottaa-metrics
36218cae0e31/[2,-,1735051793773] 36118cae0e1f/[-,5.814]
accept-ranges
bytes
access-control-allow-origin
*
content-length
14522
x-amz-cf-pop
FRA56-P7
server
AmazonS3
PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min
cdn.media.amplience.net/i/elfcosmetics/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aca990e4ea5c882dcfe05c1b6de93300cc4e0ed49fe61d511422b67c9953ec0d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
855
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
image/avif
last-modified
Tue, 24 Dec 2024 07:00:23 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
coT33XKJz,l4p5bDg2e,5-jG4GMEO,WepA0szpz
cache-control
s-maxage=86400, max-age=1800
x-req-id
RCSQia0h0l
x-amp-source-height
1303
x-amp-cf-worker
true
cf-ray
8f76d5500c28a25a-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
74677
x-amp-published
Thu, 21 Dec 2023 20:12:24 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min
cdn.media.amplience.net/i/elfcosmetics/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7d6f2d3cc5c5e3b057e899b45fb372d18890b7b61e0df9ced47891f9bbf0061
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
2000
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
image/webp
last-modified
Tue, 24 Dec 2024 07:00:23 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
m8w5dPp2g,l4p5bDg2e,QvpKILV5P,DtzGFM5oJ
cache-control
s-maxage=86400, max-age=1800
x-req-id
XfJbemLkmx
x-amp-source-height
2000
x-amp-cf-worker
true
cf-ray
8f76d5500c29a25a-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
16698
x-amp-published
Thu, 21 Dec 2023 20:12:23 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min
cdn.media.amplience.net/i/elfcosmetics/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb378098ee9eb555df3b46abb37f65c770427b74147322c7707da6f623b28144
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
862
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
image/avif
last-modified
Tue, 24 Dec 2024 07:00:23 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
b8kTDztS3,l4p5bDg2e,h1qKNVnZ0,WepA0szpz
cache-control
s-maxage=86400, max-age=1800
x-req-id
QiZ_06s1NM
x-amp-source-height
1324
x-amp-cf-worker
true
cf-ray
8f76d5500c2aa25a-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
52893
x-amp-published
Thu, 21 Dec 2023 20:12:24 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min
cdn.media.amplience.net/i/elfcosmetics/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e79dea9b0707ff2fa615359bdb9683037505ddb2a00daae13de4ae1a80055adf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
2400
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:19 GMT
edge-control
max-age=86400
content-type
image/webp
last-modified
Tue, 24 Dec 2024 15:43:10 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
VHcIfmFGe,l4p5bDg2e,nb-u70u49,DtzGFM5oJ
cache-control
s-maxage=86400, max-age=1800
x-req-id
IQByxBB4Xu
x-amp-source-height
2400
x-amp-cf-worker
true
cf-ray
8f76d5500c2ba25a-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
20738
x-amp-published
Thu, 21 Dec 2023 20:12:23 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50d93a2c186cbd1032ed973e133713a6dfbbd5f7fba4fb89069350f228ce4d81
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
UzmBk0Ra4K9he+CwjGKb/g==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD1DE4B7A34202
x-ms-lease-status
unlocked
age
72573
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Mon, 23 Dec 2024 10:29:45 GMT
date
Wed, 25 Dec 2024 06:39:20 GMT
content-type
application/javascript
last-modified
Mon, 16 Dec 2024 15:17:12 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
1138e44e-a01e-0067-6135-50202d000000
cf-ray
8f76d5575c5aa31b-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
7211
x-ms-blob-type
BlockBlob
server
cloudflare
api_dynamic.js
cdn.dynamicyield.com/api/8772046/ 		577 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:28a9:a000:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
317dbf63b324173465b73d3a60f73635e80ce3ed8d476a0bd01bbb14cdeaa66e

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
accept-encoding
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
cache-control
max-age=30
content-encoding
gzip
etag
W/"d72a6b573c29c257c5f14eb22fad8973"
via
1.1 037ce585cd9bd182a96990bc552d628c.cloudfront.net (CloudFront)
x-cache
RefreshHit from cloudfront
x-amz-cf-id
EMtrVeYQFjzseTaM0zIjmqTx1ZtmvmW17nsiOQOSj3U0hCT_eqyF-Q==
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/javascript; charset=utf-8
last-modified
Tue, 24 Dec 2024 21:31:10 GMT
server
DYCDN
x-amz-cf-pop
IAD89-P3
x-amz-server-side-encryption
AES256
api_static.js
cdn.dynamicyield.com/api/8772046/ 		395 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:28a9:a000:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
5dc0d7bd68b30ae8330274f08b4f3424d474fa1f10bc1abfcceaa89901bb3c08

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
accept-encoding
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
cache-control
max-age=28800
content-encoding
gzip
etag
W/"34a902f7bd976cb13d0c3785dde3a9a4"
age
5084
via
1.1 037ce585cd9bd182a96990bc552d628c.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
f7XYGMOR-CqkkKBLBawtVM84kKb24Uo0oHr7LxeBpVJyOvCFeIUQ8A==
date
Wed, 25 Dec 2024 05:14:37 GMT
content-type
application/javascript; charset=utf-8
last-modified
Tue, 24 Dec 2024 21:12:18 GMT
server
DYCDN
x-amz-cf-pop
IAD89-P3
x-amz-server-side-encryption
AES256
gtm.js
www.googletagmanager.com/ 		562 KB
146 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c09::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5a9f3a10a6b75a1ec7b594154788ac5b0e12e90d8e1a0b0712de34d388c12287
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Wed, 25 Dec 2024 06:39:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:20 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 25 Dec 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
148752
x-xss-protection
0
server
Google Tag Manager
/
api.ipify.org/ 		24 B
319 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
DYNAMIC
cf-ray
8f76d5578d98369d-YYZ
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=22499&min_rtt=22382&rtt_var=3604&sent=8&recv=11&lost=0&retrans=0&sent_bytes=4044&recv_bytes=2314&delivery_rate=174807&cwnd=253&unsent_bytes=0&cid=beb1718477f60443&ts=54&x=0"
content-length
24
date
Wed, 25 Dec 2024 06:39:20 GMT
content-type
application/json
vary
Origin
server
cloudflare
/
api.ipify.org/ 		24 B
230 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
DYNAMIC
cf-ray
8f76d557ddce369d-YYZ
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=25720&min_rtt=22382&rtt_var=9144&sent=11&recv=13&lost=0&retrans=0&sent_bytes=4429&recv_bytes=2375&delivery_rate=202412&cwnd=257&unsent_bytes=0&cid=beb1718477f60443&ts=104&x=0"
content-length
24
date
Wed, 25 Dec 2024 06:39:20 GMT
content-type
application/json
vary
Origin
server
cloudflare
searchsession
www.elfcosmetics.com/api/en-us/v2.0/ 		105 B
675 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/en-us/v2.0/searchsession?locale=en-us&profile_id=&session_id=
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/ Express
Resource Hash
c8e389d2665b0d2e2fb7ca53c4663e91c8bacadae16640c30cc66a2ec323b0d1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

content-encoding
gzip
x-amzn-remapped-connection
keep-alive
etag
W/"69-/yDZ4S7bM18b4/ZvlB//E7uWTO0"
age
0
x-content-type-options
nosniff
x-amzn-requestid
91bd3312-c16d-4f12-83ee-aa52b5f36af3
date
Wed, 25 Dec 2024 06:39:20 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/23D1cc02327d-1734717344-5046381963 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
x-amz-apigw-id
DVdH2HrBvHcEZhA=
x-amzn-remapped-date
Wed, 25 Dec 2024 06:39:20 GMT
x-amzn-trace-id
Root=1-676ba898-4f1a6c0c32257feb34351e29
x-yottaa-metrics
2321cc8d59d8/[219,215,-] 23D1cc02327d/[-,222.300]
access-control-allow-origin
*
content-length
110
x-powered-by
Express
7f85a56ba4.css
use.fontawesome.com/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/7f85a56ba4.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e92913c2b11fc1e9e7c4f84628362d1c9660e7f7e88904d124c9ebbbef9d4e48

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
max-age=1800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
HIT
etag
W/"8360eb270b919a1fb4776bc448d9ed14"
age
5945
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7KejN0ICzIJMTYzJEg2VnUxi1A6H0rme8vn2lA1EfJ6ITV15ekS2uqrJNdvzoF66D%2FFGzRKNF1qgKhWpku5PJMk%2FtBhU1%2Fv%2F5h9xRsrC4QnJfNkohHc2JtuM3CjxvKqgr4mHfsSWHOcRL3ePYQhTVMye"}],"group":"cf-nel","max_age":604800}
cf-ray
8f76d55798bca2da-YUL
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=16265&min_rtt=16131&rtt_var=3466&sent=7&recv=10&lost=0&retrans=0&sent_bytes=4031&recv_bytes=2212&delivery_rate=238726&cwnd=252&unsent_bytes=0&cid=5898f06684155757&ts=30&x=0"
date
Wed, 25 Dec 2024 06:39:20 GMT
content-type
text/css
last-modified
Fri, 22 Sep 2023 00:57:51 GMT
vary
Accept-Encoding
server
cloudflare
font-awesome-css.min.css
use.fontawesome.com/releases/v4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/7f85a56ba4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://use.fontawesome.com/7f85a56ba4.css

Response headers

cache-control
max-age=31556926
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
HIT
etag
W/"36082410df2ef7f83932219089dc1443"
age
86313
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7pczLEU3NOUE9UPevzlzV84tLs0rspkqX5lEFmK3oObVFzyyqmdJ%2FUCjlo6ifJqGafZB0lH15gcQd26THLz9UPaqVlEKkvkN11quFbeJA%2FsTC2UFstVdDb2Ra%2BtMEy02SuSzLqZe%2FA5uXQ%2BgI9f8TZI7"}],"group":"cf-nel","max_age":604800}
cf-ray
8f76d5586927a2da-YUL
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=17365&min_rtt=16131&rtt_var=4138&sent=12&recv=13&lost=0&retrans=0&sent_bytes=5150&recv_bytes=2355&delivery_rate=258603&cwnd=257&unsent_bytes=0&cid=5898f06684155757&ts=160&x=0"
date
Wed, 25 Dec 2024 06:39:20 GMT
content-type
text/css
last-modified
Fri, 22 Sep 2023 01:44:05 GMT
vary
Accept-Encoding
server
cloudflare
callback
www.elfcosmetics.com/
Redirect Chain
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
  • https://www.elfcosmetics.com/callback?usid=35f384e5-82e3-4375-b8d3-0c3c2b739364&code=_tUr8BlRMR7XSgrw2cFf76x0H4MNAR1xRZdprhDjTog
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/callback?usid=35f384e5-82e3-4375-b8d3-0c3c2b739364&code=_tUr8BlRMR7XSgrw2cFf76x0H4MNAR1xRZdprhDjTog
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

x-amzn-remapped-content-length
0
x-amzn-remapped-connection
close
age
0
x-amzn-requestid
76239d5c-7f4d-4fb2-bfa3-eeba7ef6e4b9
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
4Y7LiBxnXXVZfEVdl_xfXZaMyMNvgSIhTI2svTuEgHpDv3lv4G0yrQ==
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/json
x-yottaa-optimizations
ob/1000 si/23D1cc02327d-1734717344-5046381968 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
x-yottaa-os
200
x-yottaa-forcecache
true
cache-control
public, max-age=604800
x-amz-apigw-id
DVdIAHeZCYcEXew=
x-amzn-remapped-date
Wed, 25 Dec 2024 06:39:21 GMT
x-amzn-trace-id
Root=1-676ba899-70ebe2570a5c345e6f4101ce;Parent=78bc1ba509ce5fc1;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 235099561ba63a2b7662a2b20d9ac036.cloudfront.net (CloudFront)
x-yottaa-metrics
2321cc8d59dd/[254,247,-] 23D1cc02327d/[-,257.062]
access-control-allow-origin
*
content-length
0
x-amz-cf-pop
PHL50-C1

Redirect headers

x-correlation-id
8f76d55b8acfc973
cf-cache-status
DYNAMIC
age
0
x-ratelimit-1m-limit
24000, 2000000
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
rRPPlDdyIe0blZWkdixh748rD3YBEXw-ZjOlod-o1kr_EnFn9mC-uQ==
date
Wed, 25 Dec 2024 06:39:20 GMT
vary
Accept-Encoding
x-yottaa-optimizations
ob/0 si/23D1cc02327d-1734717344-5046381964 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=31536000; includeSubDomains
x-yottaa-os
303
cache-control
no-store
location
https://www.elfcosmetics.com/callback?usid=35f384e5-82e3-4375-b8d3-0c3c2b739364&code=_tUr8BlRMR7XSgrw2cFf76x0H4MNAR1xRZdprhDjTog
pragma
no-cache
via
1.1 8b91488fa62e73ed6328bc389e6d1cbe.cloudfront.net (CloudFront)
cf-ray
8f76d55b8acfc973-IAD
x-yottaa-metrics
2321cc8d59d9/[74,66,-] 23D1cc02327d/[-,76.424]
access-control-allow-origin
*
x-ratelimit-1m-remaining
23786, 1976586
content-length
0
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=AEIxiC0_Tg4DqcUsESkOyJMZRQiFvgzF9qjvqnlYmDA
x-amz-cf-pop
IAD79-C3
x-ratelimit-1m-reset
39094, 39093
/
sdk.iad-05.braze.com/api/v3/data/ 		736 B
715 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
780b63ab12a6d6c8d02e06a3b73b29f1b2f7505c4bb754ce564b30aafca8746f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
X-Braze-TriggersRequest
true
X-Braze-Last-Req-Ms-Ago
7200000
X-Braze-DataRequest
true
X-Braze-Req-Attempt
1
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
7b2c7fc2-7fe1-4d9c-9448-581e3e84f397
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"780b63ab12a6d6c8d02e06a3b73b29f1"
access-control-allow-methods
POST, GET
date
Wed, 25 Dec 2024 06:39:20 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.163760
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1735108761
cf-ray
8f76d55a5f2f36c3-YYZ
x-ratelimit-remaining
488.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
/
sdk.iad-05.braze.com/api/v3/data/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8f76d55a0efd36c3-YYZ
content-encoding
gzip
date
Wed, 25 Dec 2024 06:39:20 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf500a4c158d24ba238d521a5fa775e693d03c507fa3f882bffbbeaf9fedeb64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
aY7kJA0jlzEL9QWHODNZDw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCA5D566A7B63C
age
72353
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Thu, 26 Dec 2024 06:39:20 GMT
date
Wed, 25 Dec 2024 06:39:20 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 20:25:14 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
dad0151f-501e-0097-0a7f-47f043000000
cf-ray
8f76d55a58daa272-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
1832
x-ms-blob-type
BlockBlob
server
cloudflare
st
st.dynamicyield.com/ 		161 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=8omxpuvrp7tuu0f9rfwkbhx3u94o0p1a&ref=&scriptVersion=2.45.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-US%22%2C%22data%22%3A%5B%5D%7D
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:27c2:5c00:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
0d03ec58d6b4c5ed6237510999b594e790db5a60836c2d3ba8e4c025199ef051

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
content-encoding
gzip
via
1.1 43ea6d4d093c6f8fb9edddca6fa0cf36.cloudfront.net (CloudFront)
expires
Wed, 25 Dec 2024 06:39:20 GMT
access-control-allow-origin
*
x-cache
Miss from cloudfront
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-amz-cf-id
CTNuomXmIIbrUZF14REm-4Q4okNlf0Ka7qDYqs0WlM8H4gdKQwgHtw==
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
x-amz-cf-pop
IAD61-P4
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		59 B
295 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db0da7efe3ac5fc9e598f71e291326f137ea7bbbf97fed4fee0e86b717b0d9a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
accept
application/json
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
access-control-allow-methods
GET, OPTIONS
cf-ray
8f76d55d8b30a2ea-YUL
access-control-allow-origin
*
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
Content-Type
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8f76d55d38af36c3-YYZ
content-encoding
gzip
date
Wed, 25 Dec 2024 06:39:21 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
223 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72d98271bd7fa245ce2bd969e67de44698203263143ff696b6bcbda8ae5b00cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
BRAZE-SYNC-RETRY-COUNT
0
X-Braze-DataRequest
true
X-Braze-Last-Req-Ms-Ago
7200000
X-Braze-ContentCardsRequest
true
X-Braze-Req-Attempt
1
X-Braze-Req-Tokens-Remaining
29
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
a6093b59-2068-4df7-8beb-02bb25abb437
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"72d98271bd7fa245ce2bd969e67de446"
access-control-allow-methods
POST, GET
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.050233
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1735108764
cf-ray
8f76d55d98f136c3-YYZ
x-ratelimit-remaining
497.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
sync
sdk.iad-05.braze.com/api/v3/feature_flags/ 		20 B
191 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/feature_flags/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
X-Braze-Last-Req-Ms-Ago
7200000
X-Braze-DataRequest
true
X-Braze-Req-Attempt
1
X-Braze-Req-Tokens-Remaining
28
X-Braze-FeatureFlagsRequest
true
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
c8f99486-db37-4406-a91c-29b8ed3c864a
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"e92f434a50c76d6e52d0d3cc91cdf185"
access-control-allow-methods
POST, GET
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.040963
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1735108764
cf-ray
8f76d55d98f436c3-YYZ
x-ratelimit-remaining
497.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
sync
sdk.iad-05.braze.com/api/v3/feature_flags/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/feature_flags/sync
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8f76d55d38b436c3-YYZ
content-encoding
gzip
date
Wed, 25 Dec 2024 06:39:21 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
collect
www.google.com/ccm/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&scrsrc=www.googletagmanager.com&frm=0&rnd=782537416.1735108761&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&auid=538264627.1735108761&navt=n&npa=0&gtm=45He4cc1v896608294za200&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1735108761180&tfd=3388&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.104 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f104.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers
sw_iframe.html
www.googletagmanager.com/static/service_worker/4cc0/ Frame 1488 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fwww.elfcosmetics.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c09::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ranges
bytes
age
90137
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1476
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Tue, 24 Dec 2024 05:37:04 GMT
expires
Wed, 24 Dec 2025 05:37:04 GMT
last-modified
Thu, 12 Dec 2024 10:18:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202406.1.0/ 		451 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47407e3845cb067265a07cb279ccc7a38b927b0c2dc034b627f089115ac0d306
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
7I5y/rp4ODu7ul89ty+epQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5E56F667161
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
64542
x-content-type-options
nosniff
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/javascript
last-modified
Tue, 16 Jul 2024 22:20:01 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
81606c97-401e-00c7-0bac-43ef4b000000
cf-ray
8f76d55dcf78a31b-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
112027
x-ms-blob-type
BlockBlob
server
cloudflare
dy-coll-min.js
cdn.dynamicyield.com/scripts/2.45.0/ 		196 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:28a9:a000:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
e35ebb7e01dda1bdb1fbb86be8bb4163c3b3a0b1353a0b90d573d1ebb913eddd

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
accept-encoding
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
cache-control
max-age=31536000
content-encoding
gzip
etag
W/"2cc11e085e968b149aa3743056780ffc"
age
4397685
via
1.1 037ce585cd9bd182a96990bc552d628c.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
iQkKGnhUy45uYetQ-T-kIndt_Z7IYLPhFS02jwMghQmSWNki7-N1Ig==
date
Mon, 04 Nov 2024 09:04:37 GMT
content-type
text/javascript
last-modified
Mon, 28 Oct 2024 08:59:27 GMT
server
DYCDN
x-amz-cf-pop
IAD89-P3
x-amz-server-side-encryption
AES256
en.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/01909eed-3bdc-7682-b7c3-733dc31fe301/ 		227 KB
39 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/01909eed-3bdc-7682-b7c3-733dc31fe301/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eef52bd0c8a7abdd22a88a94381a05bc58c34d48c1c4155ff816ba21c38cca28
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
8kCXQkwViL618LYUH092ww==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCA5D56AD873B6
age
65664
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Thu, 26 Dec 2024 06:39:21 GMT
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 20:25:21 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
bd10f3a4-801e-0095-474c-26f2b9000000
cf-ray
8f76d55e2b0fa272-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
39839
x-ms-blob-type
BlockBlob
server
cloudflare
token
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e7ef779f7d66c4f085939e2aeaefacae8fc01ef02b34ea79bf9c9512500da368
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Authorization
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
x-correlation-id
8f76d55f8820c9a8
age
0
x-ratelimit-1m-limit
24000, 2000000
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS,PATCH
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
MfVy5lspzGe5TLhOCu8RnmwbKPtCL2P0_Me8Ds7YqPTJrp1RBGwhMA==
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/json
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/23D1cc02327d-1734717344-5046381969 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=31536000; includeSubDomains
x-yottaa-os
200
cache-control
no-store
pragma
no-cache
access-control-allow-credentials
true
via
1.1 e1d636b234c38932eb25194cb146dbcc.cloudfront.net (CloudFront)
cf-ray
8f76d55f8820c9a8-IAD
x-yottaa-metrics
2321cc8d59de/[121,118,-] 23D1cc02327d/[-,122.214]
access-control-allow-origin
*
x-ratelimit-1m-remaining
23781, 1975733
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-amz-cf-pop
PHL50-C1
x-ratelimit-1m-reset
38420, 38419
8772046
rcom.dynamicyield.com/v3/recommend/ 		12 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rcom.dynamicyield.com/v3/recommend/8772046
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2305:5400:1c:df99:ffc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
6e7ad75958d726a30a23b8d0cdc8baf4f506dc3d6ef27abc761a27d2bb0a37a3

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

timing-allow-origin
*
content-encoding
gzip
access-control-allow-methods
GET, POST
via
1.1 41498907366f3804198b1abc90c08490.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
1792
x-amz-cf-id
7b2DjZHNgogIRZZfIJGiJrZputVprW-W1H_1uj4cTelgYQ-XcjN-Tw==
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/json; charset=UTF-8
vary
Accept-Encoding
x-amz-cf-pop
IAD89-P2
access-control-allow-headers
Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
uia
async-px.dynamicyield.com/ 		0
382 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/uia?cnst=1&_=1735108761487
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.83.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-83-57.iad55.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 3ea826f29560ca95cae18534029cc5a6.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
xpSux_bAhC61b0jKv6wDhuLvk3cbvPiCBaBdjAGGfLIAzMM2ZAYefg==
date
Wed, 25 Dec 2024 06:39:21 GMT
x-amz-cf-pop
IAD55-P3
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
otFlat.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
sHJXWIgDpMKY35PyRRy4zQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5E56B3084E2
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
63712
x-content-type-options
nosniff
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 22:19:54 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
e5ee5aa5-201e-0039-2d2a-31d32e000000
cf-ray
8f76d55fcbe7a272-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
3003
x-ms-blob-type
BlockBlob
server
cloudflare
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/ 		62 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
LtDYZmcfPNW39lMw/Yu0RQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5E56C7CC8BB
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
85781
x-content-type-options
nosniff
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 22:19:56 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
125efa87-d01e-00e0-3577-d87502000000
cf-ray
8f76d55fcbe8a272-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
12723
x-ms-blob-type
BlockBlob
server
cloudflare
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
QnaHNt7KvNcyo6Q1ZDZObg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5E56C38B888
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
63712
x-content-type-options
nosniff
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 22:19:56 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
21a48b36-f01e-0091-3444-26073b000000
cf-ray
8f76d55fcbe9a272-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
1738
x-ms-blob-type
BlockBlob
server
cloudflare
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		24 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c496fcbe60fec78dc1b86a9136644d9a97cae20df32be3e9a4a62ce7bd0e6a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
HyPJ72TNHxdfOI82cqKVqA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status
unlocked
cf-bgj
minify
cf-cache-status
HIT
x-ms-version
2009-09-19
age
67168
content-encoding
gzip
x-content-type-options
nosniff
cf-polished
origSize=24745
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
text/css
last-modified
Tue, 16 Jul 2024 22:20:07 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
c2721718-001e-00c0-0f77-d819ce000000
cf-ray
8f76d55fcbeaa272-YUL
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
pixel.gif
cdn.blisspointmedia.com/assets/img/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=761ea7b8-57b2-4f57-800d-548f1ad16918&user_id=undefined&utm_source=undefined&utm_medium=undefined&utm_campaign=undefin...
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
807 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.blisspointmedia.com/assets/img/pixel.gif
Protocol
H2
Server
18.160.18.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-18-74.iad12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-version-id
null
etag
"18b3e43abad26bdac6f4cea944777b62"
age
77377
via
1.1 7a5e7fb63610c502e6d20ae459e78942.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
807
x-amz-cf-id
n2nYnN3jms8x54hT4qeinffdwCoaKUCU98A-XMqZ5caODNFuJGlxQA==
date
Tue, 24 Dec 2024 09:09:46 GMT
content-type
image/gif
last-modified
Mon, 08 Apr 2019 16:24:44 GMT
server
AmazonS3
x-amz-cf-pop
IAD12-P4

Redirect headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
location
https://cdn.blisspointmedia.com/assets/img/pixel.gif
x-amz-apigw-id
DVdIGHLBoAMEKEw=
x-amzn-trace-id
Root=1-676ba899-2e6eecef3d76a1002730162e;Parent=30b40c79489b6997;Sampled=0;Lineage=1:07bbc27a:0
x-amzn-requestid
0679c64d-4842-4b03-8e5a-6bda092d12f7
access-control-allow-origin
*
content-length
2
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/json
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Protocol
H2
Server
68.67.161.208 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
167.114.209.103; 167.114.209.103; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
898ae487-9927-49c9-aa2d-fd7b730a25a1
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 25 Dec 2024 06:39:21 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4

Redirect headers

cache-control
no-store, no-cache, private
location
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
167.114.209.103; 167.114.209.103; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
0c4be3f9-ff80-42c4-a46b-94ec6410d73d
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 25 Dec 2024 06:39:21 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=72c8fcec-78ea-47a7-be8f-717b5f36ab37&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=NzJjOGZjZWMtNzhlYS00N2E3LWJlOGYtNzE3YjVmMzZhYjM3&gdpr=0&gdpr_consent=&ttd_tdid=72c8fcec-78ea-47a7-be8f-717b5...
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm=&google_sc=&google_hm=NzJjOGZjZWMtNzhlYS00N2E3LWJlOGYtNzE3YjVmMzZhYjM3&gdpr=0&gdpr_consent=&ttd_tdid=72c8fcec-78ea-47a7-be8f-717...
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=72c8fcec-78ea-47a7-be8f-717b5f36ab37&google_gid=CAESEF2V_bZ1HaevAb-Ws3jptEY&google_cver=1
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=72c8fcec-78ea-47a7-be8f-717b5f36ab37
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=3617860799656001286&ttd_tdid=72c8fcec-78ea-47a7-be8f-717b5f36ab37
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=72c8fcec-78ea-47a7-be8f-717b5f36ab37&expiration=1737700762&gdpr=0&gdpr_consent=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=72c8fcec-78ea-47a7-be8f-717b5f36ab37&expiration=1737700762&gdpr=0&gdpr_consent=&C=1
43 B
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=72c8fcec-78ea-47a7-be8f-717b5f36ab37&expiration=1737700762&gdpr=0&gdpr_consent=&C=1
Protocol
H2
Server
104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r1yTTXDpV00W7wWIMcbeDdfJJE42gTNRgHZi3Aulwi6VetG%2F5hxYh4psmLqm0uEil3w4RPAP%2FOMgxJYT1jO1NuB40cl6zgKnz6W%2FdJhXQXZ3ftePZEdP8sGh0tpCLtgqFxuQZhDr8F1tcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f76d5678b94ab64-YYZ
expires
0
alt-svc
h3=":443"; ma=86400
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
image/gif
vary
Accept-Encoding
server
cloudflare

Redirect headers

cache-control
no-cache
location
/rum?cm_dsp_id=39&external_user_id=72c8fcec-78ea-47a7-be8f-717b5f36ab37&expiration=1737700762&gdpr=0&gdpr_consent=&C=1
cf-cache-status
DYNAMIC
pragma
no-cache
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1eF2kJBUtPw9Mi9hMiD296XB9uhfJsyXEayaa8Wr9ZirDrptzTZvjx0Z%2BjOTWcAfthDYbG%2FTpkx5AR%2Fo3IYxcnAkZMiHsGpetZnKeJQH9YrDd636SOUenoTzBBTb5SaL4PClJPw0jWsoww%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f76d566badeab64-YYZ
expires
0
alt-svc
h3=":443"; ma=86400
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Wed, 25 Dec 2024 06:39:22 GMT
vary
Accept-Encoding
server
cloudflare
batch
async-px.dynamicyield.com/ 		0
384 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1735108761602_392404
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.83.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-83-57.iad55.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 765ade8c6b70e0e7c0b0572f4e039b98.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
pLJ7lYTWD-u3m3kOPVSur2gMo5NlUrNWcmpHbNTa2E4fMKtAPgyDXA==
date
Wed, 25 Dec 2024 06:39:21 GMT
x-amz-cf-pop
IAD55-P3
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
favicon.ico
www.elfcosmetics.com/ 		34 KB
35 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

x-amzn-remapped-content-length
34494
x-amzn-remapped-connection
close
etag
W/"86be-193f924ba10"
age
404, 404
x-amzn-requestid
566f8255-97f8-4f9b-8b25-3cdae113f77f
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
XyBzgWnUlfL-bqOQ6u0Gk_z5JXIggqIUfECr9q5CBsmZsMw3lvMVDA==
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
image/x-icon
last-modified
Tue, 24 Dec 2024 14:49:14 GMT
vary
Accept-Encoding
x-yottaa-optimizations
ob/100 si/23D1cc02327d-1734717344-5046381970 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
cache-control
max-age=600, s-maxage=600
x-amz-apigw-id
DTSGVECViYcEVrw=
x-amzn-remapped-date
Tue, 24 Dec 2024 14:50:16 GMT
x-amzn-trace-id
Root=1-676aca28-177507ab402832256d31e8fa;Parent=5226b0bc94c883f2;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 677c6e9af68514f698151642c19f6c8e.cloudfront.net (CloudFront)
x-yottaa-metrics
2321cc8d59df/[8,-,1735108677698] 23D1cc02327d/[-,11.268]
accept-ranges
bytes
access-control-allow-origin
*
content-length
34494
x-amz-cf-pop
PHL50-C1
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=185950&uid=-3490289456073955175&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=1b3afb925e5c37d34f50d47eada5f795&expSes=3410&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799436.799440&expVisitId=-1800010366206324497&cgtgDecisionId=-1800010368854384110&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1735108761603&rri=1222538
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.83.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-83-57.iad55.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 3ea826f29560ca95cae18534029cc5a6.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
ciyS-XaWk8YNjOUfNdJvPHmrNE8KksR_0BjSlg86sLm18qWYIS6sng==
date
Wed, 25 Dec 2024 06:39:21 GMT
x-amz-cf-pop
IAD55-P3
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=422710&uid=-3490289456073955175&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=1b3afb925e5c37d34f50d47eada5f795&expSes=3410&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799436.799440&expVisitId=-1800010366374405570&cgtgDecisionId=-1800010368235200157&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1735108761604&rri=4342021
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.83.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-83-57.iad55.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 3ea826f29560ca95cae18534029cc5a6.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
Lbqr1O_J3f-k7xrSEX3BDZ5gHG8-oorMhB4WogPK0fA_kY5Q3XLuyg==
date
Wed, 25 Dec 2024 06:39:21 GMT
x-amz-cf-pop
IAD55-P3
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=998650&uid=-3490289456073955175&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=1b3afb925e5c37d34f50d47eada5f795&expSes=3410&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799436.799440&expVisitId=-1800010369787352192&cgtgDecisionId=-1800010368419899165&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1735108761605&rri=4953881
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.83.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-83-57.iad55.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 3ea826f29560ca95cae18534029cc5a6.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
B-6-E2B4jmO2f49cq1D8_1dCJRVwCwsaV0S1Ofwz0P-stgrsrcurYw==
date
Wed, 25 Dec 2024 06:39:21 GMT
x-amz-cf-pop
IAD55-P3
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=217852&uid=-3490289456073955175&sec=8772046&t=ri&e=1956448&p=1&ve=13877322&va=%5B29454385%5D&ses=1b3afb925e5c37d34f50d47eada5f795&expSes=3410&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799436.799440&expVisitId=-1800010368392942012&cgtgDecisionId=-1800010365659820440&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1735108761606&rri=4026759
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.83.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-83-57.iad55.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 3ea826f29560ca95cae18534029cc5a6.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
iIKmIAE9m7QopH47GlZ7_pFQ5gJCkIqVc8eMZsVah5l8vvJt5fNKLw==
date
Wed, 25 Dec 2024 06:39:21 GMT
x-amz-cf-pop
IAD55-P3
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
601 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
pcXWFGpuVeSg/jVnYCseRg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
80436
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
image/svg+xml
last-modified
Mon, 16 Dec 2024 15:17:14 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
00507193-401e-0022-4d23-50fdbc000000
cf-ray
8f76d56038c6a31b-YUL
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
516 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
28859
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
image/svg+xml
last-modified
Mon, 16 Dec 2024 15:17:14 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
eec5be36-001e-00a6-7f44-50ab94000000
cf-ray
8f76d5604c38a272-YUL
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ot_company_logo.png
cdn.cookielaw.org/logos/static/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
E8+sk/ECzKgTUVtDLikiIA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8DD1DE4B914BC78
age
72286
cf-cache-status
HIT
x-content-type-options
nosniff
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
image/png
last-modified
Mon, 16 Dec 2024 15:17:15 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
8c798c0b-c01e-001a-4a47-50bce5000000
cf-ray
8f76d56068d8a31b-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
4036
x-ms-blob-type
BlockBlob
server
cloudflare
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
Y+c301RBZNK39PvKQWrIBw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
80435
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
image/svg+xml
last-modified
Mon, 16 Dec 2024 15:17:15 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
d85d13eb-c01e-005e-3595-556089000000
cf-ray
8f76d56068daa31b-YUL
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
event
qoe-1.yottaa.net/log-nt/ 		3 B
191 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://qoe-1.yottaa.net/log-nt/event
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.236.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0540a066b92ce4ca.awsglobalaccelerator.com
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-origin
*
access-control-expose-headers
X-Results-Data-Source
timing-allow-origin
*
cache-control
no-cache
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
text/json
access-control-allow-credentials
true
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=363954&uid=-3490289456073955175&sec=8772046&t=ri&e=1575901&p=1&ve=12991774&va=%5B28207095%5D&ses=1b3afb925e5c37d34f50d47eada5f795&expSes=3410&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799436.799440&expVisitId=-1800010366159757755&cgtgDecisionId=-1800010367641424110&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1735108761668&rri=7668929
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.83.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-83-57.iad55.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 3ea826f29560ca95cae18534029cc5a6.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
3YTstp23cPA8IZqNA1tLKZr83P-IIW53tL0Q8t_5BSAp_pY7s18EqA==
date
Wed, 25 Dec 2024 06:39:21 GMT
x-amz-cf-pop
IAD55-P3
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
sessions
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjM1ZjM4NGU1LTgyZTMtNDM3NS1iOGQzLTBjM2MyYjczOTM2NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzUxMDg3MzEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia1h0S2tYRVl4cnNSbWJoSmtXWVlrWEFaOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNTExMDU2MSwiaWF0IjoxNzM1MTA4NzYxLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzc4MzI2MjMzNDUzOTAxNCJ9.9dkCsv6X5UfLR216l1sxYx6XODz0Z8PfkwtbG1JDup7Z034A44-IMJWw4oUe2pUGdfZdANNMEYmMnZYAfcUWNw
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-dw-request-base-id
lUoKeZmoa2cBAAB_
x-dw-version-status
obsolete
age
0
cf-cache-status
DYNAMIC
expires
Thu, 01 Dec 1994 16:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
2tkY-luQK6B2_rP_gQ5vFw9m4JWP9mze0JgRr4XeLG_b38uea-DGBA==
date
Wed, 25 Dec 2024 06:39:21 GMT
x-yottaa-optimizations
ob/0 si/23D1cc02327d-1734717344-5046381971 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
204
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
allow
OPTIONS,POST
cf-ray
8f76d560cd729c2b-IAD
x-yottaa-metrics
2321cc8d59e1/[84,80,-] 23D1cc02327d/[-,87.257]
via
1.1 798fb06c416f07d7eaba25e2728dc5ac.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
x-amz-cf-pop
IAD79-C3
shoppercontext
www.elfcosmetics.com/api/v1/ 		133 B
908 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
235082e9c3ffbe90f1e2586931b7402ac5949e20833ea4661a2974e78e369a22
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjM1ZjM4NGU1LTgyZTMtNDM3NS1iOGQzLTBjM2MyYjczOTM2NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzUxMDg3MzEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia1h0S2tYRVl4cnNSbWJoSmtXWVlrWEFaOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNTExMDU2MSwiaWF0IjoxNzM1MTA4NzYxLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzc4MzI2MjMzNDUzOTAxNCJ9.9dkCsv6X5UfLR216l1sxYx6XODz0Z8PfkwtbG1JDup7Z034A44-IMJWw4oUe2pUGdfZdANNMEYmMnZYAfcUWNw
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
application/json

Response headers

x-amzn-remapped-content-length
133
content-encoding
gzip
x-amzn-remapped-connection
close
etag
W/"85-EWkzZ053fC5Tly5uv8S8MVAqA3A"
age
0
x-amzn-requestid
3feeaa89-7092-41bd-ab86-a7a1ca8df406
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
YxK0m3si0SIq2lPegRS3x7Jyj5Ks4lAzaS5juJAtxI3tn844wYaQew==
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/json; charset=utf-8
x-yottaa-optimizations
ob/1000 si/23D1cc02327d-1734717344-5046381972 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
x-yottaa-os
200
x-amz-apigw-id
DVdIFHwSiYcEhkQ=
x-amzn-remapped-date
Wed, 25 Dec 2024 06:39:22 GMT
x-amzn-trace-id
Root=1-676ba899-6119fea2761c6845329c4291;Parent=66dae01b6f124d13;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 5c70ae1eac1857f85c7660495d949094.cloudfront.net (CloudFront)
x-yottaa-metrics
2321cc8d59e2/[471,468,-] 23D1cc02327d/[-,473.945]
access-control-allow-origin
*
content-length
118
x-amz-cf-pop
PHL50-C1
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
201 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72d98271bd7fa245ce2bd969e67de44698203263143ff696b6bcbda8ae5b00cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
BRAZE-SYNC-RETRY-COUNT
0
X-Braze-DataRequest
true
X-Braze-Last-Req-Ms-Ago
532
X-Braze-ContentCardsRequest
true
X-Braze-Req-Attempt
1
X-Braze-Req-Tokens-Remaining
27
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
8bd864bd-d71a-4403-8902-af315babae7c
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"72d98271bd7fa245ce2bd969e67de446"
access-control-allow-methods
POST, GET
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.045921
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1735108764
cf-ray
8f76d5608a9336c3-YYZ
x-ratelimit-remaining
495.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
shoppercontext
www.elfcosmetics.com/api/v1/ 		133 B
911 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
235082e9c3ffbe90f1e2586931b7402ac5949e20833ea4661a2974e78e369a22
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjM1ZjM4NGU1LTgyZTMtNDM3NS1iOGQzLTBjM2MyYjczOTM2NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzUxMDg3MzEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia1h0S2tYRVl4cnNSbWJoSmtXWVlrWEFaOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNTExMDU2MSwiaWF0IjoxNzM1MTA4NzYxLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzc4MzI2MjMzNDUzOTAxNCJ9.9dkCsv6X5UfLR216l1sxYx6XODz0Z8PfkwtbG1JDup7Z034A44-IMJWw4oUe2pUGdfZdANNMEYmMnZYAfcUWNw
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
application/json

Response headers

x-amzn-remapped-content-length
133
content-encoding
gzip
x-amzn-remapped-connection
close
etag
W/"85-EWkzZ053fC5Tly5uv8S8MVAqA3A"
age
0
x-amzn-requestid
7ead41ab-5fce-4c60-ba57-4dbc9a298a65
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
OB72vbFzXjxFYWwLtQFeMnCzBlKsMkl5PMDZtQXHiIkhFEqFuasATA==
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/json; charset=utf-8
x-yottaa-optimizations
ob/1000 si/23D1cc02327d-1734717344-5046381973 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
x-yottaa-os
200
x-amz-apigw-id
DVdIFEVWCYcEfCA=
x-amzn-remapped-date
Wed, 25 Dec 2024 06:39:22 GMT
x-amzn-trace-id
Root=1-676ba899-4d310d7c6a7b0d3337153cef;Parent=37dc3154b033f197;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 a5f21c3d06407705927942b02b1d5048.cloudfront.net (CloudFront)
x-yottaa-metrics
2321cc8d59e4/[735,731,-] 23D1cc02327d/[-,737.547]
access-control-allow-origin
*
content-length
118
x-amz-cf-pop
PHL50-C1
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
201 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72d98271bd7fa245ce2bd969e67de44698203263143ff696b6bcbda8ae5b00cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
BRAZE-SYNC-RETRY-COUNT
0
X-Braze-DataRequest
true
X-Braze-Last-Req-Ms-Ago
2
X-Braze-ContentCardsRequest
true
X-Braze-Req-Attempt
1
X-Braze-Req-Tokens-Remaining
26
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
c37ea3ce-e476-4fb6-ae87-842aaf94b3d1
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"72d98271bd7fa245ce2bd969e67de446"
access-control-allow-methods
POST, GET
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.065894
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1735108764
cf-ray
8f76d5608a9436c3-YYZ
x-ratelimit-remaining
493.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		189 B
932 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
content-type
application/json

Response headers

content-encoding
gzip
x-dw-request-base-id
h0r9aJmoa2cBAAB_
x-dw-version-status
obsolete
age
0
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
cYvxB4UHX3x0fB3QDSFVY3xVLQSIencL901tDvqw9gpwblUtcIfKFQ==
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/json;charset=UTF-8
x-yottaa-optimizations
ob/1000 si/23D1cc02327d-1734717344-5046381974 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
sfdc_customization
HOOK
x-yottaa-os
200
cache-control
max-age=0,no-cache,no-store,must-revalidate
allow
GET,HEAD,OPTIONS
cf-ray
8f76d560df11599d-IAD
x-yottaa-metrics
23214047a16a/[191,187,-] 23D1cc02327d/[-,194.386]
via
1.1 e1d636b234c38932eb25194cb146dbcc.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
x-amz-cf-pop
PHL50-C1
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		189 B
923 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
content-type
application/json

Response headers

content-encoding
gzip
x-dw-request-base-id
lUogeZmoa2cBAAB_
x-dw-version-status
obsolete
age
0
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
GJCtcAXJo3k4EJK6HZQJtwgftgc-I9tbDIWf7Pe-k89yCZmPE3kU1w==
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/json;charset=UTF-8
x-yottaa-optimizations
ob/1000 si/23D1cc02327d-1734717344-5046381978 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
sfdc_customization
HOOK
x-yottaa-os
200
cache-control
max-age=0,no-cache,no-store,must-revalidate
allow
GET,HEAD,OPTIONS
cf-ray
8f76d5624d3fe645-IAD
x-yottaa-metrics
2321cc8d59e5/[181,176,-] 23D1cc02327d/[-,183.619]
via
1.1 7c9d2cffb8d1fe464e9f78e42af1b34c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
x-amz-cf-pop
IAD79-C3
event
www.elfcosmetics.com/api/en-us/v2.0/ 		105 B
675 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/en-us/v2.0/event?locale=en-US
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/ Express
Resource Hash
c8e389d2665b0d2e2fb7ca53c4663e91c8bacadae16640c30cc66a2ec323b0d1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
application/json
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

content-encoding
gzip
x-amzn-remapped-connection
keep-alive
etag
W/"69-/yDZ4S7bM18b4/ZvlB//E7uWTO0"
age
0
x-content-type-options
nosniff
x-amzn-requestid
94019726-a663-42cd-8756-a4626aa20771
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/23D1cc02327d-1734717344-5046381975 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
x-amz-apigw-id
DVdIFFmmPHcEdpA=
x-amzn-remapped-date
Wed, 25 Dec 2024 06:39:21 GMT
x-amzn-trace-id
Root=1-676ba899-643bd0b60503cf562e2c1b66
x-yottaa-metrics
23214047a17a/[231,227,-] 23D1cc02327d/[-,233.991]
access-control-allow-origin
*
content-length
110
x-powered-by
Express
baskets
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkXtKkXEYxrsRmbhJkWYYkXAZ/ 		11 B
985 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkXtKkXEYxrsRmbhJkWYYkXAZ/baskets?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjM1ZjM4NGU1LTgyZTMtNDM3NS1iOGQzLTBjM2MyYjczOTM2NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzUxMDg3MzEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia1h0S2tYRVl4cnNSbWJoSmtXWVlrWEFaOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNTExMDU2MSwiaWF0IjoxNzM1MTA4NzYxLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzc4MzI2MjMzNDUzOTAxNCJ9.9dkCsv6X5UfLR216l1sxYx6XODz0Z8PfkwtbG1JDup7Z034A44-IMJWw4oUe2pUGdfZdANNMEYmMnZYAfcUWNw
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

x-yottaa-metrics
2321cc8d59e0/[162,160,-] 23D1cc02327d/[-,163.636]
x-correlation-id
8f76d561e9585a76
cf-cache-status
DYNAMIC
content-encoding
gzip
age
0
x-content-type-options
nosniff
expires
Thu, 01 Dec 1994 16:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
vuESB8UilZ35oFV4gE8rFwbS0dgBd5R0a2Ur_-1tM6C66h_B1R31GA==
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/json;charset=UTF-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/23D1cc02327d-1734717344-5046381977 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=31536000; includeSubDomains
sfdc_customization
HOOK
x-yottaa-os
200
cache-control
no-cache, no-store
pragma
no-cache
via
1.1 d93f61c3371a812d64846df2034f9796.cloudfront.net (CloudFront)
sfdc_cache_status
MISS [0/1]
cf-ray
8f76d561e9585a76-IAD
accept-ranges
bytes
access-control-allow-origin
*
sfdc_load
1
content-length
37
dnt
0
x-ratelimit-limit
99999
x-ratelimit-remaining
999
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkXtKkXEYxrsRmbhJkWYYkXAZ/baskets?siteId=elf-us
x-amz-cf-pop
IAD79-C3
www-widgetapi.js
www.youtube.com/s/player/03dbdfab/www-widgetapi.vflset/ 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/03dbdfab/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c01::5d Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
14939503c8a97bef459ce94218f0e65933ab569f7b1d726bcb0b3c1031ebccf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
age
165804
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
x-content-type-options
nosniff
expires
Tue, 23 Dec 2025 08:35:57 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 23 Dec 2024 08:35:57 GMT
last-modified
Mon, 16 Dec 2024 05:14:15 GMT
content-type
text/javascript
vary
Accept-Encoding, Origin
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
content-length
10165
x-xss-protection
0
server
sffe
api.js
www.google.com/recaptcha/ 		1 KB
989 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.104 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f104.1e100.net
Software
ESF /
Resource Hash
0c34a0cc5c5e472589a32746a26ff106919c30e1978fdac19e19889fdb4f5a07
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Wed, 25 Dec 2024 06:39:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date
Wed, 25 Dec 2024 06:39:21 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
batch
async-px.dynamicyield.com/ 		0
383 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1735108761869_302101
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.83.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-83-57.iad55.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 765ade8c6b70e0e7c0b0572f4e039b98.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
jtYWWLElA-k457gqy90znZmF_NZXsIoHqKia7_Wu4vz_cS2FJgwhvA==
date
Wed, 25 Dec 2024 06:39:21 GMT
x-amz-cf-pop
IAD55-P3
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
110221.ct.js
tag.rmp.rakuten.com/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.rmp.rakuten.com/110221.ct.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.147.102.34.bc.googleusercontent.com
Software
/
Resource Hash
3b0f317806d1ce70f504afd76f39bd17a3467778641af122dc06e95e73a03613
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=86400
content-encoding
gzip
x-samesite
secure
via
1.1 google
x-dyn
0
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-cache
hit
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
text/javascript
last-modified
Wed, 25 Dec 2024 06:39:21 GMT
js
www.paypal.com/sdk/ 		425 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
911894783ee4fd2bdbea04f4cf5c1ccfa3cab4be816e5ebed6c5d2c2cb6d38a3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-s9zhuYioo2/SgT7soAK+0uTKoMFql+Izqv1ZNt4AzGO1hkXZ' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-s9zhuYioo2/SgT7soAK+0uTKoMFql+Izqv1ZNt4AzGO1hkXZ' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Server-Timing
paypal-debug-id
f400297f5d1b5
content-encoding
gzip
etag
W/"1d899-LHR6v85diFVZ7uoSF/xh1vUcO3g"
age
1882
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
x-content-type-options
nosniff
disable-set-cookie
true
traceparent
00-0000000000000000000f400297f5d1b5-2bdb43ba452ec4af-01
server-timing
"traceparent;desc="00-0000000000000000000f400297f5d1b5-c8b02d1322e5a114-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
p3p
true
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-bur-kbur8200104-BUR, cache-yul1970071-YUL, cache-yul1970071-YUL
x-cache-hits
1757, 0, 0
x-frame-options
SAMEORIGIN
x-cache
HIT, HIT, MISS
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-s9zhuYioo2/SgT7soAK+0uTKoMFql+Izqv1ZNt4AzGO1hkXZ' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-s9zhuYioo2/SgT7soAK+0uTKoMFql+Izqv1ZNt4AzGO1hkXZ' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
cache-control
public, max-age=3600, s-maxage=10800
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
x-timer
S1735108762.948911,VS0,VE4
via
1.1 varnish, 1.1 varnish, 1.1 varnish
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
access-control-allow-origin
*
content-length
120985
x-xss-protection
1; mode=block
main.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 		150 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.47.22.7 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-22-7.deploy.static.akamaitechnologies.com
Software
nginx / Express
Resource Hash
c2ac7532466beef2ea338502b864a697286dfb2a61cefb19fcebe0cccc40f068
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=15768000
Vary
Accept-Encoding
Cache-Control
must-revalidate, max-age=900
Content-Encoding
gzip
Connection
keep-alive
Expires
Wed, 25 Dec 2024 06:54:22 GMT
Access-Control-Allow-Origin
*
Content-Length
53150
Date
Wed, 25 Dec 2024 06:39:22 GMT
Content-Type
application/javascript;charset=UTF-8
X-Powered-By
Express
Server
nginx
X-Frame-Options
SAMEORIGIN
/
websdk.appsflyer.com/ 		51 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://websdk.appsflyer.com/?st=banners&
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.10.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-10-125.iad12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0ba6b163f965f258c24888cf11c6dfe0d044de0800284da2e78a3faf7bd12925

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-cf-pop
IAD12-P3
content-encoding
br
etag
W/"7ee104753099f9f00003724eb0a4c433"
age
1945
via
1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
353-aigVprIsGasCxCo-QuudRYAbrROe0YApdyBj74WnWtxrsuTFpQ==
date
Wed, 25 Dec 2024 06:06:58 GMT
content-type
application/javascript
vary
accept-encoding
server
AmazonS3
last-modified
Tue, 01 Oct 2024 07:07:49 GMT
x-amz-server-side-encryption
AES256
js
www.googletagmanager.com/gtag/ 		317 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c09::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e11886f6895356e33dc8f22fb6b2316070cdfd01a62a62ebfa51ff3978e33b14
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 25 Dec 2024 06:39:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
108549
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		412 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c09::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b95919664015f9b87c5a654335292349aef8397f178f7105887f8044114eee60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 25 Dec 2024 06:39:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
134974
x-xss-protection
0
server
Google Tag Manager
iframe_api
www.youtube.com/ 		993 B
588 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c01::5d Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1daeb8f2b20e643498e588a0f3bc753699fe28c787205ece9b0fc5cd5a7b06be
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
x-content-type-options
nosniff
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
expires
Wed, 25 Dec 2024 06:39:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
require-trusted-types-for 'script'
cache-control
private, max-age=0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
x-xss-protection
0
server
ESF
cs-start
a42cdn.usablenet.com/a42/elfcosmetics/default/prod/ 		16 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a42cdn.usablenet.com/a42/elfcosmetics/default/prod/cs-start
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:22::17d4:fb0b Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
fa150a81619027314181390628b303e5b930c2e67048ce26c02180fd0d5025fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
public, max-age=799
content-encoding
gzip
access-control-allow-origin
*
content-length
4147
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
text/javascript;charset=utf-8
vary
Accept-Encoding
destination
www.googletagmanager.com/gtag/ 		231 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c09::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7d18501cdddaa0f91603653eddba194fb539e232e6ec7d6568f28f862bebaf8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Wed, 25 Dec 2024 06:39:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 25 Dec 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
84533
x-xss-protection
0
server
Google Tag Manager
destination
www.googletagmanager.com/gtag/ 		236 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c09::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
569ea89aad6b084576812a77096086f813134af50eabd9697c456e156eb5de54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Wed, 25 Dec 2024 06:39:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 25 Dec 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
85879
x-xss-protection
0
server
Google Tag Manager
core.js
s.pinimg.com/ct/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:387::1931 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
46811578437caf8eac61ac10112c43b46ede17063b29ac96b866c7027b6fd1d2

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
86400
cache-control
max-age=7200
access-control-expose-headers
X-CDN
content-encoding
br
etag
"11c76370dfab0397b8a31fe800363638"
x-cdn
akamai
access-control-allow-methods
GET
accept-ranges
bytes
alt-svc
h3=":443"; ma=600
access-control-allow-origin
*
content-length
1863
content-type
application/javascript
vary
Accept-Encoding, Origin
x-amz-server-side-encryption
AES256
fbevents.js
connect.facebook.net/en_US/ 		239 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
24751cbae618f6fbeb532498fd1ceeda5350f30085086cd5426961a2695e3d9f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-LJDnB8E1' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-LJDnB8E1' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=28, rtx=0, c=23, mss=1232, tbw=4502, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
hHh2C2HvFnNpTSFnyOSvLk6/yd5uRKmgwRXEiB6OB/KKT77nf2fZvMS+A7ZYSf1aG5ydXrI7xCm1XGg21vHofQ==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62282
x-xss-protection
0
origin-agent-cluster
?1
pixel.js
www.redditstatic.com/ads/ 		43 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
public, max-age=60
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding
gzip
etag
"1a001f3a066bff47a766099b87253911"
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
12220
date
Wed, 25 Dec 2024 06:39:22 GMT
last-modified
Mon, 18 Nov 2024 21:16:35 GMT
content-type
application/javascript
vary
Accept-Encoding,Origin
server
snooserv
x-amz-server-side-encryption
AES256
bat.js
bat.bing.com/ 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
gzip
etag
"028e0691d20db1:0"
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 85BF2131581E4308ACE3BF215A7F138A Ref B: YMQ01EDGE0818 Ref C: 2024-12-25T06:39:22Z
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
14570
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/javascript
last-modified
Wed, 16 Oct 2024 22:47:44 GMT
vary
Accept-Encoding
tfa.js
cdn.taboola.com/libtrc/unip/1691051/ 		82 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/unip/1691051/tfa.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
427134e1561e3e038ec2e1ee282f64ff356eaef3ce76a89ae984266ee0965df1

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
"211eae745f78c651b472aa9a175c1a35"
x-amz-version-id
W32QD2l.EmrS9qpUiuUaAVZtETlo_8Sd
age
0
x-cache
HIT
date
Wed, 25 Dec 2024 06:39:22 GMT
last-modified
Sun, 22 Dec 2024 11:13:17 GMT
x-served-by
cache-yul1970034-YUL
x-cache-hits
0
content-type
application/javascript; charset=utf-8
x-amz-id-2
NRQ6/btwr/BnPp7CpdQ2J6d3WkC1emWeWn1cjn5EwYDKdYGgf3PnGX5Snxj6ICx2J+62rDkvtO4=
vary
Accept-Encoding
x-amz-replication-status
COMPLETED
cache-control
private,max-age=14401
x-timer
S1735108762.088627,VS0,VE41
via
1.1 varnish
x-amz-request-id
N1QPS0SVSTQRWAGX
accept-ranges
bytes
access-control-allow-origin
*
abp
53
content-length
25730
server
AmazonS3
x-amz-server-side-encryption
AES256
events.js
analytics.tiktok.com/i18n/pixel/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=BRR4GA0I9JJBU29G8GF0&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.141 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-141.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
cdea9e433bc90d56d9039a6b9bec123356b22f2d182c5a66163c659c9967f5a0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
expires
Wed, 25 Dec 2024 06:39:22 GMT
server-timing
inner; dur=4, cdn-cache; desc=MISS, edge; dur=0, origin; dur=8
x-cache
TCP_MISS from a23-220-104-151.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-akamai-request-id
8baa9f5e
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943863d0509273ae6dfaf58e7f5a35970e48ea688773d9ffb0c1b36f5fcd1cc98130cd45fd72c0f7d35e14e803083eb1f5aff973a67511c7fd67239d862039a834a59b111ec9a926db6164d10fe6cea526154
x-origin-response-time
8,23.220.104.151
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2412250639224BCFC931A03FA0D2A246-14C6BFF3471415F6-00
content-length
2493
x-tt-logid
202412250639224BCFC931A03FA0D2A246
server
nginx
events.js
analytics.tiktok.com/i18n/pixel/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.141 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-141.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
7e3aeccbebe3566a7e5aff29419d5fbaf573a65ab02cbdcb6f01003970aa4086

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
expires
Wed, 25 Dec 2024 06:39:22 GMT
server-timing
inner; dur=5, cdn-cache; desc=MISS, edge; dur=1, origin; dur=8
x-cache
TCP_MISS from a23-220-104-151.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-akamai-request-id
8baa9f5d
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943863d0509273ae6dfaf58e7f5a35970e48e68693670763fed03404a8307b2bf77cfbed99b5aaadc9e80a7cbcee29d1b42646eb1b15dc116e980ff1cd58f52096e6cf1f81fc77e797585b8d12392d1b9bb98
x-origin-response-time
9,23.220.104.151
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-241225063922DE34AA63C1810C5BF598-4DE9F0567C72A3A3-00
content-length
2468
x-tt-logid
20241225063922DE34AA63C1810C5BF598
server
nginx
widget.js
js.jebbit.com/companion/v1/ 		44 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:27c2:b000:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
226049a96ceaa190e0dd45980c8fba9367127b7c2b19b635ee30bb7f4fa17e52

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-version-id
M.fQKrXkVHcvymDK9D8bU4BvoS660wdj
etag
"9ee6264c1a592ca4976fb94c91ef8c87"
age
30046
via
1.1 0be89ec5b9fd1e7b2066b4e5e6c14da0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
45384
x-amz-cf-id
ZeE5yOPf9ht_-5NdJKrNUxXq6awwoxB6AlAwJ3M5ejIt-RNn7jTQgA==
date
Tue, 24 Dec 2024 22:18:37 GMT
content-type
text/javascript
last-modified
Mon, 07 Oct 2024 17:19:22 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P4
x-amz-server-side-encryption
AES256
i.js
tag.wknd.ai/4142/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/4142/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
efbc8ec864a755ab2dc18e0e3e511ede759ca1ed89ab6a428a7f590a9b79fab8

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
d1a3c30610fcb6
age
1522
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:14:00 GMT
content-type
text/plain; charset=utf-8
vary
Accept-Encoding
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
cache-control
public,max-age=60
timing-allow-origin
*
x-envoy-upstream-service-time
1
x-envoy-decorator-operation
tag-router.tag-router.svc.cluster.local:80/*
via
1.1 google
access-control-allow-origin
*
content-length
5938
server
istio-envoy
x-region
us-central1
include.js
cdn8.eu.inside.chat/gtm/IN-1011171-EC/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn8.eu.inside.chat/gtm/IN-1011171-EC/include.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.8.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fbf274307b0005c6c7e28165828d62def90546a6395cc49c4bf08aa9a7fd2a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"066bf777448db1:0"
age
155
expires
Wed, 25 Dec 2024 07:39:22 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/javascript
last-modified
Sat, 07 Dec 2024 06:51:40 GMT
vary
Accept-Encoding
priority
u=3,i=?0
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
public, max-age=3600
cf-ray
8f76d563cf2d5407-YYZ
accept-ranges
bytes
content-length
10553
server
cloudflare
collect
sgtm.elfcosmetics.com/g/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4cc1v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=2088589287.1735108762&ecid=1720609689&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=782537416.1735108761&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=1&sid=1735108762&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4272&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
afff8d1f631c224e6e81a720ed6dd71fe6f8aea5e8e548c2f2afa8055bc6697a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
x-accel-buffering
no
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
text/plain
server
Google Frontend
collect
sgtm.elfcosmetics.com/g/ 		65 B
465 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4cc1v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=2088589287.1735108762&ecid=1720609689&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=782537416.1735108761&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=2&sid=1735108762&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&ep.vendor_id=facebook&ep.event_id=1735109105411_173510964239520&ep.facebook_pixel_id=1638306756445368&_et=5&tfd=4282&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
x-accel-buffering
no
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
text/plain
server
Google Frontend
activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=7411371936582;npa=1;auiddc=538264627.1735108761;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;ps=1;pc...
ad.doubleclick.net/ 		0
23 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=7411371936582;npa=1;auiddc=538264627.1735108761;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;ps=1;pcor=1170017987;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
173.194.207.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qk-in-f149.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 25 Dec 2024 06:39:22 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"4096405494695936249"}],"aggregatable_trigger_data":[{"filters":[{"14":["8259474"]}],"key_piece":"0x4eb53fe22af0aa0a","source_keys":["12","13","14","15","16","17","18","19","20","21","27161852","27161853","27161854","27161855","628473576","628473577","628473578","628473579","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","641998712","641998713","641998714","641998715","643969340","643969341","643969342","643969343"]},{"key_piece":"0x3d6e4d6f411a888","not_filters":{"14":["8259474"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","27161852","27161853","27161854","27161855","628473576","628473577","628473578","628473579","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","641998712","641998713","641998714","641998715","643969340","643969341","643969342","643969343"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"27161852":32,"27161853":32,"27161854":32,"27161855":3177,"628473576":32,"628473577":32,"628473578":32,"628473579":3177,"628795380":32,"628795381":32,"628795382":32,"628795383":3177,"628812176":32,"628812177":32,"628812178":32,"628812179":3177,"641998712":32,"641998713":32,"641998714":32,"641998715":3177,"643969340":32,"643969341":32,"643969342":32,"643969343":3177},"aggregation_coordinator_origin":"https://publickeyservice.msmt.gcp.privacysandboxservices.com","debug_key":"11762682997882423153","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"4096405494695936249","filters":[{"14":["8259474"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"4096405494695936249","filters":[{"14":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"4096405494695936249","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"4096405494695936249","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["9231397"]}}
content-type
image/png
x-xss-protection
0
server
cafe
activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=4599730919444;npa=1;auiddc=538264627.1735108761;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;ps=1;pcor=142...
ad.doubleclick.net/ 		0
23 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=4599730919444;npa=1;auiddc=538264627.1735108761;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;ps=1;pcor=1426075789;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
173.194.207.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qk-in-f149.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 25 Dec 2024 06:39:22 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"15996232211832949117"}],"aggregatable_trigger_data":[{"filters":[{"14":["12119809"]}],"key_piece":"0x77b8756bf2b295c1","source_keys":["12","13","14","15","16","17","18","19","20","21","24748276","24748277","24748278","24748279","27138660","27138661","27138662","27138663","30226404","30226405","30226406","30226407","31055692","31055693","31055694","31055695","628477676","628477677","628477678","628477679","628627208","628627209","628627210","628627211","642003348","642003349","642003350","642003351","642887056","642887057","642887058","642887059","644875020","644875021","644875022","644875023","644922660","644922661","644922662","644922663"]},{"key_piece":"0x93a456f5f6c20291","not_filters":{"14":["12119809"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","24748276","24748277","24748278","24748279","27138660","27138661","27138662","27138663","30226404","30226405","30226406","30226407","31055692","31055693","31055694","31055695","628477676","628477677","628477678","628477679","628627208","628627209","628627210","628627211","642003348","642003349","642003350","642003351","642887056","642887057","642887058","642887059","644875020","644875021","644875022","644875023","644922660","644922661","644922662","644922663"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"24748276":32,"24748277":32,"24748278":32,"24748279":3177,"27138660":34,"27138661":34,"27138662":34,"27138663":3345,"30226404":34,"30226405":34,"30226406":34,"30226407":3345,"31055692":32,"31055693":32,"31055694":32,"31055695":3177,"628477676":32,"628477677":32,"628477678":32,"628477679":3177,"628627208":32,"628627209":32,"628627210":32,"628627211":3177,"642003348":32,"642003349":32,"642003350":32,"642003351":3177,"642887056":65,"642887057":65,"642887058":65,"642887059":6356,"644875020":46,"644875021":46,"644875022":46,"644875023":4540,"644922660":40,"644922661":40,"644922662":40,"644922663":3973},"aggregation_coordinator_origin":"https://publickeyservice.msmt.gcp.privacysandboxservices.com","debug_key":"2320972215865565981","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"15996232211832949117","filters":[{"14":["12119809"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"15996232211832949117","filters":[{"14":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"15996232211832949117","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"15996232211832949117","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["10742279"]}}
content-type
image/png
x-xss-protection
0
server
cafe
local
www.paypal.com/credit-presentment/experiments/ Frame 4E8F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.65.2&integrationType=SDK
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
age
127383
cache-control
s-maxage=86400, max-age=0
content-encoding
gzip
content-length
1524
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type
text/html; charset=utf-8
correlation-id
f778390e08828
date
Wed, 25 Dec 2024 06:39:22 GMT
dc
ccg11-origin-www-1.paypal.com
edge-cache-tag
up-treatments-zoid
etag
W/"1479-pxGdU+FhMnXvA+/ZyqsAdGUs5TA"
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f778390e08828
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f778390e08828-3cfdbf40cca8b111-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f778390e08828-90f21e70c409b4a6-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, HIT, MISS
x-cache-hits
14159, 3056, 0
x-served-by
cache-bur-kbur8200087-BUR, cache-yul1970076-YUL, cache-yul1970076-YUL
x-timer
S1735108762.359459,VS0,VE7
x-xss-protection
1; mode=block
pptm.js
www.paypal.com/tagmanager/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.465&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fb11430bad0503642a242e3c42be2690df96d11efc4f08e27b9b96f02480f8ee
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-35qzpYnC8ZG4MsM4Rw+5NRxFSIjLdojAKBPgfwWWnREV3LO/' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

paypal-debug-id
f952916b3854e
content-encoding
gzip
etag
W/"2f86-rIyHQCWayVhsCSMMD5/wlkCo+Tw"
age
145430
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
x-content-type-options
nosniff
traceparent
00-0000000000000000000f952916b3854e-cab8981fb8bb89c6-01
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT, HIT, MISS
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/x-javascript; charset=utf-8
x-served-by
cache-bur-kbur8200077-BUR, cache-yul1970071-YUL, cache-yul1970071-YUL
x-cache-hits
1666, 23, 0
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-35qzpYnC8ZG4MsM4Rw+5NRxFSIjLdojAKBPgfwWWnREV3LO/' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
cache-control
public, max-age=3600
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
x-timer
S1735108762.327791,VS0,VE5
via
1.1 varnish, 1.1 varnish, 1.1 varnish
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
content-length
4354
x-xss-protection
1; mode=block
batch
async-px.dynamicyield.com/ 		0
383 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1735108762359_445830
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.83.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-83-57.iad55.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 765ade8c6b70e0e7c0b0572f4e039b98.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
g5sBVK8bt_iweC8YQJq8LXdWomuKDfUZha7R7wbvhFX7QU0leqLEiw==
date
Wed, 25 Dec 2024 06:39:22 GMT
x-amz-cf-pop
IAD55-P3
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
1a8bfa042c9c5.js
t.contentsquare.net/uxa/ 		382 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.167.88.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-167-88-57.iad55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fb298350052d73bf05c430b61a0464dfb1f16711dea168f38987df5a0990e267

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
etag
"0ddd937a36a8125e23eeff645a7055e5"
age
0
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
AwWr88kL-TfSeLBN30xBN3NWUpsC7XSFpxWXmktQ2WqwlZtjR6RtEA==
date
Mon, 23 Dec 2024 18:11:21 GMT
content-type
application/javascript;charset=utf-8
last-modified
Wed, 18 Dec 2024 13:15:12 GMT
vary
Origin
cache-control
max-age=900
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
via
1.1 762d730dc67e76a23b806d2aba1a1cae.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
91883
x-amz-cf-pop
IAD55-P6
server
AmazonS3
x-amz-server-side-encryption
AES256
activityi;src=9231397;type=retarget;cat=globa0;ord=7411371936582;npa=1;auiddc=538264627.1735108761;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;ps=1;pcor=1170017987;uaa=;ua...
9231397.fls.doubleclick.net/ Frame B9F1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=7411371936582;npa=1;auiddc=538264627.1735108761;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;ps=1;pcor=1170017987;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
209.85.201.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qu-in-f148.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
428
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 25 Dec 2024 06:39:22 GMT
expires
Wed, 25 Dec 2024 06:39:22 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=4599730919444;npa=1;auiddc=538264627.1735108761;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;ps=1;pcor=1426075789;uaa=;uab=;uaf...
10742279.fls.doubleclick.net/ Frame 785D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=4599730919444;npa=1;auiddc=538264627.1735108761;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;ps=1;pcor=1426075789;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
209.85.201.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qu-in-f149.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
365
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 25 Dec 2024 06:39:22 GMT
expires
Wed, 25 Dec 2024 06:39:22 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je4cc1v879088318z8896608294za200zb896608294&_gaz=1&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=2088589287.1735108762&ul=en-ca&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sid=1735108762&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&en=page_view&_fv=1&_ss=2&ep.page_type=content&ep.page_environment=production&ep.page_country=US&ep.page_language=EN&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=US&up.user_loyalty_status=false&tfd=4633
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c02::64 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.elfcosmetics.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
557 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=2088589287.1735108762&gtm=45je4cc1v879088318z8896608294za200zb896608294&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c06::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.elfcosmetics.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZLYXLXNDL8&cid=2088589287.1735108762&gtm=45je4cc1v879088318z8896608294za200zb896608294&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tag_exp=101925629~102067555~102067808~102081485~102198178&z=2101873060
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.192.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 25 Dec 2024 06:39:22 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
logger
www.paypal.com/xoplatform/logger/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
date
Wed, 25 Dec 2024 06:39:22 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f927649b34552
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f927649b34552-1938bae80c9b38ff-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-content-type-options
nosniff
x-served-by
cache-bur-kbur8200051-BUR, cache-yul1970082-YUL, cache-yul1970082-YUL
x-timer
S1735108763.505552,VS0,VE112
logger
www.paypal.com/xoplatform/logger/api/ 		979 B
899 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
06ef01e99787e891b4398e590bddf47a6d4292c69489f46bdfd2a3fb838ffed2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
accept
application/json
content-type
application/json

Response headers

paypal-debug-id
f927649c43fb5
content-encoding
br
etag
W/"3d3-rb8+/NN+r0CaIxZg2peqAd9lGiw"
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
x-content-type-options
nosniff
traceparent
00-0000000000000000000f927649c43fb5-00e3c380d1a92173-01
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-cache
MISS, MISS, MISS
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/json; charset=utf-8
x-served-by
cache-bur-kbur8200030-BUR, cache-yul1970082-YUL, cache-yul1970082-YUL
x-cache-hits
0, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
x-timer
S1735108763.636926,VS0,VE126
access-control-allow-credentials
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
none
access-control-allow-origin
https://www.elfcosmetics.com
main.7d8116bd.js
s.pinimg.com/ct/lib/ 		81 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/lib/main.7d8116bd.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:387::1931 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
fb322d9e801b20f445402380d99d144e674abdc4821c6b5d30936c0ecfe381ab

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
86400
cache-control
max-age=1209600
access-control-expose-headers
X-CDN
content-encoding
br
etag
"b7968e6e7735284fd26091b6f049515c"
x-cdn
akamai
access-control-allow-methods
GET
accept-ranges
bytes
access-control-allow-origin
*
content-length
23467
content-type
application/javascript
vary
Accept-Encoding, Origin
x-amz-server-side-encryption
AES256
1638306756445368
connect.facebook.net/signals/config/ 		81 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1638306756445368?v=2.9.179&r=stable&domain=www.elfcosmetics.com&hme=b8122d5d96cd6f542162ba4f497489972d1ebe228d24c39d34f560e30ae932ce&ex_m=70%2C122%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C173%2C176%2C188%2C184%2C185%2C187%2C29%2C101%2C53%2C77%2C186%2C168%2C171%2C181%2C182%2C189%2C132%2C41%2C191%2C192%2C34%2C144%2C15%2C50%2C197%2C196%2C134%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C169%2C172%2C141%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
410435b46620aaadc41bb3931524f941316bfe78b96906325b7f6a2268d38953
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-sDX1HDBM' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-sDX1HDBM' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=28, rtx=0, c=77, mss=1232, tbw=70566, tp=66, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
kCUpJ/9hnz4spdhhBMe9l5DYYZu4G6zV7ML50ifbD8ZQY0lYRtxGpCmcpjCl3dQxV+fHrVHv3sl3ZCK6cB+dWw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
16484
x-xss-protection
0
origin-agent-cluster
?1
config
pixel-config.reddit.com/pixels/t2_16331p/ 		3 B
124 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel-config.reddit.com/pixels/t2_16331p/config
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
max-age=14400
content-encoding
gzip
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
27
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/json
t2_16331p_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
700 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_16331p_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
max-age=300
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding
gzip
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
98
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/json
vary
Accept-Encoding,Origin
server
snooserv
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1735108762493&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=9b49f591e311bb5d76738cc38b16362a12a524db3ccfce0d0f0743b26023c444&uuid=60b0d3ef-94c2-4770-9f6d-0ea96604c0b4&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after
0
cross-origin-resource-policy
cross-origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
content-length
42
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
image/gif
server
Varnish
topics_api
psb.taboola.com/ 		65 B
281 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://psb.taboola.com/topics_api
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1691051/tfa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e7112b70eed95d42b178135728e6153e34f07001827870748de87cd7dec3538e

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, max-age=2592000
retry-after
0
x-timer
S1735108763.573455,VS0,VE0
observe-browsing-topics
?1
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
content-length
65
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
text/html; charset=utf-8
x-served-by
cache-yul1970071-YUL
server
Varnish
x-cache-hits
0
toggleOffL.svg
a42cdn.usablenet.com/a42/lib/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a42cdn.usablenet.com/a42/lib/img/toggleOffL.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:22::17d4:fb0b Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
223a298a1a02096375ccf01e37a4091566d8aca165bb8e0fb089bb257789891d

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

accept-ranges
bytes
cache-control
public, max-age=20993469
content-length
2396
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
image/svg+xml;charset=utf-8
json
trc.taboola.com/1691051/trc/3/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/1691051/trc/3/json?tim=1735108762542&data=%7B%22id%22%3A335%2C%22ii%22%3A%22%2Felf-cosmetic-criminals%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1735108762495%2C%22cv%22%3A%2220241218-12-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Delfcosmetics-sccnx%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22cbp%22%3A%22OneTrust%22%2C%22cbpv%22%3A%221%22%2C%22cbcd%22%3A%22%2C1%2C2%2C3%2C4%2C5%2C%22%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1735108762541%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals%22%2C%22tos%22%3A37%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22it%22%3A%22JS_PIXEL%22%2C%22supv%22%3Atrue%7D%2C%22pa%22%3A%7B%22su%22%3Atrue%7D%2C%22psb%22%3Atrue%7D&pubit=i
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
340fc27e07826bb12765c9437682c9daca2d8ba79a4c7edec4a5235aab19bb1b

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-log-content-encoding
gzip
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-yul1970034-YUL
x-cache-hits
0
vary
Accept-Encoding
x-fastly-to-nlb-rtt
21208
x-timer
S1735108763.588806,VS0,VE42
x-vcl-time-ms
42
access-control-allow-credentials
true
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
x-service-version
v1
server
nginx
main.MWE1OTI4NzI4MA.js
analytics.tiktok.com/i18n/pixel/static/ 		347 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWE1OTI4NzI4MA.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.141 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-141.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ecf6e5354373fa78e0539f812ecc35f949250f81c4146c419b6208a4166c0005

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-cache
TCP_MEM_HIT from a23-220-104-151.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
vary
Accept-Encoding
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
x-tt-trace-id
00-2412191358492A478A9D52B900FD9991-578DF5AA14FE7E76-00
content-length
97476
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/javascript; charset=UTF-8
x-tt-logid
202412191358492A478A9D52B900FD9991
server
nginx
x-akamai-request-id
8baaa9a8
x-tt-trace-host
01f0f218d347c848d4290e07dfbc913dadfff910b3cf987f42019e0cdeb3697ff4f1c85689f6e3078250c1df05ab63c01d2f7c3b2e80aa8f8354b4fc384859d4603d2deaff685ae2fe44c0324d2b84ded2d09628c36917bd8d7cfa81091f2fac36
main.MWE1OTI4NzI4MQ.js
analytics.tiktok.com/i18n/pixel/static/ 		352 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWE1OTI4NzI4MQ.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.141 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-141.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ba3710ffb62361879a717271253bcda8d3a4d1c61f22abc95e00181ca2fea228

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-cache
TCP_MEM_HIT from a23-220-104-151.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
vary
Accept-Encoding
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4
x-tt-trace-id
00-241219142316EEDF1887C0434EE35BDF-12EB65031B6D5207-00
content-length
98977
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/javascript; charset=UTF-8
x-tt-logid
20241219142316EEDF1887C0434EE35BDF
server
nginx
x-akamai-request-id
8baaa9d9
x-tt-trace-host
01d66584a6d7563c883fb006039214d5c715d7145f7192a34f33fc875af004cadaf7d3e2fcbb23fb56bc6339e21b4b65c3e9a679fd9d92d1d50bd0b53d97cf7c2b8602134095bf94affbc96a8a10e08813f4190cce363642516985d4bff6fb74a4
recaptcha__en.js
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/ 		547 KB
216 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c1d::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Origin
https://www.elfcosmetics.com
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
age
583281
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Thu, 18 Dec 2025 12:38:01 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 18 Dec 2024 12:38:01 GMT
last-modified
Tue, 10 Dec 2024 23:05:10 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
220882
x-xss-protection
0
server
sffe
ig.js
cdn8.eu.inside.chat/ 		167 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn8.eu.inside.chat/ig.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.8.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf055e03c860dd88d9d4017203050548dc930d6b78749b07320c9b08f3625071
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
75fd15fd6fcf6083994b9a43ad8e8323
age
593
expires
Wed, 25 Dec 2024 07:39:22 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
priority
u=3,i=?0
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
public, max-age=3600
cf-ray
8f76d56668955407-YYZ
accept-ranges
bytes
content-length
59762
server
cloudflare
collect
analytics.google.com/g/s/ 		0
268 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.google.com/g/s/collect?dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&gtm=45j91e4c50h1v9125640115z8896608294z99175401888za200zb896608294&tag_exp=101925629~102067555~102067808~102081485~102198178&_gsid=5D80LRC85NK6iuE6KJt0ZCjfgKWSNXog
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c02::64 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:194:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:194:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&tid=G-5D80LRC85N&cid=MIlvyp7mRkt3JCuCPgN7ZqE8Vc81KKdVVDqUSk7RZJY%3D.1735108762&gtm=45j91e4c50h1v9125640115z8896608294z99175401888za200zb896608294&tag_exp=101925629~102067555~102067808~102081485~102198178&aip=1&z=942782016
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.192.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 25 Dec 2024 06:39:22 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
collect
stats.g.doubleclick.net/g/ 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&tid=G-5D80LRC85N&cid=MIlvyp7mRkt3JCuCPgN7ZqE8Vc81KKdVVDqUSk7RZJY%3D.1735108762&gtm=45j91e4c50h1v9125640115z8896608294z99175401888za200zb896608294&tag_exp=101925629~102067555~102067808~102081485~102198178&aip=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c06::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
text/plain
server
Golfe2
list
banner.appsflyer.com/sb/0dc8f99f-7425-4368-a179-a69faddb0aad/creative/ 		2 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://banner.appsflyer.com/sb/0dc8f99f-7425-4368-a179-a69faddb0aad/creative/list
Requested by
Host: websdk.appsflyer.com
URL: https://websdk.appsflyer.com/?st=banners&
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.84.188.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-188-31.iad89.r.cloudfront.net
Software
http-kit /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-type
text/plain
Referer
https://www.elfcosmetics.com/

Response headers

Connection
keep-alive
Access-Control-Allow-Methods
GET, POST
Via
1.1 6ec872fa8051a500a5a9ab5ec50a79ba.cloudfront.net (CloudFront)
Access-Control-Allow-Origin
https://www.elfcosmetics.com
X-Cache
Miss from cloudfront
Content-Length
2
X-Amz-Cf-Id
twNZzZqIvx2Y_SH1zSCYDO-IpU1tcZ8ErH77gJagSRgO7xPPuYHADQ==
Date
Wed, 25 Dec 2024 06:39:22 GMT
Content-Type
application/json
X-Amz-Cf-Pop
IAD89-C2
Server
http-kit
baskets
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
2a04538c3f22839b940e0c46dca865629677da2901b79d30576fcd1fc1774710
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjM1ZjM4NGU1LTgyZTMtNDM3NS1iOGQzLTBjM2MyYjczOTM2NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzUxMDg3MzEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia1h0S2tYRVl4cnNSbWJoSmtXWVlrWEFaOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNTExMDU2MSwiaWF0IjoxNzM1MTA4NzYxLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzc4MzI2MjMzNDUzOTAxNCJ9.9dkCsv6X5UfLR216l1sxYx6XODz0Z8PfkwtbG1JDup7Z034A44-IMJWw4oUe2pUGdfZdANNMEYmMnZYAfcUWNw
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
content-type
application/json

Response headers

x-dw-resource-state
9b4bba8ecd21613e9302944ccab39cde749f400aa04a01d678ba5afafd23b620
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
content-encoding
gzip
x-dw-request-base-id
lUpheZqoa2cBAAB_
etag
9b4bba8ecd21613e9302944ccab39cde749f400aa04a01d678ba5afafd23b620
age
0
x-dw-version-status
obsolete
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
expires
Thu, 01 Dec 1994 16:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
9kvmgdEoJ40djH9B03X014W0xbaJSpXXTByYeJ_BW2f-cobA4XMhCQ==
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
application/json;charset=UTF-8
x-yottaa-optimizations
ob/1000 si/23D1cc02327d-1734717344-5046381980 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
sfdc_customization
HOOK
x-yottaa-os
200
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
allow
OPTIONS,POST
cf-ray
8f76d566acf305b7-IAD
x-yottaa-metrics
2321cc8d59e7/[134,130,-] 23D1cc02327d/[-,137.570]
via
1.1 23546b21bebd898e1f4c79789ae527ca.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
1105
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
x-amz-cf-pop
IAD79-C3
ts
t.paypal.com/ 		42 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Ageneric%3Aanalytics%3A%3Amerchant&page=muse%3Ageneric%3Aanalytics%3A%3Amerchant%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&fltp=analytics-generic&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1735108762621&g=480&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&ru=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&sinfo=%7B%22partners%22%3A%7B%22ecwid%22%3A%7B%7D%2C%22bigCommerce%22%3A%7B%7D%2C%22shopify%22%3A%7B%7D%2C%22wix%22%3A%7B%7D%2C%22bigCartel%22%3A%7B%7D%7D%7D&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.3.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Server-Timing
paypal-debug-id
370f12e28d572
correlation-id
370f12e28d572
expires
Wed, 25 Dec 2024 06:39:22 GMT
traceparent
00-0000000000000000000370f12e28d572-ccb96b14e65cfa88-01
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
server-timing
"traceparent;desc="00-0000000000000000000370f12e28d572-bed94d66381a81b3-01"";content-encoding;desc="",x-cdn;desc="fastly"
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
image/gif
x-served-by
cache-bur-kbur8200069-BUR, cache-yul1970028-YUL
x-cache-hits
0, 0
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
max-age=0, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-timer
S1735108763.698490,VS0,VE113
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
us.svg
www.elfcosmetics.com/mobify/bundle/12898/static/img/flag-icons/ 		9 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/12898/static/img/flag-icons/us.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

x-amz-meta-deploy
964016
content-encoding
gzip
age
56119
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
S4m2XyMfp-lcmIhK4_lJWJwNXlQhnTTri9LbCTFhyyOwFCeLQFucpQ==
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
image/svg+xml
x-yottaa-optimizations
ob/1101 si/23D1cc02327d-1734717344-5045962484 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 eb0e559672da6f524cf68a461f930cc4.cloudfront.net (CloudFront)
x-amz-meta-bundle
12898
x-yottaa-metrics
2321cc8d59e5/[9,-,1735051849855] 23D1cc02327d/[hit]
access-control-allow-origin
*
content-length
676
x-amz-cf-pop
PHL50-C1
5013978.js
bat.bing.com/p/action/ 		363 B
422 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5013978.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
br
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 597905C01CB24EBB86A6027C0E22FCC2 Ref B: YMQ01EDGE0818 Ref C: 2024-12-25T06:39:22Z
x-cache
CONFIG_NOCACHE
date
Wed, 25 Dec 2024 06:39:21 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
collect
sgtm.elfcosmetics.com/g/ 		904 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4cc1v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=2088589287.1735108762&ecid=1720609689&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=782537416.1735108761&sst.etld=google.ca&sst.adr=1&sst.ude=0&sid=1735108762&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&_s=3&tfd=5016&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e8c96800d18c9bb2eeec360a8003e493e580a4ea7e9f0aa6338b6460ba797971
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
x-accel-buffering
no
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
text/plain
server
Google Frontend
widget.css
js.jebbit.com/companion/v1/ 		15 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:27c2:b000:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
69beb39687e8656561a843b13137c292498648b7f1ae665214eb292527cd436b

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-version-id
fgLtE0C.phC7FjS26Fxc9wt33wvWl9V5
etag
"c2b625a2843069c776e8a618c90b952a"
age
41494
via
1.1 0be89ec5b9fd1e7b2066b4e5e6c14da0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
15522
x-amz-cf-id
N01kZVCgEWi-Puox2LxJJJDrM_eg_lReV-83dg7BKxiRECtke_zL3g==
date
Tue, 24 Dec 2024 19:07:50 GMT
content-type
text/css
last-modified
Mon, 07 Oct 2024 17:19:22 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P4
x-amz-server-side-encryption
AES256
launcher_configs
external-api.jebbit.com/moments/v2/ 		2 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVsZi1jb3NtZXRpYy1jcmltaW5hbHM=&completedLightboxCampaigns=W10=&jebbitCookies=
Requested by
Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.213.38.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-213-38-112.compute-1.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

surrogate-control
no-store
etag
W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-content-type-options
nosniff
expires
0
date
Wed, 25 Dec 2024 06:39:23 GMT
content-type
application/json; charset=utf-8
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-dns-prefetch-control
off
pragma
no-cache
access-control-allow-credentials
true
x-download-options
noopen
access-control-allow-origin
https://www.elfcosmetics.com
content-length
2
x-xss-protection
1; mode=block
jsp
ut.rd.linksynergy.com/ 		148 B
404 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
d1b7436d57bbd56df91450d22a16d4fd6ddf96317161e3f452809f9aa72c1225
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
148
date
Wed, 25 Dec 2024 06:39:23 GMT
x-samesite
secure
content-type
text/plain; charset=utf-8
/
ct.pinterest.com/user/ 		321 B
749 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1735108763073&dep=2%2CPAGE_LOAD
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.7d8116bd.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Epik,Pin-Unauth
content-encoding
gzip
x-pinterest-rid-128bit
871ef3a67e491aac43af94cec8451a38
expires
Sat, 01 Jan 2000 00:00:00 GMT
date
Wed, 25 Dec 2024 06:39:23 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
no-cache,no-store,must-revalidate,max-age=0
pragma
no-cache
x-envoy-upstream-service-time
1
x-cdn
akamai
access-control-allow-credentials
true
referrer-policy
origin
pin-unauth
dWlkPVpUQmlOVGd3WlRVdFkyUXpOUzAwTm1aaExXRmlZVEl0WWpNME1ERm1ZamhqTkRNMA
pinterest-version
3d92257897107be8ea2c6613dcfb8dbea319fa46
access-control-allow-origin
https://www.elfcosmetics.com
content-length
186
akamai-grn
0.15dfda17.1735108763.de294e79
x-pinterest-rid
4877280537309682
/
ct.pinterest.com/user/ 		321 B
773 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22event_id%22%3A%221735109105411_173510964239520%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1735108763074&dep=5%2CEVENT_TAGS_ABSENT
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.7d8116bd.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Epik,Pin-Unauth
content-encoding
gzip
x-pinterest-rid-128bit
ce3c0225d5962b7d533dfb0c470088a2
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=604800
date
Wed, 25 Dec 2024 06:39:23 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
no-cache,no-store,must-revalidate,max-age=0
pragma
no-cache
x-envoy-upstream-service-time
0
x-cdn
akamai
access-control-allow-credentials
true
referrer-policy
origin
pin-unauth
dWlkPVptTmhNelV3WlRVdFlUQTNNaTAwTTJWakxXRTBNekV0TnpFek5XVmlOemsyTURZMw
pinterest-version
3d92257897107be8ea2c6613dcfb8dbea319fa46
access-control-allow-origin
https://www.elfcosmetics.com
content-length
186
akamai-grn
0.15dfda17.1735108763.de294e78
x-pinterest-rid
5998226308876765
products
www.elfcosmetics.com/api/en-us/v2.0/ 		2 MB
107 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/en-us/v2.0/products?ids=81588%2C57323%2C300200%2C83945%2C300234%2C300226%2C300061%2C300229%2C300243%2C300152%2C1810%2C57581&phash=f6feec4c2bd0b6ec&siteId=elf-us&locale=en-US&currency=USD
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/ Express
Resource Hash
e063d4b3802acd955a51f772a6b39d6e5d155d315780a5669ae79dd6b6706f55
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjM1ZjM4NGU1LTgyZTMtNDM3NS1iOGQzLTBjM2MyYjczOTM2NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzUxMDg3MzEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia1h0S2tYRVl4cnNSbWJoSmtXWVlrWEFaOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNTExMDU2MSwiaWF0IjoxNzM1MTA4NzYxLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzc4MzI2MjMzNDUzOTAxNCJ9.9dkCsv6X5UfLR216l1sxYx6XODz0Z8PfkwtbG1JDup7Z034A44-IMJWw4oUe2pUGdfZdANNMEYmMnZYAfcUWNw
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
clientid
982499-0-40048abc

Response headers

content-encoding
gzip
x-amzn-remapped-connection
keep-alive
etag
W/"191995-DL0e9Da/TJXcwibyYWfVK/4oQzw"
age
0
x-content-type-options
nosniff
x-amzn-requestid
7621827d-50d0-4791-93ae-0decc8582133
date
Wed, 25 Dec 2024 06:39:23 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/23D1cc02327d-1734717344-5046381983 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
x-amz-apigw-id
DVdIWHL7vHcEN0g=
x-amzn-remapped-date
Wed, 25 Dec 2024 06:39:23 GMT
x-amzn-trace-id
Root=1-676ba89b-73671d501f7a234a24d1f5c3
x-yottaa-metrics
2321cc8d59e9/[207,201,-] 23D1cc02327d/[-,209.704]
access-control-allow-origin
*
x-powered-by
Express
cnxtag-min.js
js.cnnx.link/roi/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2479:4400:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d5267085b5489f178aae1444e1367dbca2debc7c061d5ddd803a16711a19c93b

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
max-age=600
content-encoding
gzip
age
593
via
1.1 google, 1.1 f7f49dad2d783fde3adeef21381de800.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
TRyrtNwmACWf0x0bgtfNQqDbrdQ-tSGOH7Rc9tPK_jdY5S5QzAaJGA==
date
Wed, 25 Dec 2024 06:29:30 GMT
content-type
text/javascript;charset=UTF-8
vary
Accept-Encoding
x-amz-cf-pop
IAD61-P3
cds-pips.js
cdn.taboola.com/scripts/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/scripts/cds-pips.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bce4b47b8fc12de49fac0a00e9039e38aa568aba0ee9154b93d20465f0289cfa

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
"c52aa1ea682aef8ad5ebf7aff9662e35"
x-amz-version-id
uLMchp7BESXZGZqPSJ8.FcfKBYdWFxIf
age
2806
x-cache
HIT
date
Wed, 25 Dec 2024 06:39:23 GMT
last-modified
Sun, 29 Oct 2023 14:06:32 GMT
x-served-by
cache-yul1970034-YUL
x-cache-hits
1048
content-type
application/javascript
x-amz-id-2
fwEDCtkllCMn6kllIPxUajXk0BZ/ZCgnMAttfm0eFdYVlgsdTqS9BwHPi1QcBnv1uELS9qmw/YA=
vary
Accept-Encoding
x-amz-replication-status
COMPLETED
cache-control
private, max-age=3600
x-timer
S1735108764.756191,VS0,VE0
via
1.1 varnish
x-amz-request-id
0RY33TXR1A3MN2HH
accept-ranges
bytes
access-control-allow-origin
*
abp
8
content-length
1347
server
AmazonS3
x-amz-server-side-encryption
AES256
intentiq-gdpr.js
cdn.taboola.com/scripts/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/scripts/intentiq-gdpr.js?id=03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a&gdpr=false&daisybit=
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
027a54200aa2f21b6ad993545923c2d5b75d2a449766aed488362f5d7d044f1f

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
"722c9576856c54c09bd55f68f28c9da6"
x-amz-version-id
hEZPMWfJVj2vy62Pl7.iPXuP.AKWCfhw
age
0
x-cache
MISS
date
Wed, 25 Dec 2024 06:39:23 GMT
last-modified
Mon, 16 Dec 2024 15:59:44 GMT
x-served-by
cache-yul1970034-YUL
x-cache-hits
0
content-type
application/javascript
x-amz-id-2
/ZghX2cttvYEXzWQ/Uz8+Lve3VBHRlsSHYkQzVfTjeRAFtZk7Ad1ij2RZ+cdMnK3HCTqCh0Rrgc=
vary
Accept-Encoding
x-amz-replication-status
COMPLETED
cache-control
private,max-age=14400
x-timer
S1735108764.756205,VS0,VE48
via
1.1 varnish
x-amz-request-id
W6HNJA8A26KS8NYV
accept-ranges
bytes
access-control-allow-origin
*
abp
73
content-length
1667
server
AmazonS3
x-amz-server-side-encryption
AES256
eid.es5.js
cdn.taboola.com/scripts/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/scripts/eid.es5.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
12b5eaccd8a9d81a6a12512566d2b72aa7c100b4a261a08ee6aae4679a9e36b4

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
"2fdf3e79d5e851201a0d52a886453d8b"
x-amz-version-id
Bqo64Ai0BniIkPPSnUb8_cZLJGu.sClo
age
19521
x-cache
HIT
date
Wed, 25 Dec 2024 06:39:23 GMT
last-modified
Sun, 02 Apr 2023 13:09:57 GMT
x-served-by
cache-yul1970034-YUL
x-cache-hits
13090
content-type
application/javascript
x-amz-id-2
WAchz5zaz+NBvSuMowsJjS3lnELEXuM9PHK0d8/I/zgZHXlXWLA6W3soFqQcPTvYX1jMwgD3peA=
vary
Accept-Encoding
x-amz-replication-status
COMPLETED
cache-control
private,max-age=14400
x-timer
S1735108764.756213,VS0,VE0
via
1.1 varnish
x-amz-request-id
ZHEP7E15ZRXHQC2V
accept-ranges
bytes
access-control-allow-origin
*
abp
0
content-length
6467
server
AmazonS3
x-amz-server-side-encryption
AES256
identify_45dd5971.js
analytics.tiktok.com/i18n/pixel/static/ 		146 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_45dd5971.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.141 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-141.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
2adcf9fd70c1c834f4b13d732b66f4900cec9a6bbdc587b85dbc68cdd9a34be4

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-cache
TCP_MEM_HIT from a23-220-104-151.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
vary
Accept-Encoding
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=2
x-tt-trace-id
00-2411150502397366B6D33FC20AF00152-4482C89C78A0B499-00
content-length
39240
date
Wed, 25 Dec 2024 06:39:23 GMT
content-type
application/javascript; charset=UTF-8
x-tt-logid
202411150502397366B6D33FC20AF00152
server
nginx
x-akamai-request-id
8baac346
x-tt-trace-host
010e9fd4bb5c089565c4ad7ecc18c02e64d6eb0f37673373e4d6c987350ed1c448fe05300c228c9a484f6aa32801a8e06740ea973a2884a3cecef42349714eb3d62c423892703eaab9e2ddef870416c82979dcddbbf536ff0e11fb4ed7916fe48e
/
ct.pinterest.com/v3/ 		35 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%227d8116bd%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1735108763826
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.7d8116bd.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-pinterest-rid-128bit
9ac8456e3937f47f677000acc71920b8
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=604800
date
Wed, 25 Dec 2024 06:39:23 GMT
content-type
image/gif
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
no-cache,no-store,must-revalidate,max-age=0
pragma
no-cache
x-envoy-upstream-service-time
2
x-cdn
akamai
access-control-allow-credentials
true
referrer-policy
origin
quic-version
0x00000001
pinterest-version
3d92257897107be8ea2c6613dcfb8dbea319fa46
access-control-allow-origin
https://www.elfcosmetics.com
content-length
35
akamai-grn
0.05dfda17.1735108763.c8a86da8
x-pinterest-rid
7453458125372858
/
www.facebook.com/tr/ 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&rl=&if=false&ts=1735108763828&sw=1600&sh=1200&v=2.9.179&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1735108763083.1416958214091412&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1735108762486&coo=false&eid=1735109105411_173510964239520&tm=1&chmd=&chpv=&chfv=undefined&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=28, rtx=0, c=23, mss=1232, tbw=4518, tp=10, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 25 Dec 2024 06:39:23 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
198 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&rl=&if=false&ts=1735108763828&sw=1600&sh=1200&v=2.9.179&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1735108763083.1416958214091412&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1735108762486&coo=false&eid=1735109105411_173510964239520&tm=1&chmd=&chpv=&chfv=undefined&rqm=FGET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-iad3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xa230b3a6a6e8856b","source_keys":["1"]}],"aggregatable_values":{"1":10922},"aggregatable_source_registration_time":"exclude","filters":{"3":["1521466687872304"]},"debug_reporting":true,"debug_key":"3258419759014491333"}
date
Wed, 25 Dec 2024 06:39:23 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
2btFBwmgwek7yXQHov6UwYVBNdRb/ax9LpnpilcTUzPWHvP6diIoGGPTrWHiSkWZlDODWjZZEJr4zO3EbgAPlw==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=28, rtx=0, c=23, mss=1232, tbw=4886, tp=13, tpl=0, uplat=58, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
cross-origin-opener-policy-report-only
restrict-properties;report-to="coop_report"
x-xss-protection
0
origin-agent-cluster
?1
runtime_c81e76ee00d795b1eebf8d27949f8dc5.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		908 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_c81e76ee00d795b1eebf8d27949f8dc5.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
546e554a3c51ce180d022de9ff5506f14603b38d40ece9f2be43c88328358a52

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
br
x-goog-hash
crc32c=zwy9lg==, md5=HCxXU9+1dkCoulTxEZNLMA==
etag
"1c2c5753dfb57640a8ba54f111934b30"
age
180080
ad-auction-allowed
true
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
509
date
Mon, 23 Dec 2024 04:38:03 GMT
last-modified
Thu, 19 Dec 2024 20:55:33 GMT
content-type
text/javascript
x-guploader-uploadid
AFiumC7FCed2sK4qHOIK2GhXIi105nN68oNgW_P3MWCxctXFWsUsMaACC1bqRgPgSmURek57
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1734641733605837
content-length
509
server
UploadServer
0
bat.bing.com/action/ 		0
359 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=e4069ea5-4df8-4116-b5d4-f09200076f82&bo=1&sid=faa833c0c28a11ef970889aa59c4c8ed&vid=faa84ce0c28a11ef935dfd9c1dca10c3&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&p=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&r=&lt=3717&evt=pageLoad&sv=1&cdb=AQET&rn=567264
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, must-revalidate
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: EA34571ED5424832BFA032029A251A40 Ref B: YMQ01EDGE0818 Ref C: 2024-12-25T06:39:23Z
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Wed, 25 Dec 2024 06:39:22 GMT
anchor
www.google.com/recaptcha/api2/ Frame 58CC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcA2G4UAAAAAK-fHuRDYBsNQoJlqlDqQvrjGwQu&co=aHR0cHM6Ly93d3cuZWxmY29zbWV0aWNzLmNvbTo0NDM.&hl=en&type=image&v=zIriijn3uj5Vpknvt_LnfNbF&theme=light&size=invisible&badge=bottomright&cb=yqm7nwwx3yx3
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.103 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f103.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-xMcT8g63umXe5lEt4dBgmQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-xMcT8g63umXe5lEt4dBgmQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 25 Dec 2024 06:39:23 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
/
www.google.ca/pagead/1p-conversion/698270988/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/698270988/?random=1181221083&fst=1735108762907&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v912564011...
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1176875637&fst=1735108762907&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e...
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1176875637&fst=1735108762907&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z88966...
  • https://www.google.ca/pagead/1p-conversion/698270988/?random=1176875637&fst=1735108762907&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z889660...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-conversion/698270988/?random=1176875637&fst=1735108762907&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=538264627.1735108761&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067555~102067808~102081485~102198178&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAkosbm90LW5hdmlnYXRpb24tc291cmNlLCB0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI87SV7KfCigMV6BeICR2r-R_kMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JXQ2hBSWdOU3B1d1lRaWUyTzhOZW1wOUVxRWkwQXFvRS1GMkNDcllvZ0M0R0o3TlAzRGh3cll3ZzlQWGlONG5WMGJVTHlseGEwamlHTHFsc1Z0S1BHLVdn&is_vtc=1&cid=CAQSKQCa7L7de-2b_12xH7dRTd05hEu_Qv_DOmRJ1SQ0bGWVeAs_WqQJLDcX&eitems=ChEIgNSpuwYQzur4-f7d6rXoARIdANBGMnNZJ3RjlelyI59V3dGt-SVl0cp0bSFcg_M&random=4138076371&ipr=y
Protocol
H3
Server
74.125.192.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 25 Dec 2024 06:39:24 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
location
https://www.google.ca/pagead/1p-conversion/698270988/?random=1176875637&fst=1735108762907&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=538264627.1735108761&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067555~102067808~102081485~102198178&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAkosbm90LW5hdmlnYXRpb24tc291cmNlLCB0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI87SV7KfCigMV6BeICR2r-R_kMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JXQ2hBSWdOU3B1d1lRaWUyTzhOZW1wOUVxRWkwQXFvRS1GMkNDcllvZ0M0R0o3TlAzRGh3cll3ZzlQWGlONG5WMGJVTHlseGEwamlHTHFsc1Z0S1BHLVdn&is_vtc=1&cid=CAQSKQCa7L7de-2b_12xH7dRTd05hEu_Qv_DOmRJ1SQ0bGWVeAs_WqQJLDcX&eitems=ChEIgNSpuwYQzur4-f7d6rXoARIdANBGMnNZJ3RjlelyI59V3dGt-SVl0cp0bSFcg_M&random=4138076371&ipr=y
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 25 Dec 2024 06:39:24 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
pixel
analytics.tiktok.com/api/v2/ 		0
719 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWE1OTI4NzI4MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.141 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-141.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Wed, 25 Dec 2024 06:39:23 GMT
server-timing
inner; dur=17, cdn-cache; desc=MISS, edge; dur=11, origin; dur=21
x-cache
TCP_MISS from a23-220-104-151.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Wed, 25 Dec 2024 06:39:23 GMT
x-akamai-request-id
8baac57e
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943863d0509273ae6dfaf58e7f5a35970e48e0edc2750287b2f17b76df6a6ea7f5b212fb42f26521a3acca291a5b8124aafd0a64ffd36a12e3c05a4aca383c1698212cd30f8bd52f48eb0a8cb857261c72f16
x-origin-response-time
22,23.220.104.151
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-24122506392323C0D6783030C75FE546-5CF09DC61EB0B7D3-00
content-length
0
x-tt-logid
2024122506392323C0D6783030C75FE546
server
nginx
pixel
analytics.tiktok.com/api/v2/ 		0
720 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWE1OTI4NzI4MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.141 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-141.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Wed, 25 Dec 2024 06:39:23 GMT
server-timing
inner; dur=21, cdn-cache; desc=MISS, edge; dur=10, origin; dur=26
x-cache
TCP_MISS from a23-220-104-151.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Wed, 25 Dec 2024 06:39:23 GMT
x-akamai-request-id
8baac57f
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943863d0509273ae6dfaf58e7f5a35970e48ed9a10987d60285947e060aafc9963b07fdeb0fc07561e877d5e94c956e3425effa2bbc1fedab35ade355f782d1462f314646cc2fbf457f1bd3262461f74060f6
x-origin-response-time
26,23.220.104.151
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-241225063923BC4302C2CDC7E17AAE4A-5314B4104490B61C-00
content-length
0
x-tt-logid
20241225063923BC4302C2CDC7E17AAE4A
server
nginx
pixel
analytics.tiktok.com/api/v2/ 		0
719 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWE1OTI4NzI4MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.141 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-141.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Wed, 25 Dec 2024 06:39:23 GMT
server-timing
inner; dur=17, cdn-cache; desc=MISS, edge; dur=9, origin; dur=21
x-cache
TCP_MISS from a23-220-104-151.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Wed, 25 Dec 2024 06:39:23 GMT
x-akamai-request-id
8baac580
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943863d0509273ae6dfaf58e7f5a35970e48e227f386b5d99d5480c0dcf04f7d58cb6c6bfc96cad0e6ffcafa4dba70d5941d217472a7d920cab35c0832adad16dff586e63f8f87e62ebba8ccec5806de7c86a
x-origin-response-time
21,23.220.104.151
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-2412250639235F950BC642AE52D1BD78-2B21AD3B31C31526-00
content-length
0
x-tt-logid
202412250639235F950BC642AE52D1BD78
server
nginx
act
analytics.tiktok.com/api/v2/pixel/ 		0
720 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWE1OTI4NzI4MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.141 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-141.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Wed, 25 Dec 2024 06:39:24 GMT
server-timing
inner; dur=25, cdn-cache; desc=MISS, edge; dur=20, origin; dur=43
x-cache
TCP_MISS from a23-220-104-151.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Wed, 25 Dec 2024 06:39:24 GMT
x-akamai-request-id
8baac581
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943863d0509273ae6dfaf58e7f5a35970e48e38603f5334718627b7a41ba81e6431ed18f65574aace3ed4a6dad534f04bfbde5a81ec0b259392822be54c50df1989236bcc95217151a77d205298c6f8f9410d
x-origin-response-time
44,23.220.104.151
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-24122506392300BF11E26A9EA1C1AEBD-0E7AB88B63999C97-00
content-length
0
x-tt-logid
2024122506392300BF11E26A9EA1C1AEBD
server
nginx
act
analytics.tiktok.com/api/v2/pixel/ 		0
720 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWE1OTI4NzI4MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.141 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-141.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Wed, 25 Dec 2024 06:39:24 GMT
server-timing
inner; dur=29, cdn-cache; desc=MISS, edge; dur=41, origin; dur=32
x-cache
TCP_MISS from a23-220-104-151.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Wed, 25 Dec 2024 06:39:24 GMT
x-akamai-request-id
8baac582
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943863d0509273ae6dfaf58e7f5a35970e48e1f0d08e052a1ee18b115f4f03136ada43e155833ae716321310d22a13a8676a9ce7f580296c72673171534847d952648530f953283a7be8b02c61e0be86d8e48
x-origin-response-time
33,23.220.104.151
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-2412250639237BBFA0E747D7AE1CFF21-67E56A2781FD0D2B-00
content-length
0
x-tt-logid
202412250639237BBFA0E747D7AE1CFF21
server
nginx
act
analytics.tiktok.com/api/v2/pixel/ 		0
718 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWE1OTI4NzI4MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.141 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-141.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Wed, 25 Dec 2024 06:39:24 GMT
server-timing
inner; dur=22, cdn-cache; desc=MISS, edge; dur=9, origin; dur=26
x-cache
TCP_MISS from a23-220-104-151.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Wed, 25 Dec 2024 06:39:24 GMT
x-akamai-request-id
8baac5b8
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943863d0509273ae6dfaf58e7f5a35970e48eab8458fa4ceeea908acaf46261c0510d874f756ba0f565aa38943a885aa219929533bf6efb5c2e213eadda7bb122cf1fde253dd8f846a683055da8f5a59923ee
x-origin-response-time
26,23.220.104.151
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-241225063923C1EBC292372DAF7A6CA2-6B3006F158176B30-00
content-length
0
x-tt-logid
20241225063923C1EBC292372DAF7A6CA2
server
nginx
act
analytics.tiktok.com/api/v2/pixel/ 		0
721 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWE1OTI4NzI4MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.141 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-141.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Wed, 25 Dec 2024 06:39:24 GMT
server-timing
inner; dur=97, cdn-cache; desc=MISS, edge; dur=26, origin; dur=108
x-cache
TCP_MISS from a23-220-104-151.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Wed, 25 Dec 2024 06:39:24 GMT
x-akamai-request-id
8baac5b9
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943863d0509273ae6dfaf58e7f5a35970e48ea792ec4d9f276bd9882f22f50ac8c5c41dcf0bf3c83d14f44d9b76cee868d82cf592c0135723e8e190d12f93f884db08451539af1c3c828cc5d7d849cd1143f6
x-origin-response-time
110,23.220.104.151
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-241225063923A7D1E8F48502493AABFC-0EF0317E3212B08F-00
content-length
0
x-tt-logid
20241225063923A7D1E8F48502493AABFC
server
nginx
act
analytics.tiktok.com/api/v2/pixel/ 		0
718 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWE1OTI4NzI4MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.141 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-141.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Wed, 25 Dec 2024 06:39:24 GMT
server-timing
inner; dur=25, cdn-cache; desc=MISS, edge; dur=9, origin; dur=28
x-cache
TCP_MISS from a23-220-104-151.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Wed, 25 Dec 2024 06:39:24 GMT
x-akamai-request-id
8baac5ba
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943863d0509273ae6dfaf58e7f5a35970e48e0edc2750287b2f17b76df6a6ea7f5b2192727f38297bd6a543f2227e188153592e5b5a71f6b68538823dda153db153308ef1d266c0819a1eb10c75d72e245788
x-origin-response-time
29,23.220.104.151
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-241225063923C20A66C6FD91055F4615-19527CE960098751-00
content-length
0
x-tt-logid
20241225063923C20A66C6FD91055F4615
server
nginx
config
www8.eu.inside.chat/ 		231 B
719 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www8.eu.inside.chat/config?acc=IN-1011171&pid=&c1=OK&dev=2&url=https%3A%2F%2Fwww.elfcosmetics.com&sid=1&j=1
Requested by
Host: cdn8.eu.inside.chat
URL: https://cdn8.eu.inside.chat/ig.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f7b77746f0147deccbe5d0cfc5f51cd7770707706940120a1bdd4af00feaac1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
p3p
CP="insert_p3p_privacy_policy_here"
date
Wed, 25 Dec 2024 06:39:24 GMT
content-type
application/json; charset=UTF-8
last-modified
Sat, 01 Jan 2000 00:00:00 GMT
priority
u=1,i
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma
no-cache
access-control-allow-credentials
true
cf-ray
8f76d56f0a62ab22-YYZ
access-control-allow-origin
https://www.elfcosmetics.com
server
cloudflare
5a533f97-ebb8-4886-ba83-e5e0381f5511
https://www.elfcosmetics.com/ Frame 		0
0
/
ct.pinterest.com/v3/ 		35 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22event_id%22%3A%221735109105411_173510964239520%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1735108763937&dep=5%2CEVENT_TAGS_ABSENT&pd=%7B%22np%22%3A%22gtm%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%227d8116bd%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.7d8116bd.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-pinterest-rid-128bit
3fee96c364085e581df048bff475925f
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=604800
date
Wed, 25 Dec 2024 06:39:23 GMT
content-type
image/gif
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
no-cache,no-store,must-revalidate,max-age=0
pragma
no-cache
x-envoy-upstream-service-time
2
x-cdn
akamai
access-control-allow-credentials
true
referrer-policy
origin
quic-version
0x00000001
pinterest-version
3d92257897107be8ea2c6613dcfb8dbea319fa46
access-control-allow-origin
https://www.elfcosmetics.com
content-length
35
akamai-grn
0.05dfda17.1735108763.c8a86f2b
x-pinterest-rid
2157304210787766
/
pips.taboola.com/ 		4 B
114 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pips.taboola.com/
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-store
retry-after
0
access-control-allow-methods
GET
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
https://www.elfcosmetics.com
x-cache
HIT
content-length
4
date
Wed, 25 Dec 2024 06:39:24 GMT
x-served-by
cache-yul1970071-YUL
server
Varnish
x-cache-hits
0
IIQAgent-6.072.js
cdn.taboola.com/scripts/IIQAgent/ 		300 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/scripts/IIQAgent/IIQAgent-6.072.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6a6240fc70c4193e3497375940a96cd2580f7c13229bd18efef3f71299951ae7

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
"a9d8801864ac1ad758333aa3da0372e6"
x-amz-version-id
IlbO4mYRbuSOKCMNweG.knGiIswXwk5R
age
1046
x-cache
HIT
date
Wed, 25 Dec 2024 06:39:23 GMT
last-modified
Mon, 09 Dec 2024 09:05:00 GMT
x-served-by
cache-yul1970034-YUL
x-cache-hits
145
content-type
application/javascript
x-amz-id-2
QmbuWO50/d6zBZK6JlLfAVTcKu24XHBvR7EzzM4nguNZozJfHHrmRvhJ7pMWzAivMYp8CC/Vgek=
vary
Accept-Encoding
x-amz-replication-status
COMPLETED
cache-control
private,max-age=14400
x-timer
S1735108764.975392,VS0,VE0
via
1.1 varnish
x-amz-request-id
J79BDREF2M012MPM
accept-ranges
bytes
access-control-allow-origin
*
abp
48
content-length
85928
server
AmazonS3
x-amz-server-side-encryption
AES256
PWA-UpdateSession
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/ 		56 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6

Request headers

c_x-pwa-request
true
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

content-encoding
gzip
x-dw-request-base-id
lUq4eZuoa2cBAAB_
cf-cache-status
DYNAMIC
age
0
expires
Thu, 01 Dec 1994 16:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
QusZLBVDsWYafsm6wpRcCdtww8wziwmbHkWGn0csbN_AuilQSbwZ6A==
date
Wed, 25 Dec 2024 06:39:24 GMT
content-type
application/json
x-yottaa-optimizations
ob/1000 si/23D1cc02327d-1734717344-5046381987 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 fadedfea448fa31cb8aba15ba1b05064.cloudfront.net (CloudFront)
cf-ray
8f76d56f2b79878c-IAD
x-yottaa-metrics
23214047a113/[221,217,-] 23D1cc02327d/[-,223.626]
access-control-allow-origin
*
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
x-amz-cf-pop
PHL50-C1
main-v2_ebe451a946893ac92b8458b147333165.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		528 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_ebe451a946893ac92b8458b147333165.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4c225989448788e7394a256c85ac33a9b701e5a69cb7d0a9a0b2ec158b4382e1

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
br
x-goog-hash
crc32c=ujPWoQ==, md5=RPwsRHVobfECm1Ueff9vSA==
etag
"44fc2c4475686df1029b551e7dff6f48"
age
15628
ad-auction-allowed
true
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
117007
date
Wed, 25 Dec 2024 02:18:56 GMT
last-modified
Mon, 23 Dec 2024 18:18:30 GMT
content-type
text/javascript
x-guploader-uploadid
AFiumC6fAOBmLtlzduqXhrpXAKRqruny7vPC-Zt9VksT0OfFDiDzKGF0caRUfkfCpyWvk2WbpH5NGe8
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1734977910879279
content-length
117007
server
UploadServer
cjs_min_6ef1802500d8367a80105e664862d0d7.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		49 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_6ef1802500d8367a80105e664862d0d7.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
56aea4e78cf1538541603e3c8f14b15dfc9bfee27cadb946f8b3017ebe8abe3b

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
gzip
x-goog-hash
crc32c=6P9MLA==, md5=6BERCLAZEJG3E4hTDg5sSQ==
etag
"e8111108b0191091b71388530e0e6c49"
age
69661
ad-auction-allowed
true
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
15758
date
Tue, 24 Dec 2024 11:18:23 GMT
last-modified
Wed, 06 Nov 2024 14:57:41 GMT
content-type
text/javascript; charset=utf-8
x-guploader-uploadid
AFiumC6oZx1Bgcc7hsP9qNJm9hcK9qGqcEyeKjPSvAv5em0-u20SMl3PGsZpv--xMjddU54u10Kbr10
cache-control
public,max-age=31536000,no-transform
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1730905061873049
content-length
15758
server
UploadServer
unip
trc.taboola.com/1691051/log/3/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/1691051/log/3/unip?ce=ecomm&en=CATEGORY_VIEW&ref=null&item-url=https%253A%252F%252Fwww.elfcosmetics.com%252Felf-cosmetic-criminals&data=%257B%2522productIds%2522%253A%25221810%2522%252C%2522category%2522%253A%2522brushes%2522%252C%2522timestamp%2522%253A%252224%252F12%252F2024%2522%252C%2522eventType%2522%253A%2522CATEGORY_VIEW%2522%257D&cnxclid=undefined&tim=1735108764516&vi=1735108762495&ri=664baee880a146bb85d37c42f0016dd3&sd=v2_f068286cd8177c41071c00ceac495c20_03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a_1735108762_1735108762_CNawjgYQq5tnGP-2quS_MiABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABo9LvJ5PG7o8RccAGAAQA&ui=03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a&cv=20241218-12-RELEASE&tos=2012&ssd=1&scd=0&cbp=OneTrust&cbpv=1&cbcd=%2C1%2C2%2C3%2C4%2C5%2C&it=JS_PIXEL&psb=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-origin
https://www.elfcosmetics.com
allow
GET, HEAD, POST, TRACE, OPTIONS
content-length
0
date
Wed, 25 Dec 2024 06:39:24 GMT
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
server
nginx
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-fastly-to-nlb-rtt
21342
x-served-by
cache-yul1970071-YUL
x-service-version
v1
x-timer
S1735108765.526974,VS0,VE22
x-vcl-time-ms
22
unip
trc.taboola.com/1691051/log/3/ 		0
583 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/1691051/log/3/unip?ce=ecomm&en=CATEGORY_VIEW&ref=null&item-url=https%253A%252F%252Fwww.elfcosmetics.com%252Felf-cosmetic-criminals&data=%257B%2522productIds%2522%253A%25221810%2522%252C%2522category%2522%253A%2522brushes%2522%252C%2522timestamp%2522%253A%252224%252F12%252F2024%2522%252C%2522eventType%2522%253A%2522CATEGORY_VIEW%2522%257D&cnxclid=undefined&tim=1735108764516&vi=1735108762495&ri=664baee880a146bb85d37c42f0016dd3&sd=v2_f068286cd8177c41071c00ceac495c20_03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a_1735108762_1735108762_CNawjgYQq5tnGP-2quS_MiABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABo9LvJ5PG7o8RccAGAAQA&ui=03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a&cv=20241218-12-RELEASE&tos=2012&ssd=1&scd=0&cbp=OneTrust&cbpv=1&cbcd=%2C1%2C2%2C3%2C4%2C5%2C&it=JS_PIXEL&psb=true
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1691051/tfa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Attribution-Reporting-Eligible
trigger
Referer
https://www.elfcosmetics.com/

Response headers

x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
date
Wed, 25 Dec 2024 06:39:24 GMT
content-type
image/gif
x-served-by
cache-yul1970034-YUL
x-cache-hits
0
cache-control
no-cache
x-fastly-to-nlb-rtt
21234
pragma
no-cache
x-timer
S1735108765.566698,VS0,VE24
x-vcl-time-ms
24
access-control-allow-credentials
true
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
https://www.elfcosmetics.com
x-service-version
v1
server
nginx
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je4cc1v879088318z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=2088589287.1735108762&ul=en-ca&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=MA&_s=2&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sid=1735108762&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&tfd=6787
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
173.194.205.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qm-in-f102.1e100.net
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.elfcosmetics.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:24 GMT
content-type
text/plain
server
Golfe2
event
www.elfcosmetics.com/api/en-us/v2.0/ 		105 B
675 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/en-us/v2.0/event?locale=en-US
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/ Express
Resource Hash
c8e389d2665b0d2e2fb7ca53c4663e91c8bacadae16640c30cc66a2ec323b0d1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
application/json
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

content-encoding
gzip
x-amzn-remapped-connection
keep-alive
etag
W/"69-/yDZ4S7bM18b4/ZvlB//E7uWTO0"
age
0
x-content-type-options
nosniff
x-amzn-requestid
8f628f48-670a-4b1d-b213-3f57d223320c
date
Wed, 25 Dec 2024 06:39:24 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/23D1cc02327d-1734717344-5046381993 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
x-amz-apigw-id
DVdIiHOGPHcEAEg=
x-amzn-remapped-date
Wed, 25 Dec 2024 06:39:24 GMT
x-amzn-trace-id
Root=1-676ba89c-4dbd8ffc54b85c004c658edd
x-yottaa-metrics
23214047a164/[219,214,-] 23D1cc02327d/[-,222.303]
access-control-allow-origin
*
content-length
110
x-powered-by
Express
staffPicks-white
cdn.media.amplience.net/i/elfcosmetics/ 		656 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/staffPicks-white?%24Desktop%24=&fmt=auto&w=22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b02a020f88f0cd42fad80078f958d9a87a2f83cee756d5fb426a40bc9823da92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
age
23057
x-amp-source-width
112
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:24 GMT
edge-control
max-age=86400
content-type
image/avif
last-modified
Tue, 24 Dec 2024 12:26:48 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
L4yuHL3IH,l4p5bDg2e,mF-g78ke7,4MizThq0Q,WepA0szpz
cache-control
s-maxage=86400, max-age=1800
x-req-id
z39YGaffQv
x-amp-source-height
96
x-amp-cf-worker
true
cf-ray
8f76d5730a75a25a-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
656
x-amp-published
Thu, 09 Nov 2023 14:42:35 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
new-9FAEE5
cdn.media.amplience.net/i/elfcosmetics/ 		722 B
911 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/new-9FAEE5?%24Desktop%24=&fmt=auto&w=22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8df9e9875419d2c0d1bc8af23e63949a7e20b1ff5cd2f57c7958fc65a7be8b56
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
age
46789
x-amp-source-width
112
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:24 GMT
edge-control
max-age=86400
content-type
image/avif
last-modified
Tue, 24 Dec 2024 09:57:00 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
oKdLC1Xh7,l4p5bDg2e,mF-g78ke7,tJjh4FgGa,WepA0szpz
cache-control
s-maxage=86400, max-age=1800
x-req-id
v9vJMyEqlX
x-amp-source-height
96
x-amp-cf-worker
true
cf-ray
8f76d5730a76a25a-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
722
x-amp-published
Thu, 30 May 2024 19:09:02 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
badge-Elite-Daily_EP_2019_final
cdn.media.amplience.net/i/elfcosmetics/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/badge-Elite-Daily_EP_2019_final?%24Desktop%24=&fmt=auto&w=70
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b275b973b3ef66906426da75d690fb9471cf6c1b7f15b5603b62bfb8e228ba63
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
age
10832
x-amp-source-width
200
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:24 GMT
edge-control
max-age=86400
content-type
image/avif
last-modified
Wed, 25 Dec 2024 02:32:39 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
RSWuNb45L,l4p5bDg2e,mF-g78ke7,YdhJo_Rl1,WepA0szpz
cache-control
s-maxage=86400, max-age=1800
x-req-id
QnIb9pHRff
x-amp-source-height
200
x-amp-cf-worker
true
cf-ray
8f76d5731a77a25a-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
1860
x-amp-published
Sun, 10 Sep 2023 03:35:24 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
holyGrail-FFAE62
cdn.media.amplience.net/i/elfcosmetics/ 		735 B
912 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/holyGrail-FFAE62?%24Desktop%24=&fmt=auto&w=22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c78f8435e7b99d460a79994b0ff71a74985547ce2991a67559831f3ed143b0e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
age
47870
x-amp-source-width
112
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Wed, 25 Dec 2024 06:39:24 GMT
edge-control
max-age=86400
content-type
image/avif
last-modified
Mon, 23 Dec 2024 22:16:33 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
CfmLrxQp5,l4p5bDg2e,mF-g78ke7,41UJNF_BE,WepA0szpz
cache-control
s-maxage=86400, max-age=1800
x-req-id
hR-PZwFgIR
x-amp-source-height
96
x-amp-cf-worker
true
cf-ray
8f76d5731a78a25a-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
735
x-amp-published
Wed, 08 Nov 2023 14:59:25 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
81588_Open_B_0005_Product_Master_V4_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw1f692fb8/2023/LashXtndrMascara/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw1f692fb8/2023/LashXtndrMascara/81588_Open_B_0005_Product_Master_V4_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b6256a23d20660dd818c16474cef2f1a10a0404702b8983335f26c4bfd926a7b

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

cf-cache-status
MISS
age
4028982
x-cache
Miss from cloudfront
x-amz-cf-id
lWS2IA1WhczNCuU6uiso6KoyLgAeVFXQEbWIiObjT01Hp9qBME3N8Q==
date
Wed, 25 Dec 2024 06:39:24 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Sun, 29 Dec 2024 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/23D1cc02327d-1730834774-693715467 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 48b970169016f7185b7cff9e185ee0b2.cloudfront.net (CloudFront)
cf-ray
8df690f2cdf49c67-IAD
x-yottaa-metrics
23214047a16e/[8,-,1731079427133] 23D1cc02327d/[hit]
access-control-allow-origin
*
content-length
4216
x-amz-cf-pop
IAD50-C2
x-amz-server-side-encryption
AES256
57323_Closed_V2_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw16dfd274/2024/YouthBoostingBluetySleepNightOil/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw16dfd274/2024/YouthBoostingBluetySleepNightOil/57323_Closed_V2_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
7f96305f2b3644eb5433cde8741e1385420bff850a333a6522f18157d05e3c20

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
4027216
x-amz-storage-class
INTELLIGENT_TIERING
x-cache
Hit from cloudfront
x-amz-cf-id
o-SJkgtphs1-V8TMHH5DymMIBSIw8K4h6nXTwhhW3tdFB35qKl-9cQ==
date
Wed, 25 Dec 2024 06:39:24 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Sun, 29 Jun 2025 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/23D1cc02327d-1730834774-693726533 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 160fabe63b184f045d53075e6c659156.cloudfront.net (CloudFront)
cf-ray
8df6913f1a9c1ffa-IAD
x-yottaa-metrics
23214047a145/[6,-,1731079439268] 23D1cc02327d/[hit]
access-control-allow-origin
*
content-length
3157
x-amz-cf-pop
ORD53-C1
x-amz-server-side-encryption
AES256
81683_OpenA_R_Final.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw4d62e127/2021/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw4d62e127/2021/81683_OpenA_R_Final.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
25e01968137675b5d89773ef5575463c864d91805d5457031d80be7e8f17bd7d

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

cf-cache-status
HIT
age
4027812
x-cache
Hit from cloudfront
x-amz-cf-id
ux1LW8ecVxoNN74VbuaIu13p-ILsV5sKe1fu_Kn-CPm6Ta9WlnUfRQ==
date
Wed, 25 Dec 2024 06:39:24 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Tue, 10 Dec 2024 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/11 si/23D1cc02327d-1730834774-693722830 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 ec8b1bfbf511818c606f196b49f871e2.cloudfront.net (CloudFront)
cf-ray
8df692565989e646-IAD
x-yottaa-metrics
2321cc8d59df/[4,-,1731079483910] 23D1cc02327d/[hit]
access-control-allow-origin
*
content-length
3524
x-amz-cf-pop
IAD50-C2
x-amz-server-side-encryption
AES256
83945_OPENA_v3_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dwafd549a9/2024/PowerGripMatte/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dwafd549a9/2024/PowerGripMatte/83945_OPENA_v3_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
3f007217f4ab512c055cc4948a09770bb524c1479007851fe53b4fa737948e2d

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
1066034
x-amzn-requestid
00bf854c-b198-4854-a958-6b7374f29b4d
x-cache
Hit from cloudfront
x-amz-cf-id
sjptC58l9Z0oRewOR9uXltmb1t6s97z6UBlPQRpB9ldNVK-zxnMekg==
date
Wed, 25 Dec 2024 06:39:24 GMT
content-type
image/jpeg
x-yottaa-optimizations
ob/101 si/23D1cc02327d-1733930865-6324075455 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
x-amz-apigw-id
Co1PLEkVIAMEr6g=
x-amzn-trace-id
Root=1-6759cf2d-7b0412d95c5f68ac0b202d13;Parent=427bd627c9d02973;Sampled=0;Lineage=1:36621fcf:0
via
1.1 a3a9d9dc09f698a2485ca5e0e7f288a6.cloudfront.net (CloudFront)
cf-ray
8f10b8c0284420a8-IAD
x-yottaa-metrics
23214047a169/[8,-,1734038041706] 23D1cc02327d/[hit]
access-control-allow-origin
*
content-length
3929
x-amz-cf-pop
ORD53-C1
84641_OPENA_v4_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw81e17a61/2024/CamoLiquidBLUSHExt/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw81e17a61/2024/CamoLiquidBLUSHExt/84641_OPENA_v4_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
f89ecfe895e92414e7dc009d8c1eb6c3a642307fa86f9c8ff2f498368ae73df6

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
4029281
x-amz-storage-class
INTELLIGENT_TIERING
x-cache
Miss from cloudfront
x-amz-cf-id
d4BvyYYOkSAQI2YnRytV8E7XkZyyM98QSrsDPwTXYGYqP6t7XHx5mw==
date
Wed, 25 Dec 2024 06:39:24 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Tue, 18 Nov 2025 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/23D1cc02327d-1730834774-693713014 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 165ed32c12154887fba331169c8022ee.cloudfront.net (CloudFront)
cf-ray
8df690f2b9c2e604-IAD
x-yottaa-metrics
23214047a161/[7,-,1731079427025] 23D1cc02327d/[hit]
access-control-allow-origin
*
content-length
3216
x-amz-cf-pop
IAD50-C2
x-amz-server-side-encryption
AES256
83475_OpenA_0553_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dwe3b8de9c/2023/LipExfoliator/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dwe3b8de9c/2023/LipExfoliator/83475_OpenA_0553_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
6128f856855a4c1f3a0ff77ee2a342fc948d930c71bb56a9d3654645f20af06c

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
4027079
x-cache
Miss from cloudfront
x-amz-cf-id
rL15ece782OELy91RQxt35HNrXnbAbdJTU5QY7XXYpmlJ3lpsQXEng==
date
Wed, 25 Dec 2024 06:39:24 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Mon, 09 Dec 2024 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/23D1cc02327d-1730834774-693727768 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 464c3d2803561ea08b1d849bfc8b5c86.cloudfront.net (CloudFront)
cf-ray
8df691d65a3e81c7-IAD
x-yottaa-metrics
2321cc8d59e5/[7,-,1731079463447] 23D1cc02327d/[hit]
access-control-allow-origin
*
content-length
2850
x-amz-cf-pop
ORD53-C1
x-amz-server-side-encryption
AES256
/
cds.taboola.com/ 		0
82 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cds.taboola.com/?uid=03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a&mbl=ZmFsc2U=
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.32 , United States, ASN200478 (TABOOLA-AS Taboola.com ltd, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-origin
*
cache-control
no-store
date
Wed, 25 Dec 2024 06:39:24 GMT
server
nginx
act
analytics.tiktok.com/api/v2/pixel/ 		0
722 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWE1OTI4NzI4MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.141 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-141.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Wed, 25 Dec 2024 06:39:24 GMT
server-timing
inner; dur=21, cdn-cache; desc=MISS, edge; dur=11, origin; dur=26
x-cache
TCP_MISS from a23-220-104-151.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Wed, 25 Dec 2024 06:39:24 GMT
x-akamai-request-id
8baad623
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943863d0509273ae6dfaf58e7f5a35970e48e4f2161b36de0fd0795fac17e0def8294032642a317f2d0c40add37d25afee8a93bf1c9ba70136b99242fd248d88c052aef154b44dd87905c52b4a08d86052388
x-origin-response-time
26,23.220.104.151
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-2412250639243C84AC4BBED76EFD1756-6F1E5F8C0E1785A2-00
content-length
0
x-tt-logid
202412250639243C84AC4BBED76EFD1756
server
nginx
token_create.js
ct.pinterest.com/static/ct/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/static/ct/token_create.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
85ab852bfb2016bce3933a1c7107b1bce807179f46364db291ab1f86b89addbb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
max-age=7200
content-encoding
gzip
etag
"6d0ca67bea866259c359c2d1e93bf622"
x-cdn
akamai
quic-version
0x00000001
alt-svc
h3=":443"; ma=604800
content-length
2092
date
Wed, 25 Dec 2024 06:39:24 GMT
akamai-grn
0.05dfda17.1735108764.c8a87a0f
content-type
application/javascript
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
ct.html
ct.pinterest.com/ Frame CBEC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/ct.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

akamai-grn
0.15dfda17.1735108764.de2970f8
alt-svc
h3=":443"; ma=604800
cache-control
max-age=86400
content-encoding
gzip
content-length
323
content-type
text/html; charset=utf-8
date
Wed, 25 Dec 2024 06:39:24 GMT
pinterest-version
3d92257897107be8ea2c6613dcfb8dbea319fa46
referrer-policy
origin
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-cdn
akamai
x-envoy-upstream-service-time
0
x-pinterest-rid
5944308361774733
x-pinterest-rid-128bit
a157f521f2d9b865527e6cf5f2f797c6
heap_config.js
cdn.us.heap-api.com/config/1042782804/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.us.heap-api.com/config/1042782804/heap_config.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-103-75.iad61.r.cloudfront.net
Software
nginx / Express
Resource Hash
145b6536261490a3596321cd3c1018019dfa2bf0b2ea1cf93102d62c6bcdfaaa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
W/"4b9-qBnRNqbCCHyoP3Fnv6+2CqKIT1s"
age
8
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
oliuQQd_g5RMLkTUD-ePi8tawqHft5mY5hLmoF3Hr4LDuvFDS4DV0g==
date
Wed, 25 Dec 2024 06:39:24 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public, max-age=120
cross-origin-resource-policy
cross-origin
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD61-P1
x-powered-by
Express
server
nginx
unip
trc-events.taboola.com/1691051/log/3/ 		0
525 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc-events.taboola.com/1691051/log/3/unip?en=pre_d_eng_tb&tos=2168&scd=0&ssd=1&est=1735108762503&ver=36&isls=true&src=i&invt=1500&msa=6448&rv=1&tim=1735108764672&vi=1735108762495&ri=664baee880a146bb85d37c42f0016dd3&sd=v2_f068286cd8177c41071c00ceac495c20_03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a_1735108762_1735108762_CNawjgYQq5tnGP-2quS_MiABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABo9LvJ5PG7o8RccAGAAQA&ui=03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a&ref=null&cv=20241218-12-RELEASE&item-url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&cbp=OneTrust&cbpv=1&cbcd=%2C1%2C2%2C3%2C4%2C5%2C&it=JS_PIXEL
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1691051/tfa.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS Taboola.com ltd, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Attribution-Reporting-Eligible
trigger
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
date
Wed, 25 Dec 2024 06:39:24 GMT
pragma
no-cache
server
nginx
access-control-allow-credentials
true
unip
trc-events.taboola.com/1691051/log/3/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://trc-events.taboola.com/1691051/log/3/unip?en=pre_d_eng_tb&tos=2168&scd=0&ssd=1&est=1735108762503&ver=36&isls=true&src=i&invt=1500&msa=6448&rv=1&tim=1735108764672&vi=1735108762495&ri=664baee880a146bb85d37c42f0016dd3&sd=v2_f068286cd8177c41071c00ceac495c20_03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a_1735108762_1735108762_CNawjgYQq5tnGP-2quS_MiABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABo9LvJ5PG7o8RccAGAAQA&ui=03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a&ref=null&cv=20241218-12-RELEASE&item-url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&cbp=OneTrust&cbpv=1&cbcd=%2C1%2C2%2C3%2C4%2C5%2C&it=JS_PIXEL
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS Taboola.com ltd, IL),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-origin
https://www.elfcosmetics.com
allow
GET, HEAD, POST, TRACE, OPTIONS
content-length
0
date
Wed, 25 Dec 2024 06:39:24 GMT
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
server
nginx
inbox-v2_75060a85c1a4aebcc6f779b9e84db722.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_75060a85c1a4aebcc6f779b9e84db722.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
183ae143a7f66c133f3948bdf61a0a9f97eb326be7de5947c1f19b93f3b9db24

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
br
x-goog-hash
crc32c=df/Fww==, md5=CihY9k4bsokmzU8kBOwKQw==
etag
"0a2858f64e1bb28926cd4f2404ec0a43"
age
148954
ad-auction-allowed
true
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
5475
date
Mon, 23 Dec 2024 13:16:50 GMT
last-modified
Thu, 19 Dec 2024 20:55:14 GMT
content-type
text/javascript
x-guploader-uploadid
AFiumC40j9OnNhYKwWjZhNM1Ud36MXsfsFxOnAjOQHo1EF2IgofZsgn8Y0JLDa9XerU5FC4tRT8Xb6s
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1734641714494708
content-length
5475
server
UploadServer
sms-v2_e39203556bab2366e56296ce42e974a7.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/sms-v2_e39203556bab2366e56296ce42e974a7.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
c9f83027cf2e267d24b2cfe366bc6664841765f0aaf362faf0156bccdce42355

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
br
x-goog-hash
crc32c=ikqFlg==, md5=aEuBb/f6hVJqtLcp+18MkQ==
etag
"684b816ff7fa85526ab4b729fb5f0c91"
age
168252
ad-auction-allowed
true
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
1303
date
Mon, 23 Dec 2024 07:55:12 GMT
last-modified
Thu, 19 Dec 2024 20:55:36 GMT
content-type
text/javascript
x-guploader-uploadid
AFiumC7ugqAAyjZGGkRIxhrYZLe26cDtM3x2vEv6uT1gWjj-z0jpH9L2VvZZaZg0p8eyBUlE
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1734641736365639
content-length
1303
server
UploadServer
onsite-v2_abbdf7a49be9b52b097917b7b527b262.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_abbdf7a49be9b52b097917b7b527b262.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
a8b68b46f44aac34f59d2926e8db6bdae4bc3b7fe3aad60948e97f428b087531

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
br
x-goog-hash
crc32c=YWhgXQ==, md5=E+t6bCqMhb3KnLqECwDbLA==
etag
"13eb7a6c2a8c85bdca9cba840b00db2c"
age
42878
ad-auction-allowed
true
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
5039
date
Tue, 24 Dec 2024 18:44:46 GMT
last-modified
Mon, 23 Dec 2024 18:18:36 GMT
content-type
text/javascript
x-guploader-uploadid
AFiumC4zs9mR3DmGayWGzZWvuoLKlQa_RtpWhSOEY3k2jkpBs0HAnRCU0eTLrSzZFtiszubZ
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1734977916309988
content-length
5039
server
UploadServer
/
data.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_6ef1802500d8367a80105e664862d0d7.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.157.115 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
115.157.149.34.bc.googleusercontent.com
Software
/
Resource Hash
657eda1b44ac53f15bfa8bbc9d70db4bf9549cd2d9facadf250b2ed9784a9e8d

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
keep-alive
Expires
0
Access-Control-Allow-Origin
*
Date
Wed, 25 Dec 2024 06:39:24 GMT
Content-Type
application/json
Access-Control-Allow-Headers
Origin, Content-Type, Accept
/
page.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://page.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_6ef1802500d8367a80105e664862d0d7.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.105 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
105.112.201.35.bc.googleusercontent.com
Software
/
Resource Hash
7dfd49da85f27253b8292acfff370e2db77f1f8ce38e96bde8c84534140df097

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
keep-alive
Expires
0
Access-Control-Allow-Origin
*
Date
Wed, 25 Dec 2024 06:39:24 GMT
Content-Type
application/json
Access-Control-Allow-Headers
Origin, Content-Type, Accept
/
view.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://view.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_6ef1802500d8367a80105e664862d0d7.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.120.126.172 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
172.126.120.34.bc.googleusercontent.com
Software
/
Resource Hash
19bba2072525e746a5bf5bfc23d985f91eacfd203af7ed0aa224497768d28bb0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
keep-alive
Expires
0
Access-Control-Allow-Origin
*
Date
Wed, 25 Dec 2024 06:39:24 GMT
Content-Type
application/json
Access-Control-Allow-Headers
Origin, Content-Type, Accept
ProfilesEngineServlet
syncv4.intentiq.com/profiles_engine/
Redirect Chain
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=359446293&iiqidtype=2&iiqpcid=e73872ec-2524-e2c5-8fb3-2b819405a1f0&iiqpciddate=1735108764687&tsrnd=354_17351...
  • https://syncv4.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=359446293&iiqidtype=2&iiqpcid=e73872ec-2524-e2c5-8fb3-2b819405a1f0&iiqpciddate=1735108764687&tsrnd=354_173...
  • https://syncv4.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=359446293&iiqidtype=2&iiqpcid=e73872ec-2524-e2c5-8fb3-2b819405a1f0&iiqpciddate=1735108764687&tsrnd=354_173...
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syncv4.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=359446293&iiqidtype=2&iiqpcid=e73872ec-2524-e2c5-8fb3-2b819405a1f0&iiqpciddate=1735108764687&tsrnd=354_1735108764792&pcid=03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a&idtype=0&vrref=www.elfcosmetics.com&jsver=6.072&dw=1600&dh=1200&dpr=1&lan=en-CA&testPercentage=100&testGroup=A&uh=%7B%220%22%3A%22%22%2C%221%22%3A%22%3F0%22%2C%227%22%3A%22%3F0%22%2C%228%22%3A%22%22%7D&gdpr=&ripv6=2607:5300:60:7867::13&ckls=true&ci=Z5q6J2qBTs&nc=false&trid=1243591788
Protocol
H2
Server
52.85.132.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-132-4.iad50.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 16f689172b396b7e266a396b6b5d6754.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Wed, 25 Dec 2024 06:39:25 GMT
content-type
image/gif
x-amz-cf-pop
IAD50-C2
x-amz-cf-id
wIcK2CkpFUcCQ19CchQFJhecjXdQdrn-4umGLeroa9SHrd6V6cDTBg==

Redirect headers

patent
https://www.almondnet.com/ip
cache-control
no-cache, no-store, must-revalidate
location
https://syncv4.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=359446293&iiqidtype=2&iiqpcid=e73872ec-2524-e2c5-8fb3-2b819405a1f0&iiqpciddate=1735108764687&tsrnd=354_1735108764792&pcid=03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a&idtype=0&vrref=www.elfcosmetics.com&jsver=6.072&dw=1600&dh=1200&dpr=1&lan=en-CA&testPercentage=100&testGroup=A&uh=%7B%220%22%3A%22%22%2C%221%22%3A%22%3F0%22%2C%227%22%3A%22%3F0%22%2C%228%22%3A%22%22%7D&gdpr=&ripv6=2607:5300:60:7867::13&ckls=true&ci=Z5q6J2qBTs&nc=false&trid=1243591788
pragma
no-cache
via
1.1 16f689172b396b7e266a396b6b5d6754.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Wed, 25 Dec 2024 06:39:25 GMT
content-type
image/gif
x-amz-cf-pop
IAD50-C2
x-amz-cf-id
cIZ4hpChrgOFX4FORx7Y2sK2Xto95SPcqv36Hu8xB4NCRXFDEhWNug==
cf
www8.eu.inside.chat/page/ 		172 B
452 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www8.eu.inside.chat/page/cf?_=1735108764654.9878
Requested by
Host: cdn8.eu.inside.chat
URL: https://cdn8.eu.inside.chat/ig.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6c3044cac89443573246ae5f86c231cb7c2c02b278792b12bb9db64ae986ea9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 25 Dec 2024 06:39:24 GMT
content-type
application/json
last-modified
Sat, 01 Jan 2000 00:00:00 GMT
vary
Accept-Encoding
priority
u=1,i
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma
no-cache
access-control-allow-credentials
true
cf-ray
8f76d5740cc2ab22-YYZ
access-control-allow-origin
https://www.elfcosmetics.com
server
cloudflare
shoppercontext
www.elfcosmetics.com/api/v1/ 		133 B
910 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us&method=PATCH
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12898/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
235082e9c3ffbe90f1e2586931b7402ac5949e20833ea4661a2974e78e369a22
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjM1ZjM4NGU1LTgyZTMtNDM3NS1iOGQzLTBjM2MyYjczOTM2NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzUxMDg3MzEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia1h0S2tYRVl4cnNSbWJoSmtXWVlrWEFaOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNTExMDU2MSwiaWF0IjoxNzM1MTA4NzYxLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzc4MzI2MjMzNDUzOTAxNCJ9.9dkCsv6X5UfLR216l1sxYx6XODz0Z8PfkwtbG1JDup7Z034A44-IMJWw4oUe2pUGdfZdANNMEYmMnZYAfcUWNw
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
application/json

Response headers

x-amzn-remapped-content-length
133
content-encoding
gzip
x-amzn-remapped-connection
close
etag
W/"85-EWkzZ053fC5Tly5uv8S8MVAqA3A"
age
0
x-amzn-requestid
d3b80525-99ed-4c7b-9f94-59031e6cdf55
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
M3E2HDdrXZ4IRDBT83rDcVOQJOFktFkqCk_qaZ8qgDJegqlxMJDbNw==
date
Wed, 25 Dec 2024 06:39:25 GMT
content-type
application/json; charset=utf-8
x-yottaa-optimizations
ob/1000 si/23D1cc02327d-1734717344-5046382001 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
x-yottaa-os
200
x-amz-apigw-id
DVdInFimiYcEifA=
x-amzn-remapped-date
Wed, 25 Dec 2024 06:39:25 GMT
x-amzn-trace-id
Root=1-676ba89d-6103483872f7c2e83cde0b35;Parent=7f907d6262071bbe;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 0112af6219abab80a1c298e0563cf966.cloudfront.net (CloudFront)
x-yottaa-metrics
23214047a180/[494,490,-] 23D1cc02327d/[-,497.690]
access-control-allow-origin
*
content-length
118
x-amz-cf-pop
PHL50-C1
jquery-3.7.1.min.js
assets.bounceexchange.com/assets/bounce/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/jquery-3.7.1.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=fsBEgw==, md5=LIctvmD0unD7hTVhE9izXg==
content-encoding
br
etag
W/"2c872dbe60f4ba70fb85356113d8b35e"
age
152811
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
87533
date
Mon, 23 Dec 2024 12:12:34 GMT
last-modified
Thu, 19 Dec 2024 20:54:58 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
x-guploader-uploadid
AFiumC6PE2_dh4_Ak5gpHu1uj4Im-jxi1tgHWz3L_r1rBu_dfhF8CBGQRUvjaEHH2dmiLoQK3UkBiE8
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
none
access-control-allow-origin
*
x-goog-generation
1734641698026138
content-length
31020
server
UploadServer
frontend-framework.js.bundle
cdn8.eu.inside.chat//js/ 		205 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn8.eu.inside.chat//js/frontend-framework.js.bundle?v=a741df0-5
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.8.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ada904b348f3aec8423f2b8a1335f55aa68d2d8d636da40fb02a2ac7cd4b193
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
cf-bgj
minify
etag
W/"b3dc4c62828cfc4d4eb3792ee171d025"
age
223
cf-cache-status
HIT
expires
Thu, 02 Jan 2025 06:39:25 GMT
cf-polished
origSize=317309
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 25 Dec 2024 06:39:25 GMT
content-type
text/javascript
vary
Accept-Encoding
priority
u=3,i=?0
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
public, max-age=691200
cf-ray
8f76d576e9fe5407-YYZ
server
cloudflare
heap.js
cdn.us.heap-api.com/v5/heapjs-static/5.2.5/core/ 		307 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.us.heap-api.com/v5/heapjs-static/5.2.5/core/heap.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-103-75.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
83ad7afbc0337725d1ebd2d6dc111178686ca59eac905d4f173d08e3e3c561f7

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-cf-pop
IAD61-P1
content-encoding
gzip
etag
W/"15e5efdde56dc76b8a2976b750f8ef64"
age
1777
cross-origin-resource-policy
cross-origin
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
xeO-7uEY9NH-vMxSzAB13S36mtFpu3WYa7Wf2aGWOCD3yjJZ_moBAA==
date
Wed, 25 Dec 2024 06:09:49 GMT
content-type
application/javascript; charset=utf-8
vary
accept-encoding
server
AmazonS3
last-modified
Mon, 16 Dec 2024 19:15:27 GMT
x-amz-server-side-encryption
AES256
bframe
www.google.com/recaptcha/api2/ Frame 2611 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&k=6LcA2G4UAAAAAK-fHuRDYBsNQoJlqlDqQvrjGwQu
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.103 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f103.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-JfvND7QEAQ4ylMzCIi7n5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-JfvND7QEAQ4ylMzCIi7n5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 25 Dec 2024 06:39:25 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame 0087 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ranges
none
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
ad-auction-allowed
true
age
58013
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
938
content-type
text/html; charset=UTF-8
date
Tue, 24 Dec 2024 14:32:32 GMT
etag
W/"fc893948c3efc689b5b19d8a77958e23"
last-modified
Mon, 23 Dec 2024 18:18:07 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1734977887138096
x-goog-hash
crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
2408
x-guploader-uploadid
AFiumC5dpgjK-4MFK3IBHz_dQ0OyzBLhvqfDbSrqlM3wdVy0tl613XxiLue_5O_aITCeJ55xfh7F9CA
pageview
c.contentsquare.net/ 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?ex=&dt=196&pvt=n&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dr=&dw=1600&dh=7648&ww=1600&wh=1200&sw=1600&sh=1200&uu=52d2bea2-31c8-a046-d49b-ed311d863937&sn=1&hd=1735108765&v=15.43.0&pid=1926&pn=1&happid=1042782804&hsid=8442428928401421&huu=3346808480444271&r=081069
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.217.190.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-217-190-26.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
timing-allow-origin
*
pragma
no-cache
access-control-allow-methods
GET, POST, OPTIONS
expires
Sun, 24 Oct 1982 23:00:00 GMT
access-control-allow-origin
*
date
Wed, 25 Dec 2024 06:39:25 GMT
content-disposition
inline
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
script-tag.js
cdn-scripts.signifyd.com/api/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.64.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-64-38.iad12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
accept-encoding
cache-control
max-age=1800
content-encoding
gzip
etag
W/"73ca6f23f3e08738233832c7a7a0c30c"
age
442
via
1.1 7eeed291abf48890d3f36565208941a8.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
DGE_CsPPA-FZTPXakpOgyYoL4Hd1utkRrxxmHnR03Q8ofV8HjQrORQ==
date
Wed, 25 Dec 2024 06:32:04 GMT
content-type
application/javascript
last-modified
Tue, 23 Apr 2024 14:51:40 GMT
server
AmazonS3
x-amz-cf-pop
IAD12-P1
x-amz-server-side-encryption
AES256
add_user_properties
c.us.heap-api.com/api/capture/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c.us.heap-api.com/api/capture/v2/add_user_properties
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.172.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-172-121.compute-1.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
POST, PUT, GET
access-control-allow-origin
*
allow
POST
content-length
4
content-type
text/html; charset=utf-8
date
Wed, 25 Dec 2024 06:39:25 GMT
etag
W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
track
c.us.heap-api.com/api/capture/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c.us.heap-api.com/api/capture/v2/track
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.172.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-172-121.compute-1.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
POST, PUT, GET
access-control-allow-origin
*
allow
POST
content-length
4
content-type
text/html; charset=utf-8
date
Wed, 25 Dec 2024 06:39:25 GMT
etag
W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
add_user_properties
c.us.heap-api.com/api/capture/v2/ 		2 B
286 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://c.us.heap-api.com/api/capture/v2/add_user_properties
Requested by
Host: cdn.us.heap-api.com
URL: https://cdn.us.heap-api.com/v5/heapjs-static/5.2.5/core/heap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.172.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-172-121.compute-1.amazonaws.com
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
application/octet-stream
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
access-control-allow-methods
POST, PUT, GET
access-control-allow-origin
*
content-length
2
date
Wed, 25 Dec 2024 06:39:25 GMT
content-type
text/plain; charset=utf-8
server
nginx
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
track
c.us.heap-api.com/api/capture/v2/ 		2 B
286 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://c.us.heap-api.com/api/capture/v2/track
Requested by
Host: cdn.us.heap-api.com
URL: https://cdn.us.heap-api.com/v5/heapjs-static/5.2.5/core/heap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.172.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-172-121.compute-1.amazonaws.com
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
application/octet-stream
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
access-control-allow-methods
POST, PUT, GET
access-control-allow-origin
*
content-length
2
date
Wed, 25 Dec 2024 06:39:25 GMT
content-type
text/plain; charset=utf-8
server
nginx
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
negotiate
www8.eu.inside.chat/signalr/ 		391 B
578 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www8.eu.inside.chat/signalr/negotiate?clientProtocol=2.1&k=IN-1011171%3A26297372-7665adc7f1d978e62c6467f74e002e142b6c3fc3177e53a4b952f8ce8eba0b7e-5-5%3A141219229%3A1521&c=93439856b3e933add74101008009550f&nc=0&connectionData=%5B%7B%22name%22%3A%22insidesocialhub%22%7D%5D&_=1735108763801
Requested by
Host: cdn8.eu.inside.chat
URL: https://cdn8.eu.inside.chat/ig.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41bac5cd3920317207f2f775493f67391d90560758f7dab29836c0209898bf6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Accept
text/plain, */*; q=0.01
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
expires
-1
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 25 Dec 2024 06:39:25 GMT
content-type
application/json; charset=UTF-8
priority
u=1,i
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
no-cache
pragma
no-cache
access-control-allow-credentials
true
cf-ray
8f76d5789adbac48-YYZ
access-control-allow-origin
https://www.elfcosmetics.com
server
cloudflare
ig.css
cdn8.eu.inside.chat// 		13 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn8.eu.inside.chat//ig.css?dev=2&_a741df0-5
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.8.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
097ece141436f930315dd1ef80c15e89a1a1bc2eaaf634e96d4d53c1b0d07cfc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"467ac5f0ff9ddafc490fa480f5fdb10b"
age
54
expires
Thu, 02 Jan 2025 06:39:25 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 25 Dec 2024 06:39:25 GMT
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
priority
u=0,i=?0
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
public, max-age=691200
cf-ray
8f76d5786af75407-YYZ
accept-ranges
bytes
content-length
3743
server
cloudflare
lookup
pd.cdnwidget.com/ 		74 B
288 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pd.cdnwidget.com/lookup?deviceID=undefined&bxwid=4142&bxdid=8910707903447307748&visitID=1735108765496105&enableUID2=false
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
f309b4b6297e8c886d8d6b1ff31decc2d09f6eecf7804e3325bf5a2d3a5eac55

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-envoy-upstream-service-time
6
x-envoy-decorator-operation
id-resolution.id-resolution.svc.cluster.local:9000/*
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
74
date
Wed, 25 Dec 2024 06:39:25 GMT
content-type
application/json
server
istio-envoy
dvar
c.contentsquare.net/ 		0
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=15.43.0&pid=1926&pn=1&sn=1&uu=52d2bea2-31c8-a046-d49b-ed311d863937&happid=1042782804&hsid=8442428928401421&huu=3346808480444271&dv=H4sIAAAAAAAAA43PwUrDQBAG4FcZAt5sSLbUpN7SREtBe7BF6Clsdyfplu1uSCbGor67EygK6sHTDAP%2FNzNvQbYoi125tH4vLeTeUestbLGj4Db4YwrvUJydPBl1JaKdQau53r022Bp0Crvg%2BiI%2BoTorizABDG1YhZDLFjt49LrnaTSfiEhMecd3FmLG1zgwOBg6%2BJ64M%2B6IamyU1%2FiFXw7bGELI9LHv6ISOut%2Fcs2yNJOMdC%2FHP%2BNY3sJDOYQubg2ka42rIe%2FJV9V8o05oVRurxMSb56%2FGKBz%2FAyhHfxNHcWyv3vuX4C3L83lhi2tUjsy6XWZlbXkSrgpMiStNZOhdpEsbJdBZHaXIjgo9Plu5STagBAAA%3D&ct=2&r=349808
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.217.190.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-217-190-26.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
timing-allow-origin
*
pragma
no-cache
access-control-allow-methods
GET, POST, OPTIONS
expires
Sun, 24 Oct 1982 23:00:00 GMT
access-control-allow-origin
*
date
Wed, 25 Dec 2024 06:39:25 GMT
content-disposition
inline
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
telemetry
c.us.heap-api.com/api/ 		32 B
234 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.us.heap-api.com/api/telemetry?a=1042782804&te=type&te=data&te=cm&te=eventPropertiesTelemetry%20-%20added%20new%20properties&te=val&te=1&st=1735108765618&hv=5.2.5&ld=cdn.us.heap-api.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.172.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-172-121.compute-1.amazonaws.com
Software
/
Resource Hash
853b983923a033223e4f391790e6e86619b31d542b40e7e1e8221fb0d6957ab1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
32
date
Wed, 25 Dec 2024 06:39:25 GMT
pragma
no-cache
content-type
image/gif
company_toolkit.js
cdn-scripts.signifyd.com/api/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.64.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-64-38.iad12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
accept-encoding
cache-control
max-age=1800
content-encoding
gzip
etag
W/"2c3950f122b3977df61b0e077aaa92c8"
age
783
via
1.1 7eeed291abf48890d3f36565208941a8.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
r6DJHoPvFPzduBTfqOKGfa_SVWaVRfdJbBlQRPw8gIrNrp_ma4rhvQ==
date
Wed, 25 Dec 2024 06:26:23 GMT
content-type
application/javascript
last-modified
Tue, 30 May 2023 10:18:44 GMT
server
AmazonS3
x-amz-cf-pop
IAD12-P1
x-amz-server-side-encryption
AES256
us.svg
www.elfcosmetics.com/mobify/bundle/12898/static/img/flag-icons/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/12898/static/img/flag-icons/us.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.125 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/elf-cosmetic-criminals

Response headers

x-amz-meta-deploy
964016
content-encoding
gzip
age
56119
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
S4m2XyMfp-lcmIhK4_lJWJwNXlQhnTTri9LbCTFhyyOwFCeLQFucpQ==
date
Wed, 25 Dec 2024 06:39:22 GMT
content-type
image/svg+xml
x-yottaa-optimizations
ob/1101 si/23D1cc02327d-1734717344-5045962484 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 eb0e559672da6f524cf68a461f930cc4.cloudfront.net (CloudFront)
x-amz-meta-bundle
12898
x-yottaa-metrics
2321cc8d59e5/[9,-,1735051849855] 23D1cc02327d/[hit]
access-control-allow-origin
*
content-length
676
x-amz-cf-pop
PHL50-C1
init1.js
api.bounceexchange.com/bounce/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/init1.js?wklzs=1031&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHYBmAVnwAYAOQgNluIBYBOTYALxCkaoswHcApgCMcqYIID6qACbd8jAEyYAToJwgANnDQYCtChQAe+RYdWCYglWpVRsAQ02bUCAOaS4KzVAAWwYAAHHABSYgBBEMUAMSjo-gSAOkFNGCQQHABbQTQkHET0zLiUmABadKyc1CRylVRM1yccTAA3VDFgSXSQAGtUQSgQwgAhKMVNQLGwyMVFfyDQxVIIqNIY1ZiE-mTUiuzc-MKN6JLyjP3q2vrGzUXFKIBhMZUpldmpxSfZwSNX8KIyPhKKRaGtyEMACLYEC9fqDEZjHD8Fp-GBNQSPMYyWR-MZUZiUQgUQjMChMRgkYmEHgfL6KNoyP4A8jUOikFi0YGY2Yo94rBGzTQgNxuQQyaQIVHo7mKQQtaySIUisUSqW3DGfMZIBwqToAR2AAE8-hQZdrdZIWk44Br7hFTZrZjg4MIGgEVRgOrbpmj1TKlaLxa5pDJBAg0DB+oy+eFfTgNXTzZ148A1fGzTrUzG4xjCBCZYEZNFUCocMAADIgBzRu3hYAqG0ymRuXECxTtAAKajaIDgOAefdA2Re2eljvbOAAyi6cEg6sJrGmE2N2gAVH7AaeiOeoBcj2s5jNIXxSYB3abMyg0ehMKiQyGtHU4ADaAZVrgAurB0Y-S8+5Qqb5BggX45r+L5JpIBqGl+fBWn+kFWtogiweBz6BCoIDihh1Qod+6poRhWGSAgDjZKBP7wS+wZliASA9BRBFUc+zquuIEjip64h4WBzHdH0UiZFhTiSBh6hhsAX71jaaFARKIYSagkZiox8ZoZBKaqYIhEyIEkg4D0cBaepmbGcxYktPphlmaGMDPoh1p4XBtmvsKgbybIinKTINmWPZmb6Tkxn8f0kigCAio6qK+FqcIgRQHwOTxc+ABESYpQANGlDgSG4IAqIamVpSe9G9sARW+CA2RFURMhwCgRXxjqx4pR+mCBGe9iFIELgOMgUgwJoDhuPYLS+A4UBAA
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
1137ccc708634238c9c949f62c4e2f29112fd4a103e60be2bad26a4c7ff2fdb1

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
content-encoding
gzip
pragma
no-cache
x-envoy-upstream-service-time
17
x-envoy-decorator-operation
legacy-api-tier1.legacy-api.svc.cluster.local:80/*
via
1.1 google
expires
0
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date
Wed, 25 Dec 2024 06:39:26 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Wed, 25 Dec 2024 06:39:26 GMT
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
c
ids.cdnwidget.com/ 		442 B
780 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=146037162&GCS2=MTcyLjE3LjAuNSwxMC4xLjE5LjI0NSxmZGJmOjFkMzc6YmJlMDo6MTc6Mzo6ZjUsZmRiZjoxZDM3OmJiZTA6OjE3OjM6OmY1&pe=false&wsid=4142&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Atrue%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A4142%2C%22loadID%22%3A%22fcwNNPAtlynTqBe%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A38%2C%22IDStageStart%22%3A38%2C%22obsReqpage%22%3A523%2C%22obsReqview%22%3A523%2C%22obsReqdata%22%3A524%2C%22netComplete%22%3A594%2C%22IDStagePrefire%22%3A594%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Atrue%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A-8%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%228910707903447307748%22%2C%22visitid%22%3A%221735108765496105%22%7D
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:56e0:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
/
Resource Hash
4ab23e2ad243d6d78cfb7a0e0c190047e6608a331ccfef82dd8f0494cfeefc7f

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
442
date
Wed, 25 Dec 2024 06:39:26 GMT
content-type
application/json
vary
Origin
ppm84cirtgryahy4.js
imgs.signifyd.com/ 		97 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/ppm84cirtgryahy4.js?5rfbtby46vzddile=w2txo5aa&bvegxv8t9f68p36b=LzZjYmZiNWE2MzFkNGM4ZTQ3YjVmNzg5Yjlm
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
03ffba13e365b1a03178951a763247122b615616241a7284a71e43b0a0a0b9a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

X-Robots-Tag
noindex, nofollow
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
P3P
CP=IVAa PSAa
Keep-Alive
timeout=2, max=100
Date
Wed, 25 Dec 2024 06:39:26 GMT
Content-Type
text/javascript;charset=UTF-8
Vary
Accept-Encoding
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Server
Apache
dvar
c.contentsquare.net/ 		0
42 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=15.43.0&pid=1926&pn=1&sn=1&uu=52d2bea2-31c8-a046-d49b-ed311d863937&happid=1042782804&hsid=8442428928401421&huu=3346808480444271&dv=H4sIAAAAAAAAA6tWcvSL93B1DIh3LChQ8HRRslIyNDAxMrcwsjAwUaoFAAixYhsfAAAA&ct=2&r=747354
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.217.190.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-217-190-26.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
timing-allow-origin
*
pragma
no-cache
access-control-allow-methods
GET, POST, OPTIONS
expires
Sun, 24 Oct 1982 23:00:00 GMT
access-control-allow-origin
*
date
Wed, 25 Dec 2024 06:39:26 GMT
content-disposition
inline
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
rcomEvent
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/rcomEvent?cnst=1&_=847326&uid=-3490289456073955175&sec=8772046&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799436.799440&expSes=3410&p=1&cl=d.an.c.ws.fst.&ses=1b3afb925e5c37d34f50d47eada5f795&data=%7B%22ctx%22%3A%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-US%22%2C%22data%22%3A%5B%5D%7D%2C%22widgets%22%3A%7B%22199244%22%3A%7B%22fId%22%3A16887%2C%22fallbackData%22%3Atrue%2C%22expData%22%3A%7B%22expId%22%3Anull%2C%22varId%22%3Anull%7D%2C%22events%22%3A%5B%7B%22type%22%3A%22PIMP%22%2C%22pId%22%3A%5B%2281588%22%2C%2257323%22%2C%22300200%22%2C%2283945%22%2C%22300234%22%2C%22300226%22%2C%22300061%22%2C%22300229%22%2C%22300243%22%2C%22300152%22%2C%221810%22%2C%2257581%22%5D%2C%22strId%22%3A9%2C%22md%22%3A%7B%7D%7D%2C%7B%22type%22%3A%22WIMP%22%2C%22strId%22%3A9%7D%2C%7B%22type%22%3A%22WRIMP%22%2C%22strId%22%3A9%7D%2C%7B%22type%22%3A%22PRIMP%22%2C%22pId%22%3A%5B%22300229%22%2C%22300061%22%2C%22300226%22%2C%22300234%22%2C%2283945%22%2C%22300200%22%2C%2257323%22%2C%2281588%22%5D%2C%22strId%22%3A9%2C%22md%22%3A%7B%7D%7D%5D%7D%7D%7D&reqts=1735108766488&rri=8120468
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.83.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-83-57.iad55.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 3ea826f29560ca95cae18534029cc5a6.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
lSup1PIXa8kMDW1RRixBdwAyseECSkgyNeKJa0VYBwL2JkIIfXK0HQ==
date
Wed, 25 Dec 2024 06:39:26 GMT
x-amz-cf-pop
IAD55-P3
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
visit
events.bouncex.net/track.gif/ 		42 B
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoAZETWAD0oBmAEJsAgpgAmSAiElsAjKxFsA0gEpxABy2kEAdQQAjVVBoNBAdkaCAbG3aqAEgBU8nGgGE2pEAGsENgBxBABjPwJNamZPAAsZAFtAugVqAA4WRltbBUFGNLS2QiMyZOYAZRQAMxQkEHN6KxtbADJQCBgkBCrkLqQcNvAoaAopHjQtdARYJFIcWMhILTAaRrFVug3aAHddxgRSKtCCMCTIEFCwRmOErYOqgFpj04Rz0Ke6hJ4UUjBBjugXTABFIsHOBEwfBwClszGY-2GQJBYJAEIAntDovD2sNQvBIAQEsBaiAUEY9GAcJRLKJqNRSAQ0BhJAB9Hg0ahCdZ0mq-ZKc6jeOkIYDIFkMpkIVnsulcjm8xAcrwc0K1SAsgCOkDRSsE3OiSsFKrVLOJoP5crprFlRrpWhkrPtFwtevlP0VNqF1HtBFZmBQSV1+oVFtt1B4LLABPCQbdfMNXrAsCMX0WUpZEI6LuD7tDXuOBD8IAQLISvp+LPtCEQ2FjdMgSFgeY5EuZbMwbMkWHOVWL8llrp5uYTxqQ6sQkDr1BDI7tki0kb8sCnM89o8nA5z8bXdq6wEXy83cY9nMsABEETAC0WEFSaRywNtgEHV17JHIp2kAJxKSzMSxfswggACzAZYgj-pYwGFDu1CgP2nJ6go4H0EoaSWNk9B0tBX7KnSz5Hve554d6ki0CASBRpwBAoAhXINk2JGSGgsb3nS4AAAp7qi8CePihLIC+w5huA5TJmAoR1EYgmbq+HLgC4CB8JAYlGBJUkyYhYhyXSqqhLEJaQCsm7IYIqHMOh2QgYUxFhlUwAblppnmZZ9hhigBBBtaXqkFoU4LEsxlrFsWy7Ns+yHM8ZwXFcNx3IcTwnNF7ySSAXz+r8s7UCgxlad5HLAFoBFOUxU5+bBSBTlloQOUGzloRhbmJh+m4PAoJFoJJQaASRtybvldKkLVJkoQ12TUhe8DIFM2DQEYMjbIg-RxIkCAtFNqAYLNoqUaimCYhkzBZDkeQFOtS0zTAugoJAVQEEgCQ4BI0iyJI53TVtMBdqAoSvGiWi3losQQmteJRgJSDQLEOXHJgO2QFKODwhgBDQMcsDYEgaLHF2OCeGILQo2jBAYw22O+gggh42IAByhMIKj6OY2i-pJHjKD+pIKD06jXRoHtOAAIqeDzgIIPzEKs7egtNtJoSi6EUAYoQmMID8otaCckA-Djt5OHqosUOckCwLjwFMPQhsQvzJu4w84FZArELnJg3a6zgNME10DK0Z4AaTCAaCYGAABq1BIy0Za4-C2zGFmcg4MBCjAdQl4J-VFmNVh1A4S033Ogn36-v+gEgWBEGWFBaQtJMGCgAg2zpy0iAak2mC-Qn8KhL43bnEkUb+9Co2Z5h9DV93xbYCgWggDtEAQjg2toIIecis6OBaC0kCxBRjpqmikYEptJbvmAZJ6JIOAhlvRAEInaTwsCMy-TgsdGC0l04BtzcEFU6oJ9QDUsQABStBbBEFsBqVQNN6BBGAsIJAtBmAh0EGgYB9BSCYE1i0aGSBpSX0ASA2glgACitA0BomAaCfQCRQgcQUJCbYABJNIAB5JwwCghAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
1
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Wed, 25 Dec 2024 06:39:26 GMT
content-type
image/gif
pageview
events.bouncex.net/track.gif/ 		42 B
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdBOgGYDGA9oQLYS4YHQk2696rNgFpufAUJmoYvGADsQ6QgDJQkWAkQdkhXF15QQSkACN0EQpmIB2AELUq6LmEgATAPpq7mSUVFRsGoQQQVQAwu7QEKh+nt4Q-oGhwe7hmlGZse4clrh+AI64AJ5BFO4ADNFxoUWoJRboyHlUWaH1+Y1UwKhc-oNCnd1hEeMFoYPDfur81SGTuQ3uan4mXBwA1svZU+uhhMjWKvhpflyqhDC44zWhOZHHVNxcu3B+vMMafoN7BBVLgDqFcKgOm8Ur4AqoAj5gYI2HAfGDVq8+oVilsBOiXtN+sAfMAtrtkPijlimsVKWtqQNUNAyRTMk8MeMnAARHTgaBwJAfL72GAALwgmAArKQAIy8vQCwwgVQ3IQaHD4IjdOi0RjwFjsWT8QTCURmCTsGQ8Y0KDhKFTqTTy-kGIXfUxcZKWSCYAnO-SCrifd0VYAS0jAJ26F2B4MQLZi8MATlITi0YmAhl4wEwtXTZkzuA4bFz+ezKEIObzGcQYGAVa0TM8IB8MRA2ZAMDAtwAalRS79EaX4BBrHcHjAfJgACwy6dULSwceTzAypykSUy2oADicADY95LQtPt0mtIjYBwICvT1unLUnEnaqRp9P1w+nCf-QKV3LIqUOlUK9f3TdA4BBQR+BMdsczXDct13A9JT3OUODApEQGAGAoESO4bkwXBwFIc9+SvTBgC0XBsBgVARmKCotlMVA+T8HwYEIGw7CnP1cFFLgZ23PNCC4NAyJHawtD5EFMGMRItGEtgShXKhSmwAApGg91FPdSgAaQAOUlABxacXFQGhah7UgwDUyV0FUYAuC0bBLHSKcVPUmgnAAURoMAKjU9oAHVeA4AAFGVVAAD3gABJbcAHkAAk1KMoA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Wed, 25 Dec 2024 06:39:26 GMT
content-type
image/gif
exist
srm.ba.contentsquare.net/ 		2 B
94 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://srm.ba.contentsquare.net/exist?v=15.43.0&pid=1926&pn=1&sn=1&uu=52d2bea2-31c8-a046-d49b-ed311d863937&happid=1042782804&hsid=8442428928401421&huu=3346808480444271
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.124.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-124-161.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-origin
*
content-length
2
date
Wed, 25 Dec 2024 06:39:27 GMT
content-type
application/json
IMgq4MsY2W1EY7a5
imgs.signifyd.com/ Frame 40BD 		318 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/IMgq4MsY2W1EY7a5?49c2fc47459820ea=o40MXJIS3FiXEtFL52K2DzBvohOrGeT6mREfI2gM_HZ8PtM18SL6XBZcoJ0qRvAvWQp704_VyGXFVVl0-c9AJ5_WQcPlZy8Aq_a2HZHZjq_P5ieWXE-fG2-Vb3BUxNd7XMToAXJzAfU8Pz9GsgGdet2mh0a62QkkFEFkSdeXmmbEIx1fOZ1YC95nFI-P8r9tgGmUsxFBYLv0VkOx&jb=3d3d2c2c627b657d374e696c7d722460796d35416464726d616e273a3a3b322662796a7d3549627867656f2e6071623f4b62706567672d323a31323a
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/ppm84cirtgryahy4.js?5rfbtby46vzddile=w2txo5aa&bvegxv8t9f68p36b=LzZjYmZiNWE2MzFkNGM4ZTQ3YjVmNzg5Yjlm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e21ebec0058943cb9d884199217cf1c1d4bbdbf5faee0e80835f74874d93262a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

X-Robots-Tag
noindex, nofollow
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=99
Date
Wed, 25 Dec 2024 06:39:26 GMT
Content-Type
text/javascript;charset=UTF-8
Vary
Accept-Encoding
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive, Keep-Alive
tmx-nonce
d8fb95c47a7079e5
X-XSS-Protection
1; mode=block
Server
Apache
JJ-a3LlWs5SILyDJ
imgs.signifyd.com/ Frame 40BD 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/JJ-a3LlWs5SILyDJ?6e617d521ff58295=wtUzQbeFhIiwvT5PRJSiIl4mNr4w_kgmfSu2mkQBPnVt9_5gSVJQm26gi-JF4ALsldw-nx7wjNsFN6YzKDDUpyaj3FJFT5zhlgLN4mooqlv6MvlcoAYTmnWb_0788OSCYkNz2N_s771tSdut6sWEG-cpI4uombs6ovYWFI8
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
81
Keep-Alive
timeout=2, max=100
Date
Wed, 25 Dec 2024 06:39:27 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/png
Server
Apache
mJjmugYaHLAf2bd5
imgs.signifyd.com/ Frame 40BD 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/mJjmugYaHLAf2bd5?8323d26db847133b=CttmZbtDWFDOiwd5y5AbdabfATGDb6ZUuWZgd81Q5G-2aqp1Tt1q1XHQxwBVr-NwEKOgnu1noWaAdNRZgiEnF7RuQHz3Ml55r3u5Acof8zjxCwrl684J93XKysv06x8-x4_Z88I-NqY0sCLgG76AmLMWSxXIdZJFGLjEfpk
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
81
Keep-Alive
timeout=2, max=100
Date
Wed, 25 Dec 2024 06:39:27 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/png
Server
Apache
start
www8.eu.inside.chat/signalr/ 		25 B
276 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www8.eu.inside.chat/signalr/start?transport=webSockets&clientProtocol=2.1&k=IN-1011171%3A26297372-7665adc7f1d978e62c6467f74e002e142b6c3fc3177e53a4b952f8ce8eba0b7e-5-5%3A141219229%3A1521&c=93439856b3e933add74101008009550f&nc=0&connectionToken=IPDVJRJYi9qGn3uatyUF%2BPHlIONcKsJi05oFH12PV6zjf5OgQUOyrZHbA9tMe46xcYgiVNfzy7%2BLWkCMDbtVpJQm4dW9cfOhw3X6bY3VB8uhP3q5Z6EXuiJCtuQgZikz&connectionData=%5B%7B%22name%22%3A%22insidesocialhub%22%7D%5D&_=1735108763802
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c50a0366bab0d95bd0dfbbf67ed889b5fd383ee7464a77660088c32e4ef91c20
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Accept
text/plain, */*; q=0.01
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
expires
-1
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 25 Dec 2024 06:39:26 GMT
content-type
application/json; charset=UTF-8
priority
u=1,i
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
no-cache
pragma
no-cache
access-control-allow-credentials
true
cf-ray
8f76d580cfc3ac48-YYZ
access-control-allow-origin
https://www.elfcosmetics.com
server
cloudflare
cs
tags.rd.linksynergy.com/
Redirect Chain
  • https://idsync.rlcdn.com/458359.gif?partner_uid=f2e1bfcf-c526-400b-ae5c-19e7426d7810
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGYyZTFiZmNmLWM1MjYtNDAwYi1hZTVjLTE5ZTc0MjZkNzgxMBAAGg0IntGuuwYSBQjoBxAAQgBKAA
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=bb7271111cfc4eb2c08fddc4f5153d87dc299ba293eb754589c0099e09c4973e6ac34734d8e453ee
37 B
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=bb7271111cfc4eb2c08fddc4f5153d87dc299ba293eb754589c0099e09c4973e6ac34734d8e453ee
Protocol
H2
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
date
Wed, 25 Dec 2024 06:39:27 GMT
x-samesite
secure
content-type
image/gif

Redirect headers

cache-control
no-cache, no-store
timing-allow-origin
*
location
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=bb7271111cfc4eb2c08fddc4f5153d87dc299ba293eb754589c0099e09c4973e6ac34734d8e453ee
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length
0
date
Wed, 25 Dec 2024 06:39:27 GMT
clear.png
imgs.signifyd.com/fp/ Frame 40BD 		81 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fp/clear.png
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/IMgq4MsY2W1EY7a5?49c2fc47459820ea=o40MXJIS3FiXEtFL52K2DzBvohOrGeT6mREfI2gM_HZ8PtM18SL6XBZcoJ0qRvAvWQp704_VyGXFVVl0-c9AJ5_WQcPlZy8Aq_a2HZHZjq_P5ieWXE-fG2-Vb3BUxNd7XMToAXJzAfU8Pz9GsgGdet2mh0a62QkkFEFkSdeXmmbEIx1fOZ1YC95nFI-P8r9tgGmUsxFBYLv0VkOx&jb=3d3d2c2c627b657d374e696c7d722460796d35416464726d616e273a3a3b322662796a7d3549627867656f2e6071623f4b62706567672d323a31323a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Accept
*/*, w2txo5aa/d8fb95c47a7079e5lzzjymzinwe2mzfkngm4ztq3yjvmnzg5yjlm
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
private, must-revalidate, max-age=0
Etag
1db77bb56fcf4d128436c66c1b682f2c
Connection
Keep-Alive
Expires
Mon, 24 Dec 2029 06:39:27 GMT
Access-Control-Allow-Origin
https://www.elfcosmetics.com
Content-Length
81
Keep-Alive
timeout=2, max=100
Date
Wed, 25 Dec 2024 06:39:27 GMT
Last-Modified
Wed, 25 Dec 2024 06:39:27 GMT
Content-Type
image/png
Server
Apache
4WHs15UjbZhel5qz
imgs.signifyd.com/ Frame 76D3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/4WHs15UjbZhel5qz?418b9845bbde9bc6=8cjK7T3KD18OD36EpamH9GPZNILZ60EMB6XIY1atrk-jEH9rdmiKqkmNWRY4FVNDBnZwE7PH9udxyqnBarf-B2iojuqqDyNi_LsUUxQZ9YSdB5zJLo2-tX8QzfkhE9H5ooRwgvQG9obNOlKqkkezag4IBPc-5vHAXhJh3bSDjZBT1Ct_7Av5o7IO-nf2CkTMBG2mRGANFBQq_nkLA3s
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/IMgq4MsY2W1EY7a5?49c2fc47459820ea=o40MXJIS3FiXEtFL52K2DzBvohOrGeT6mREfI2gM_HZ8PtM18SL6XBZcoJ0qRvAvWQp704_VyGXFVVl0-c9AJ5_WQcPlZy8Aq_a2HZHZjq_P5ieWXE-fG2-Vb3BUxNd7XMToAXJzAfU8Pz9GsgGdet2mh0a62QkkFEFkSdeXmmbEIx1fOZ1YC95nFI-P8r9tgGmUsxFBYLv0VkOx&jb=3d3d2c2c627b657d374e696c7d722460796d35416464726d616e273a3a3b322662796a7d3549627867656f2e6071623f4b62706567672d323a31323a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Wed, 25 Dec 2024 06:39:27 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
HhOC8wKQjNCHwqvw
imgs.signifyd.com/ Frame 40BD 		0
398 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/HhOC8wKQjNCHwqvw?2f575f923f14cb5d=MPwJGHk9uXYcvVc8Ehx8iEy8q56NnNmgBOhlkZe9M-MmJUhy0nj3Ma6Fbg3hHSI45QQuQI6IvIN97CsBqKwK6HQ1-5nqS526hsHF4V9tByHAi6Yi51FDuQftKOBxTwnb1Z_sm9uJqSz_VSEc5YyiKhJDe6U&jb=3b3c2c667b69373c3e6461313839633d6c6439343331323b6e3a32383f3e30323f3a3e303f3c39
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/IMgq4MsY2W1EY7a5?49c2fc47459820ea=o40MXJIS3FiXEtFL52K2DzBvohOrGeT6mREfI2gM_HZ8PtM18SL6XBZcoJ0qRvAvWQp704_VyGXFVVl0-c9AJ5_WQcPlZy8Aq_a2HZHZjq_P5ieWXE-fG2-Vb3BUxNd7XMToAXJzAfU8Pz9GsgGdet2mh0a62QkkFEFkSdeXmmbEIx1fOZ1YC95nFI-P8r9tgGmUsxFBYLv0VkOx&jb=3d3d2c2c627b657d374e696c7d722460796d35416464726d616e273a3a3b322662796a7d3549627867656f2e6071623f4b62706567672d323a31323a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
0
Keep-Alive
timeout=2, max=98
Date
Wed, 25 Dec 2024 06:39:27 GMT
X-XSS-Protection
1; mode=block
Content-Type
text/javascript
Server
Apache
JIyP_rglTc8bV3FU
imgs.signifyd.com/ Frame 40BD 		134 B
654 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/JIyP_rglTc8bV3FU?2140838905316744=RYPvw2K7O9GCS-Z9S1orSV4dxe2G41zTpNcxaYNW0OEH_SX8772ybaZTWUyjFpmDebx6Cs2303gaIb04ZAmqacIrOqPyiqAI7hFaGqu1MPYK3hTfPXuZMJ7LCI08vHu4CoNP43P0asMWp8FB7h46Kw
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/IMgq4MsY2W1EY7a5?49c2fc47459820ea=o40MXJIS3FiXEtFL52K2DzBvohOrGeT6mREfI2gM_HZ8PtM18SL6XBZcoJ0qRvAvWQp704_VyGXFVVl0-c9AJ5_WQcPlZy8Aq_a2HZHZjq_P5ieWXE-fG2-Vb3BUxNd7XMToAXJzAfU8Pz9GsgGdet2mh0a62QkkFEFkSdeXmmbEIx1fOZ1YC95nFI-P8r9tgGmUsxFBYLv0VkOx&jb=3d3d2c2c627b657d374e696c7d722460796d35416464726d616e273a3a3b322662796a7d3549627867656f2e6071623f4b62706567672d323a31323a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
5888535e9046a3aef958775d8b2f7894a7814bbc1f0d2bd89a1359b52f430cee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Content-Encoding
gzip
Pragma
no-cache
Connection
Keep-Alive, Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=99
Date
Wed, 25 Dec 2024 06:39:27 GMT
X-XSS-Protection
1; mode=block
Content-Type
text/javascript;charset=UTF-8
Vary
Accept-Encoding
Server
Apache
eAZyc6XrnnMdyOMY
h.online-metrix.net/ Frame 99E2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://h.online-metrix.net/eAZyc6XrnnMdyOMY?3280478d3406992a=wO1VbKnu9D6qFS-2utsQgG77Pplt8vlmLlChCPMeyojLVo6JSwq4SYNDNnmkBqSw3Gyc5Y4RwO58mJi4CuwKBOQnoJPSdN3pn1FAQ654w5y1oP_ZB7jRoYigFhtG6-D3mF2Rfk1JauhVXnZNl5fMVdWKz61EAg28hqheo7yJKILunVJZ3SxQYA125XJBuVPDDSNXTLqM_wOUfp8ETf8i
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/IMgq4MsY2W1EY7a5?49c2fc47459820ea=o40MXJIS3FiXEtFL52K2DzBvohOrGeT6mREfI2gM_HZ8PtM18SL6XBZcoJ0qRvAvWQp704_VyGXFVVl0-c9AJ5_WQcPlZy8Aq_a2HZHZjq_P5ieWXE-fG2-Vb3BUxNd7XMToAXJzAfU8Pz9GsgGdet2mh0a62QkkFEFkSdeXmmbEIx1fOZ1YC95nFI-P8r9tgGmUsxFBYLv0VkOx&jb=3d3d2c2c627b657d374e696c7d722460796d35416464726d616e273a3a3b322662796a7d3549627867656f2e6071623f4b62706567672d323a31323a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Wed, 25 Dec 2024 06:39:27 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
5JWgBCEnOyiRQEIg
imgs.signifyd.com/ Frame E956 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/5JWgBCEnOyiRQEIg?c84aefedb5238f5a=v83VSmfey7nYsHBeUWDpaf1D-A-ihUYF_qhocW27B-D-zr8K_TeKXA46rpFY8M3RcB1eZ7X-l-RuMAIu65tCiR50G0QnEZa7CZ0QRmTFPCQZpbjx2L3LO0Y837zLUjDsR9HAGkIwi3r4PrD4OJWm5PwfUVJjRbWkpN63w2TKrWA5R1CgnAGuhifMVMaR6_cLsN0GUoCJdJdkO2FDBD7m
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/IMgq4MsY2W1EY7a5?49c2fc47459820ea=o40MXJIS3FiXEtFL52K2DzBvohOrGeT6mREfI2gM_HZ8PtM18SL6XBZcoJ0qRvAvWQp704_VyGXFVVl0-c9AJ5_WQcPlZy8Aq_a2HZHZjq_P5ieWXE-fG2-Vb3BUxNd7XMToAXJzAfU8Pz9GsgGdet2mh0a62QkkFEFkSdeXmmbEIx1fOZ1YC95nFI-P8r9tgGmUsxFBYLv0VkOx&jb=3d3d2c2c627b657d374e696c7d722460796d35416464726d616e273a3a3b322662796a7d3549627867656f2e6071623f4b62706567672d323a31323a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Wed, 25 Dec 2024 06:39:27 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
lMd5MmQhMeBOAnLn
h64.online-metrix.net/ Frame 40BD 		0
399 B 		Script
General
Check archive.org
Download Go to
Full URL
https://h64.online-metrix.net/lMd5MmQhMeBOAnLn?f7fe183548a36302=qH_V__rK0vlCJg9JNhdN0MR5vXph2uqvQI476Dzq0jGHQ6GOhuEfjfHMVw2fzoV31APBDo8D4B8ho_tpp0RuvfGDw5hTW08oPDO1SO7Re9iRObV2Et5mylndhVYhlCGpLOglN4P5JPA3aFPoNCdWV-39TAo8IsCO
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/IMgq4MsY2W1EY7a5?49c2fc47459820ea=o40MXJIS3FiXEtFL52K2DzBvohOrGeT6mREfI2gM_HZ8PtM18SL6XBZcoJ0qRvAvWQp704_VyGXFVVl0-c9AJ5_WQcPlZy8Aq_a2HZHZjq_P5ieWXE-fG2-Vb3BUxNd7XMToAXJzAfU8Pz9GsgGdet2mh0a62QkkFEFkSdeXmmbEIx1fOZ1YC95nFI-P8r9tgGmUsxFBYLv0VkOx&jb=3d3d2c2c627b657d374e696c7d722460796d35416464726d616e273a3a3b322662796a7d3549627867656f2e6071623f4b62706567672d323a31323a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
0
Keep-Alive
timeout=2, max=100
Date
Wed, 25 Dec 2024 06:39:27 GMT
X-XSS-Protection
1; mode=block
Content-Type
text/javascript
Server
Apache
HhOC8wKQjNCHwqvw
imgs.signifyd.com/ Frame 40BD 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/HhOC8wKQjNCHwqvw?2f575f923f14cb5d=MPwJGHk9uXYcvVc8Ehx8iEy8q56NnNmgBOhlkZe9M-MmJUhy0nj3Ma6Fbg3hHSI45QQuQI6IvIN97CsBqKwK6HQ1-5nqS526hsHF4V9tByHAi6Yi51FDuQftKOBxTwnb1Z_sm9uJqSz_VSEc5YyiKhJDe6U&ja=3a3a383f2e2e6935273638322e703f3c3a246e3d3b363032703b30383a2c6366353b3e3838723b3838382c7b727b3d333e3a7a3b3c322e647a723d33243b34383a263332383a24393e3a3a26393a3a3826333632382633383a3224313c30302e39383a3d263b3430243b3e382e677e373a3f6c3d3b6633333c33673c68643a30336236346a6e31303d6832616e396b3c2e6764373a2e796b6e3f32362e666a3762767c70792533432d38442d384c75777f246d646e696579656d7e6169712e61676727384c67646627636f71656f766169276172616761666966792c7864373d2c72683f6d3232386e6469353f35313b3b6c366d686f3a3931396d6a3c6b33333a313a6c2c6a683f696c646933606e33323561323f68673f3c3c3331383f303c383a3d326b3a3d382c68736d354b6c6e786d61642f323033382c687b683741687a65656d2d383a3b3a302c62796d753f44636c7f7224627368753d4160786d656f2c6c686b373c302e646e6735302c666776703f382c76706e3f496d6f726961692f304e5c6b6c63677f7e6d7a2c676b7c6078353e3230316c3b613868676b30386536616b3f34383a3230616c3b3d3d3c3a3b6c6c3c3f30323334336c3c676b6b303c64693934636e68663f3839333339333e692e6e7837607c7e78792733432d38442f38447f777d2e656e6e696d7b676f76696b79266b67672f384e6d666e27616f71656f7663692f6b72636d696c6966712e7a37726c7d6d6166576c666b7b602f3d4f64616e7b6f237a66776f69645f776b666e6d7f79556f656c63695778666b736d7a2f3d4f64616e7b6f237a66776f69645f6166676867576b69706f6a6b7c2d3d4f6c6b647b6f297a6e756561645d7b7f6b6b6b7e696d672d3f476e6b667165297a647d6f6364557b60656b617561746d2f374f6c6364736f21706e7d6d6b6655786761647a6469716f782f3d4d6c69667165237866776d636c577666635f72646b7b6d782f37456e6b647b6d2b7a667d6f636655666574696674782f374d666b6c7367297a6e7d6d636c5f7b7c6f577e636f7d6d7a2f3d4f64616e7b6f237a66776f69645f6a637e6b273d4f6c636c7b6f2e6f645569377f6d686f665565604f4627383a3326302f32302a477a67664d462732384f5b2d3a3a3824382d3838496a726d6563776723556d624d4c2530384d4e5b462f30304d592d3a383b243a2d3a3a204572656c4f4627383a475b253830474e5b46273a3a4f51253a3a3926382f383a4b607867676b756f215d6768416b7c576f624b6b7c2f30385d6f6047444b464f444f5563667b7e6964616566576b70786b7b7b2539422530384f5a5c55686e65666e57656164676b702d394a2f303047505e5d69666b785f696f6e767a656e2d39482732384f505c57696566677a556a7f6466677a556a6b66645766666f61762d39402d383a47585c556c6d787e62556b646b657a2733402d38324f52565766666f617657686e6d646e27334a2f3a384d525e556e7a6b6f556665727c62273948273a304f58545d78656e716d656c5f676c6e7b6d7e5569646967782f3142273a3a47525e5d7b686b646570577e67707e7f70655766676c2d39482f3a384f505e5d7467707e77786f5d6b6f677072677b796b67645560707c692d3b4a2f383a4d505e577e6778767d786755696d65707865737161656c57786d76632d394a2d3a3a4f525c577e6d727675706d55646366766d7255616e6b7b65767a657a6b632d394a2d3a3a4f525c577e6d727675706d556f637870677255636c63657a5d7c655567646f6f2d3b4a2f383a4d505e57795047402d39402f38324745595f656e6d6767667e556b6e6c6f70577d63647e2d3b482d38324f475b556468655d7a656464657057676b78676b72253b482d3a38454f59577b7e69646661706c55666f786b7e617e6976677b2f314a2f38324f4d59577c6d727e7f7a6d556e666d61762d39402f38324745595f7467707e777a6f55646c676b7c576463646f697a2f3b48273232474f51557e6770747f72655d606b6e6e556c6e6f697e2d3b4a2f383a474d59577e6778767d7867556263646655666c6d697e5d64636467617a2f3b4a2d383a454d5b557e6f707467705563787863715f65626a676b7e273b482f30305f4f4a4f4455696564677857687766646d785d6c666d69742f3342273a3a554d484d4e5f6b6565787a6f79796d6c557c6f7a74777a6f5d6b79766b2539422530385d474a4d465d636767787a6d79796f6c577e6d727675706d55677e69273b422f3230554d48454455696d6d78786d7b7b6f6e557c6d727c7f70655d6d7e613b2f314a25383057474a4d4e5769656f707a6f7b7b6d6e557e6d707e7d78675f713b7e612f39402d323a5745404f465d6b656772726d797b6d6c557e6f707c7f7a6f5d73317c695d7978656a2539422530385d474a4d465d646d687d6f57786f646c6d786d785d696c6e65273948273a305d4542454455666d687f655f7b62696c6d78792f3b4a2f3a3a5545404f465d6e6f727c685574657a7c7f706d2f3940253a3a5f4d4a4d46556c7a6b7f556075646e6f70792f314a25383057474a4d4e5766657165576967667c6f727e2d3b482d383257474a4d4e5567776474635f6470697d273b482f30305f4f4a4f44557a6564716d67645d6d6d6c6f333c2c65645f623d38346e3961303e6b3a3739683c306d6b6e323c3e33696e3661356a3f613c3a3a6a386b643537393c247f6d66743d41647c6d642f383a416669262c75676e7a374b647e676425383049706179273a3a457265664d442d3a3a4f646f61646d2c616366353b&jb=393f3e2c647937456578696e646b27384c3726302f32302a44636c7d722f31422d383849666e7865616c2f3a3a3330273b4827383a492125383041727866675f6f6849697c2f3a4e3d393d243b3e2f3a3a2a4b4a5c474e2f38412d323a6c69696d2f30384d6f616b67232d3a3849627867656f2d38443130302432243c343933243838273a3a4f6768636e652d38385b696c6b78612d384e3f31372c3b3c
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/IMgq4MsY2W1EY7a5?49c2fc47459820ea=o40MXJIS3FiXEtFL52K2DzBvohOrGeT6mREfI2gM_HZ8PtM18SL6XBZcoJ0qRvAvWQp704_VyGXFVVl0-c9AJ5_WQcPlZy8Aq_a2HZHZjq_P5ieWXE-fG2-Vb3BUxNd7XMToAXJzAfU8Pz9GsgGdet2mh0a62QkkFEFkSdeXmmbEIx1fOZ1YC95nFI-P8r9tgGmUsxFBYLv0VkOx&jb=3d3d2c2c627b657d374e696c7d722460796d35416464726d616e273a3a3b322662796a7d3549627867656f2e6071623f4b62706567672d323a31323a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Keep-Alive
timeout=2, max=99
Date
Wed, 25 Dec 2024 06:39:27 GMT
Content-Type
text/javascript;charset=UTF-8
Server
Apache
Connection
Keep-Alive
hk68dpXvyQZttl3L
w2txo5aa36h3wt3vvakc6zoy7kfwjwmfka6ngrkod8fb95c47a7079e5sac.d.aa.online-metrix.net/ Frame 40BD 		81 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://w2txo5aa36h3wt3vvakc6zoy7kfwjwmfka6ngrkod8fb95c47a7079e5sac.d.aa.online-metrix.net/hk68dpXvyQZttl3L?da42872b754635db=k7VW2bdyzr6xs8g3hLMAnxm9yKGCvoEvZirrsluKIBcCrh4ZHBYfEgjQM5F7B3tLs3h19euNaRuk4YE9KYOgqACY5BVg6Ywkl1dmkVo5LDxAPK9glU7q7tgt1dQY4y21ivEXQe6VTU4YJDNZrHSMsSNTEbfszt17MEJE
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.3 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
close
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
81
Date
Wed, 25 Dec 2024 06:39:27 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/png
Server
Apache
graph
idr.cdnwidget.com/ 		0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idr.cdnwidget.com/graph?cookieID=2qhJF7EFgyJluWmcP1nxwI8OHJG&deviceID=2qhJF6z6qKN5G4BrF0V3gJ5lnpo&bxdid=8910707903447307748&bxvid=1735108766522489&bxwid=4142&gm=true&apikey=2^HIykD&loadID=fcwNNPAtlynTqBe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-envoy-upstream-service-time
0
x-envoy-decorator-operation
id-resolution.id-resolution.svc.cluster.local:9000/*
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 25 Dec 2024 06:39:27 GMT
server
istio-envoy
x5KMBByGIszpG2F0
imgs.signifyd.com/ Frame 40BD 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/x5KMBByGIszpG2F0?da680612063f0bf1=bhWVcnwlDO3PN70GmpA9m7bhPqtEndMdkf2yot8sCoUmbcIBn3kNSK8efZa56heQl8CsKL-YlszvmMhYutmM9q5bGfv2OGTZtGZVho0dljC8wgnUrkdSvL-OUMPEdyd8RcqhbZI84_MbQGL4Wv0RYufSQ-7mSK0veushYeZlq_4yVHlburrnEPojnKQ8M3kz_BonCa5nH2vCnc81Tu8&jac=1&je=303e2c2c656d6e60372a33273a49332f38413b25384366363e3c33383e6935393f6b6d6d3c6f693f3939396e396339603d6b33336b363b393e3839603c6f633039383b303d6e313a6c6b32326a6c3b3d683b31356c382b
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/IMgq4MsY2W1EY7a5?49c2fc47459820ea=o40MXJIS3FiXEtFL52K2DzBvohOrGeT6mREfI2gM_HZ8PtM18SL6XBZcoJ0qRvAvWQp704_VyGXFVVl0-c9AJ5_WQcPlZy8Aq_a2HZHZjq_P5ieWXE-fG2-Vb3BUxNd7XMToAXJzAfU8Pz9GsgGdet2mh0a62QkkFEFkSdeXmmbEIx1fOZ1YC95nFI-P8r9tgGmUsxFBYLv0VkOx&jb=3d3d2c2c627b657d374e696c7d722460796d35416464726d616e273a3a3b322662796a7d3549627867656f2e6071623f4b62706567672d323a31323a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Keep-Alive
timeout=2, max=97
Date
Wed, 25 Dec 2024 06:39:27 GMT
Content-Type
text/javascript;charset=UTF-8
Server
Apache
Connection
Keep-Alive
KQN4jjPDw3ZumGnF
imgs.signifyd.com/ Frame 40BD 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/KQN4jjPDw3ZumGnF?2afd43b5081777cf=aZ-BtXm6c6d_M_-bTDXe9eXM29TGaT1QMNst-gss5a3kve1oFuAGqrc-rlCk5-0oBbqkv-LUcUEqU8GJ5PerzAKGely7zH0y0GAPRxDeKysayklBsiEKSVY9ZtlrxfoHmJiQpqdAKDyl8Atd_kZPSXvKwC9vFfMTuAJeJdNLz80W7A4ggXRiGzbYTUTYYcvJaB1zeXgMG4J7w3zqOPw&jf=3c3b322c7b616e57786c643f7c6e705565707157736d4e766062326072627a452e79616c576e6b7e6d353b3f39373132303d343d2c716164557479726d37756d683067636c79692e7b636e55636d73353932353b3b3a33393a343837386138343c32616d396e3232383b383e3832386b303e3e30696733663839323b3a3538333e323032383e353d3a683a396e3f3d3c39326b3d386e6b303e3564326b3a663238326963696562306b3c3531326b3662693e3b693c696c6f3169323c3e376231693d606c6e3531643c3034633c3b666c6c3963366a3b3d6c313c393c69313a3c3a3438643f3e663e3f3538333c3539666d6f363039693239696c3f316d6e3f6b31696b6a6f662671616e5d79636535333a3436323a3833383a6f3a383968316b313e3b6b3139683b6b3b65373e393a3d3a363f303e3964606938676c6b3934376a3b6e6d31383d683d3169393a3064676b3a643b6b3b3f613e303230393a3269336b63376b3939393d333f6f3a6a3b30393432663d3f363e3e61306239643335393c303c3c6b63356a6f3e383f3b6f32383d3f3e383437373a6c603332323e2679696670353a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive, Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=98
Date
Wed, 25 Dec 2024 06:39:27 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/png;charset=UTF-8
Server
Apache
HhOC8wKQjNCHwqvw
imgs.signifyd.com/ Frame 40BD 		0
398 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/HhOC8wKQjNCHwqvw?2f575f923f14cb5d=MPwJGHk9uXYcvVc8Ehx8iEy8q56NnNmgBOhlkZe9M-MmJUhy0nj3Ma6Fbg3hHSI45QQuQI6IvIN97CsBqKwK6HQ1-5nqS526hsHF4V9tByHAi6Yi51FDuQftKOBxTwnb1Z_sm9uJqSz_VSEc5YyiKhJDe6U&jac=1&je=3e393c2c2e7f636137333730263b35243a2c3d2c3b302e33263b3b26383e37267f6f6135393c3d2439393e263832392c393a312c7d6b3e3d6c646264323b663b3d3060626d3a3238323b3d303b323a326c37267265376c652c60697479743d273f48273a386667766d662d3a3a2f394b39263a382f3043273a38717e6b767d732f3232273b4b273a38696a617a6d61666f2f38382d3f4e2e6b77646a3569633d683b6d366f3638336b69636b3c6c30613f6939313a33393c3b3c3c6a3f6133333f3334683e6630646e343834383a31306c6f366638396e6b6c323e3f312e6f70393f63333b69366f3a373165323164323f3d643b6c6e60306c32303f6933323e3c69326a6f6133613b68246f723635633d3837363a383a696b6c3b323f3e38693b686c3f6d38336a6f6436356e69322c7f63603d2f3742273a38637a69626b746d697c7d7a6f2f383a2d39492f3032273a38273849273a326869746c6d79712d38382733492f3a3a2d38382f3a4b2f3a38607263666e712f38302d334b2535402d3f462d384927323a6c7d64645c6f787b616566466b73762d38302f39432d35482535462d38412d38386f6f6a63646d2d38382f3b496c69667165273a492738386f67646f6c25303a2f31492f3830253a382d3a4b2f383878646b7c6c6d726f2d38302f39432d32382532302d38412d3838726c697e6e677a675c6f7a7b6367642732302d39432f38302d32382532412d38307f657d34342d383a2d3b4b6c6b647b6f2d3d46267769663f2f3d402d3238627263666e712d38382733492f3d4a2d3f4e2f3a4b2f3a386f6f606166672f38302d334b66616e7b6f273a492f30327866697c6e6578672d3a382d394325303a2f30382f354c267968643f677a6766
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/IMgq4MsY2W1EY7a5?49c2fc47459820ea=o40MXJIS3FiXEtFL52K2DzBvohOrGeT6mREfI2gM_HZ8PtM18SL6XBZcoJ0qRvAvWQp704_VyGXFVVl0-c9AJ5_WQcPlZy8Aq_a2HZHZjq_P5ieWXE-fG2-Vb3BUxNd7XMToAXJzAfU8Pz9GsgGdet2mh0a62QkkFEFkSdeXmmbEIx1fOZ1YC95nFI-P8r9tgGmUsxFBYLv0VkOx&jb=3d3d2c2c627b657d374e696c7d722460796d35416464726d616e273a3a3b322662796a7d3549627867656f2e6071623f4b62706567672d323a31323a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
0
Keep-Alive
timeout=2, max=98
Date
Wed, 25 Dec 2024 06:39:27 GMT
X-XSS-Protection
1; mode=block
Content-Type
text/javascript
Server
Apache
id_sync
events.bouncex.net/track.gif/ 		42 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2qhJF6z6qKN5G4BrF0V3gJ5lnpo&source=web&agent=cjs&deviceid=8910707903447307748&visitid=1735108766522489&websiteid=4142&pageviewid=1&sequenceid=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Wed, 25 Dec 2024 06:39:27 GMT
content-type
image/gif
unip
trc-events.taboola.com/1691051/log/3/ 		0
524 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc-events.taboola.com/1691051/log/3/unip?en=pre_d_eng_tb&tos=5177&scd=0&ssd=1&est=1735108762503&ver=36&isls=true&src=i&invt=3000&msa=6448&rv=1&tim=1735108767680&vi=1735108762495&ri=664baee880a146bb85d37c42f0016dd3&sd=v2_f068286cd8177c41071c00ceac495c20_03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a_1735108762_1735108762_CNawjgYQq5tnGP-2quS_MiABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABo9LvJ5PG7o8RccAGAAQA&ui=03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a&ref=null&cv=20241218-12-RELEASE&item-url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&cbp=OneTrust&cbpv=1&cbcd=%2C1%2C2%2C3%2C4%2C5%2C&it=JS_PIXEL
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS Taboola.com ltd, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Attribution-Reporting-Eligible
trigger
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
date
Wed, 25 Dec 2024 06:39:27 GMT
pragma
no-cache
server
nginx
access-control-allow-credentials
true
unip
trc-events.taboola.com/1691051/log/3/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://trc-events.taboola.com/1691051/log/3/unip?en=pre_d_eng_tb&tos=5177&scd=0&ssd=1&est=1735108762503&ver=36&isls=true&src=i&invt=3000&msa=6448&rv=1&tim=1735108767680&vi=1735108762495&ri=664baee880a146bb85d37c42f0016dd3&sd=v2_f068286cd8177c41071c00ceac495c20_03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a_1735108762_1735108762_CNawjgYQq5tnGP-2quS_MiABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABo9LvJ5PG7o8RccAGAAQA&ui=03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a&ref=null&cv=20241218-12-RELEASE&item-url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&cbp=OneTrust&cbpv=1&cbcd=%2C1%2C2%2C3%2C4%2C5%2C&it=JS_PIXEL
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS Taboola.com ltd, IL),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-origin
https://www.elfcosmetics.com
allow
GET, HEAD, POST, TRACE, OPTIONS
content-length
0
date
Wed, 25 Dec 2024 06:39:27 GMT
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
server
nginx
collect
sgtm.elfcosmetics.com/g/ 		439 B
458 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4cc1v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=2088589287.1735108762&ecid=1720609689&ul=en-ca&sr=1600x1200&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=MA&sst.rnd=782537416.1735108761&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=4&sid=1735108762&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&tfd=11765&richsstsse
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
a01f55d86200409b1cb965ccea692ad963c67742591d0a94f4ff8fe56ae241a2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
x-accel-buffering
no
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:39:29 GMT
content-type
text/plain
server
Google Frontend
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&tid=G-5D80LRC85N&cid=MIlvyp7mRkt3JCuCPgN7ZqE8Vc81KKdVVDqUSk7RZJY%3D.1735108762&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&tag_exp=101925629~102067555~102067808~102081485~102198178&aip=1&z=515583750
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.192.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 25 Dec 2024 06:39:29 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/
Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/
Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/
Domain
www.elfcosmetics.com
URL
blob:https://www.elfcosmetics.com/5a533f97-ebb8-4886-ba83-e5e0381f5511

Verdicts & Comments Add Verdict or Comment

260 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| $jscomp function| _loadCookieConfig function| _domready function| _delayed function| _findTags function| _srcAttr function| _needsEval function| _loadFromDOM function| _clearEvents function| _lastChainedResource function| _isImageLike boolean| domCompleteTriggered function| _abTest function| _getCookieVariant function| _setCookieVariant function| _configureAbTestAnalytics function| _executeAllAbTest function| _executeAllAbTestUniversal function| _executeAllAbTestClassic function| _executeAbTest function| _abTestScript function| _chooseVariant function| _abTestAnalyticsUniversal function| _abTestAnalyticsClassic object| _serviceWorkerConfig object| Yo string| yo_host function| $ function| jQuery object| Vimeo boolean| VimeoPlayerResizeEmbeds_ boolean| VimeoSeoMetadataAppended boolean| VimeoCheckedUrlTimeParam object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| ytCCPlayer object| ytBTSPlayer function| closeVimeoVideo function| onYouTubePlayerAPIReady function| onCCPlayerReady function| onBTSPlayerReady object| content object| __LOADABLE_LOADED_CHUNKS__ object| regeneratorRuntime function| _ function| applyFocusVisiblePolyfill object| __CONFIG__ string| __DEVICE_TYPE__ object| __PRELOADED_STATE__ object| Progressive object| DataLayer object| dataLayer function| getDataLayerEvent object| DY object| viewedProductIdsForPage boolean| BRAZE_SETUP_COMPLETE boolean| otIsInitialized boolean| otBlockOptOutInitReload function| OptanonWrapper object| DYcustom string| personalizationHash string| AppsFlyerSdkObject function| AF object| DYO object| contextManager object| DYJSON object| DYExps object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| OtTrustedType string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| DYWork function| $dy function| getProductNamesEval function| getProductSkusEval object| DYCS function| runEvaluator object| _uxa object| Optanon object| OneTrust function| create_UUID function| createCookie number| gtmPageLoadId function| pintrk function| fbq function| _fbq object| _fbq_gtm_ids function| rdt object| __tfa_pixel_init object| _tfa string| TiktokAnalyticsObject object| ttq object| JebbitObject function| jebbit number| j boolean| otLastAcceptAllValue object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| gaGlobal function| ___rmuid object| ___RMCMPW object| __post_robot_11_0_0___uid_numhnacfzmymuvpacsidplhppphjzs object| paypal object| __zoid_10_3_3___uid_numhnacfzmymuvpacsidplhppphjzs object| AF_cleanupMethods string| unafd function| enableUsableNetAssistive function| disableUsableNetAssistive function| createUsableNetAssistiveToggle boolean| usableNetAssistiveLoaded function| redditNormalizeEmail function| _typeof object| TFASC object| TRC object| _taboola number| taboola_view_id object| TRCImpl function| __trcError object| EVENT_PROPERTIES_TO_URL_PARAMS_MAP number| INVALID_ACCOUNT_ID object| CONFIGS object| VALIDATION_ERRORS object| EVENTS object| TUP_EVENT_HANDLERS_BY_EVENT_NAME object| TRK_EVENT_TO_ERROR_TYPE_MAP boolean| PUBLISHER_ID_EXISTS string| CALLBACK_PARAMETER_NAME string| LAST_EXTERNAL_REFERRER_URL_PARAM object| _tecq function| cnxtag function| UET function| UET_init function| UET_push object| og object| litHtmlVersions function| JSCompiler_renameProperty object| litElementVersions boolean| OG_OFFERS_TEST_MODE_ENABLE object| OG object| bouncex object| _inside boolean| _insideLoaded function| _insideJQ function| _insideViewUpdate object| a object| m object| AF_SDK object| paypalDDL object| ueto_26a38ba26c object| uetq object| CS_CONF object| CS_INTEGRATIONS_CONF function| csSetTimeout function| csQueueMicrotask function| csClearTimeout function| csSetInterval function| csClearInterval function| csSymbol object| CSPureWindow function| csDate object| csJSON function| csArray function| csString function| csURL function| csMutationObserver object| csScreen function| csRegExp object| csquerySelector object| csquerySelectorAll function| csNodechildNodes function| csNodeparentNode function| csNodenextSibling function| csNodefirstChild function| csElementshadowRoot function| csElementmatches function| csElementwebkitMatchesSelector function| csHTMLImageElementsrc function| csEventtarget function| csNavigatorsendBeacon object| CSPathComputation object| CSCurrentScript object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| insideFrontInterface object| _insideGraph string| _insideProtocol string| _insideCluster string| _insideGraphUrl string| _insideSocialUrl string| _insideCDN string| _insideCDN2 string| _insideScriptVersion boolean| _insideLive boolean| _insideIsLive object| UXAnalytics object| recaptcha object| closure_lm_263820 object| tagConfig object| heapReadyCb object| heap object| cnxDataLayer function| __trcWarn function| _createForOfIteratorHelper function| _unsupportedIterableToArray function| _arrayLikeToArray object| webpackChunksmart_tag function| _0x11c5 function| _0x1273 function| IntentIqObject object| iiq_object_array object| bxgraph function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie object| insideAPI object| insideStreamingCheck object| insideCreditCard string| imageurl string| offerurl object| fbQueue function| fbAsyncInit function| processFbQueue function| a0_0x3eec function| a0_0x20c7 object| sigScriptLoader object| SIG_SCRIPT_DEBUG object| threatmetrix function| close_bouncex_ad function| tmx_run_page_fingerprinting boolean| tmx_profiling_started function| tmx_post_session_params_fixed string| td_1D object| cti110221 boolean| usingChatPanev2

101 Cookies

Domain/Path Name / Value
.taboola.com/elfcosmetics-sccnx/ Name: taboola_session_id
Value: v2_f068286cd8177c41071c00ceac495c20_03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a_1735108762_1735108762_CNawjgYQq5tnGP-2quS_MiABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABo9LvJ5PG7o8RccAGAAQA
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09AJNbFnd806ke-_qNEvgi85x1SjoTmYJ06_kS0vgV5vjuwUXEYK_UdU7vy50SBThgqIcu_iEhBk8jUvM8uaKfGVA
.youtube.com/ Name: YSC
Value: nxL7IbIbbws
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: mA7JpWE7L5s
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJDQRIEGgAgHg%3D%3D
.vimeo.com/ Name: _cfuvid
Value: lYp.0oc19TDHQVEuCFsOZaljtEnzqiYUXcLAc3Ni4BA-1735108759098-0.0.1.1-604800000
.vimeo.com/ Name: vuid
Value: pl266383449.630752661
.vimeo.com/ Name: __cf_bm
Value: jAPvqWZLpLv9SV7fts2TvcxgNx5YUB1vbEN3FFjKOvE-1735108759-1.0.1.1-Zqt6_j5X9evFrCqzed0HWx3x3vGDj7jcsDqbodpY5YBbUHP7ozRzCh8psaNNEFZp
www.elfcosmetics.com/ Name: initAuthComplete
Value: true
.elfcosmetics.com/ Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: g%3A973ac51b-aaef-800f-fb7a-6b8dc83c2533%7Ce%3A1735110560181%7Cc%3A1735108760181%7Cl%3A1735108760181
.elfcosmetics.com/ Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: g%3A1cf9ce5f-1542-4583-b248-5b77a64c294e%7Ce%3Aundefined%7Cc%3A1735108760183%7Cl%3A1735108760183
.elfcosmetics.com/ Name: _dyjsession
Value: 8omxpuvrp7tuu0f9rfwkbhx3u94o0p1a
.elfcosmetics.com/ Name: dy_fs_page
Value: www.elfcosmetics.com%2Felf-cosmetic-criminals
.elfcosmetics.com/ Name: _dy_csc_ses
Value: 8omxpuvrp7tuu0f9rfwkbhx3u94o0p1a
.elfcosmetics.com/ Name: _gcl_au
Value: 1.1.538264627.1735108761
.dynamicyield.com/ Name: DYID
Value: -3490289456073955175
.elfcosmetics.com/ Name: _dycnst
Value: dg
.elfcosmetics.com/ Name: _dyid
Value: -3490289456073955175
.elfcosmetics.com/ Name: _dycst
Value: d.an.c.ws.fst.
.elfcosmetics.com/ Name: _dy_geo
Value: CA.NA.CA_.CA__
.elfcosmetics.com/ Name: _dy_df_geo
Value: Canada..
.elfcosmetics.com/ Name: _dy_toffset
Value: 0
.elfcosmetics.com/ Name: _dy_soct
Value: 1735108761!1652212.0'1654610.0'1750272.0'2589855.0!8omxpuvrp7tuu0f9rfwkbhx3u94o0p1a~1248068.0
www.elfcosmetics.com/ Name: FPC
Value: 761ea7b8-57b2-4f57-800d-548f1ad16918
.elfcosmetics.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Tue+Dec+24+2024+22%3A39%3A21+GMT-0800+(Pacific+Standard+Time)&version=202406.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=31236ad5-61eb-490e-b513-31bd7ea9eadd&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1%2C5%3A1
www.elfcosmetics.com/ Name: dwsid
Value: vTVQwUbPLlqyHemdev-BBkeHoYSgbEVmdKl2CbY_JQhqQY-LgSSFCidptKY1NR6qJCSbmmNWJEkyUWykIOwJHQ==
www.elfcosmetics.com/ Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92
Value: abkXtKkXEYxrsRmbhJkWYYkXAZ
.adsrvr.org/ Name: TDID
Value: 72c8fcec-78ea-47a7-be8f-717b5f36ab37
.adnxs.com/ Name: XANDR_PANID
Value: j2lbl6W_XOcoKMz52966s9-XJ0L6IO19PHdSKdG3OgoFv_5aK6m28McdCx2WokWyG8lW2FkT2ujB-Bq7Tf6icXlhNOgdxjIaf3wO1TdJ_5A.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 3617860799656001286
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2GU!iK<d)!]tbP6j2F-XstGt!@Dkf$t6PD
.elfcosmetics.com/ Name: _ga
Value: GA1.1.2088589287.1735108762
.rubiconproject.com/ Name: audit_p
Value: 1|ScpyEdD1oXSUheScsn6nBKUSkHi/oPJhoYesyBiMids3Sds8s51Nz5ENfCYbXdtgSjD+kLEGA+OM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLsqb7WMfGqDK+QJzwjf6bUogYnPnkRj/bnBrf8LPePqx3bM5tRoZ+AIJ2BxkTD4SS1bOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.rubiconproject.com/ Name: khaos
Value: M53IYH8Q-W-M81P
.rubiconproject.com/ Name: khaos_p
Value: M53IYH8Q-W-M81P
.rubiconproject.com/ Name: audit
Value: 1|ScpyEdD1oXSUheScsn6nBKUSkHi/oPJhoYesyBiMids3Sds8s51Nz5ENfCYbXdtgSjD+kLEGA+OM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLsqb7WMfGqDK+QJzwjf6bUogYnPnkRj/bnBrf8LPePqx3bM5tRoZ+AIJ2BxkTD4SS1bOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.pointmediatracker.com/ Name: c
Value: 0819a5a9-cef9-49d7-8e37-dd01c76855fd
.elfcosmetics.com/ Name: rmStore
Value: dmid:9097
.tiktok.com/ Name: _ttp
Value: 2qhJEX0WNd4QE1IViRAhkf2iRQv
.doubleclick.net/ Name: ar_debug
Value: 1
.elfcosmetics.com/ Name: FPID
Value: FPID2.2.MIlvyp7mRkt3JCuCPgN7ZqE8Vc81KKdVVDqUSk7RZJY%3D.1735108762
.elfcosmetics.com/ Name: FPAU
Value: 1.1.538264627.1735108761
.elfcosmetics.com/ Name: FPGSID
Value: 1.1735108762.1735108762.G-5D80LRC85N.K6iuE6KJt0ZCjfgKWSNXog
.elfcosmetics.com/ Name: _rdt_uuid
Value: 1735108762491.60b0d3ef-94c2-4770-9f6d-0ea96604c0b4
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUnZsXiP01NAL70iyq2IgSA1295BA05Aad61p81gKQ1YYucn10egf1QABT71Wio
.adsrvr.org/ Name: TDCPM
Value: CAESFgoHcnViaWNvbhILCNL-y9-crtI9EAUSFQoGZ29vZ2xlEgsIlI2W5Zyu0j0QBRIXCghhcHBuZXh1cxILCMTmquacrtI9EAUSFQoGY2FzYWxlEgsI5JCr5pyu0j0QBRgFIAMoATILCKDazoyzrtI9EAVCDyINCAESCQoFdGllcjIQAVoHM2Z0Zm5oM2ABcgZjYXNhbGU.
.taboola.com/ Name: t_gid
Value: 03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a
.taboola.com/ Name: t_pt_gid
Value: 03c949eb-02fe-46d4-b2d9-f1cba186f48e-tucte652e1a
.casalemedia.com/ Name: CMID
Value: Z2uomtHM6YcAACO7AjJpwwAA
.casalemedia.com/ Name: CMPS
Value: 3563
.casalemedia.com/ Name: CMPRO
Value: 3563
.undertone.com/ Name: UTID
Value: f4d687a7ce31446d9bc628451eb47cbd
.undertone.com/ Name: UTID_ENC
Value: ehtiuaj9t2po9zekeoyzdkqm5
.elfcosmetics.com/ Name: FPLC
Value: 9PRVHKXR2k7K0uTlp6H1bgdK6Mt31a7L6UrEw6TGQZ23%2FLyLS5vWxAId9Ci%2BTAXRNAH9U8h%2BeB4BzeEn4l5VyGvyXZxxf4e4BkZv862wpqmWEhQ3SmL9MLzNgsIL6w%3D%3D
.elfcosmetics.com/ Name: _scid
Value: 00c80260-0951-4462-1698-f7360731dc8d
.elfcosmetics.com/ Name: _fbp
Value: fb.1.1735108763083.1416958214091412
.linksynergy.com/ Name: rmuid
Value: f2e1bfcf-c526-400b-ae5c-19e7426d7810
.elfcosmetics.com/ Name: _tt_enable_cookie
Value: 1
.elfcosmetics.com/ Name: _ttp
Value: 0EVWK0xFcAvkGfnvA9UA32ct-mt.tt.1
.elfcosmetics.com/ Name: _uetsid
Value: faa833c0c28a11ef970889aa59c4c8ed
.elfcosmetics.com/ Name: _uetvid
Value: faa84ce0c28a11ef935dfd9c1dca10c3
.pinterest.com/ Name: ar_debug
Value: 1
.elfcosmetics.com/ Name: _pin_unauth
Value: dWlkPVpUQmlOVGd3WlRVdFkyUXpOUzAwTm1aaExXRmlZVEl0WWpNME1ERm1ZamhqTkRNMA
.bing.com/ Name: MUID
Value: 1A0AE1B4F71B602506CCF4D4F62061C1
.bat.bing.com/ Name: MR
Value: 0
.elfcosmetics.com/ Name: _cs_c
Value: 0
.ct.pinterest.com/ Name: _pinterest_ct_ua
Value: "TWc9PSZYcmUyY1NNSDlGTUJPQXBQd3cxZWt1RHkxSGhyN3Jscm13YzhuWVFrMG8yVGZZM1ZGK0lTbWRlclU5MHROQVFhUUZUemZlb1Fhd00wam51R01JT1p2UUhtWG9ONUdtQ2IvbkRKR2grdTdxZz0mY0s1dzJpS3dGMUkvR3hMdWhYa0lKQlE5Z2FFPQ=="
www.elfcosmetics.com/ Name: esw.currency
Value: USD
www.elfcosmetics.com/ Name: sid
Value: 3vQpIIiMK9LUtE6Wf9i7yCRG2GVuL0DuEgA
www.elfcosmetics.com/ Name: _dyid_server
Value: -3490289456073955175
www.elfcosmetics.com/ Name: esw.InternationalUser
Value: ""
www.elfcosmetics.com/ Name: esw.location
Value: US
www.elfcosmetics.com/ Name: currentLocale
Value: en_US
www.elfcosmetics.com/ Name: esw.sessionid
Value: abkXtKkXEYxrsRmbhJkWYYkXAZ
www.elfcosmetics.com/ Name: esw.LanguageIsoCode
Value: en_US
www.elfcosmetics.com/ Name: __cq_dnt
Value: 1
www.elfcosmetics.com/ Name: dw_dnt
Value: 1
.elfcosmetics.com/ Name: _ga_5D80LRC85N
Value: GS1.1.1735108762.1.1.1735108764.0.0.1720609689
.elfcosmetics.com/ Name: _ga_ZLYXLXNDL8
Value: GS1.1.1735108762.1.0.1735108764.58.0.0
.elfcosmetics.com/ Name: inside-eu8
Value: 26297372-7665adc7f1d978e62c6467f74e002e142b6c3fc3177e53a4b952f8ce8eba0b7e-0-0
www.elfcosmetics.com/ Name: _iiq_fdata
Value: %7B%22pcid%22%3A%22e73872ec-2524-e2c5-8fb3-2b819405a1f0%22%2C%22pcidDate%22%3A1735108764687%7D
.intentiq.com/ Name: intentIQ
Value: Z5q6J2qBTs
.intentiq.com/ Name: IQver
Value: 1.9
.elfcosmetics.com/ Name: _hp5_meta.1042782804
Value: %7B%22setPath%22%3A%7B%7D%2C%22userId%22%3A%223346808480444271%22%2C%22sessionId%22%3A%228442428928401421%22%2C%22lastEventTime%22%3A1735108765426%2C%22sessionProperties%22%3A%7B%22time%22%3A1735108765426%2C%22referrer%22%3A%22%22%2C%22id%22%3A%228442428928401421%22%2C%22search_keyword%22%3A%22%22%2C%22utm%22%3A%7B%22source%22%3A%22%22%2C%22medium%22%3A%22%22%2C%22term%22%3A%22%22%2C%22content%22%3A%22%22%2C%22campaign%22%3A%22%22%7D%2C%22initial_pageview_info%22%3A%7B%22time%22%3A1735108765426%2C%22id%22%3A%22971012321209719%22%2C%22title%22%3A%22Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics%22%2C%22url%22%3A%7B%22domain%22%3A%22www.elfcosmetics.com%22%2C%22path%22%3A%22%2Felf-cosmetic-criminals%22%2C%22query%22%3A%22%22%2C%22hash%22%3A%22%22%7D%2C%22source_properties%22%3A%7B%22screen_height%22%3A1200%2C%22screen_width%22%3A1600%7D%2C%22properties%22%3A%7B%22Page%20Type%22%3A%22content%22%7D%7D%7D%7D
.elfcosmetics.com/ Name: _cs_id
Value: 52d2bea2-31c8-a046-d49b-ed311d863937.1735108765.1.1735108765.1735108765.1558384338.1769272765435.1
.intentiq.com/ Name: ASDT
Value: 0
.intentiq.com/ Name: CSDT
Value: UEQ6MTAyNTNfMCZVWHdwWVAx
.intentiq.com/ Name: intentIQCDate
Value: 1735108765439
.intentiq.com/ Name: IQPData
Value: 2809319783#1735108765437#0#1735108765437
.elfcosmetics.com/ Name: _hp5_event_props.1042782804
Value: %7B%22Contentsquare%20Replay%22%3A%22https%3A%2F%2Fapp.contentsquare.com%2Fquick-playback%2Findex.html%3Fpid%3D1926%26uu%3D52d2bea2-31c8-a046-d49b-ed311d863937%26sn%3D1%26pvid%3D1%26recordingType%3Dcs%26vd%3Dhe%22%7D
.elfcosmetics.com/ Name: _cs_s
Value: 1.5.0.9.1735110566353
.cdnwidget.com/ Name: __3idcontext
Value: {"cookieID":"2qhJF7EFgyJluWmcP1nxwI8OHJG","deviceID":"2qhJF6z6qKN5G4BrF0V3gJ5lnpo","iv":"","v":""}
.elfcosmetics.com/ Name: __idcontext
Value: eyJjb29raWVJRCI6IjJxaEpGN0VGZ3lKbHVXbWNQMW54d0k4T0hKRyIsImRldmljZUlEIjoiMnFoSkY2ejZxS041RzRCckYwVjNnSjVsbnBvIiwiaXYiOiIiLCJ2IjoiIn0%3D
.bounceexchange.com/ Name: bounceClientVisit4142c
Value: %7B%22vid%22%3A1735108766522489%2C%22did%22%3A%228910707903447307748%22%7D
imgs.signifyd.com/ Name: thx_guid
Value: 4cdbddd9596e7a26157ac5e5d74fdaab
imgs.signifyd.com/ Name: tmx_guid
Value: AAxXtLNx8hk2Ft-9lx8XsLSNPc6gmL0Is6aQB03Zsh8fQ2HWsbX52c4XPXi_5EgEXn9_t2QM3rAhVEG4giITfmwrLDhQHw
.rlcdn.com/ Name: rlas3
Value: XvIHhv97EH/Avqi0ohwCEbwnPvSgcvs+rxt4UCjoFpY=
.rlcdn.com/ Name: pxrc
Value: CJ/RrrsGEgUI6AcQABIGCOTrARAA
.linksynergy.com/ Name: icts
Value: 2024-12-25T06:39:27Z

6 Console Messages

Source Level URL
Text
security error URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 430)
Message:
Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/ from frame with URL https://www.elfcosmetics.com/elf-cosmetic-criminals. Domains, protocols and ports must match.
security error URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 430)
Message:
Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/ from frame with URL https://www.elfcosmetics.com/elf-cosmetic-criminals. Domains, protocols and ports must match.
security error URL: https://www.elfcosmetics.com/elf-cosmetic-criminals(Line 430)
Message:
Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/ from frame with URL https://www.elfcosmetics.com/elf-cosmetic-criminals. Domains, protocols and ports must match.
rendering warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0407106A43C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0F00606A43C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://www.elfcosmetics.com/elf-cosmetic-criminals
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A060A805A43C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
a42cdn.usablenet.com
ad.doubleclick.net
alb.reddit.com
analytics.google.com
analytics.tiktok.com
api.bounceexchange.com
api.ipify.org
assets.bounceexchange.com
async-px.dynamicyield.com
banner.appsflyer.com
bat.bing.com
c.contentsquare.net
c.us.heap-api.com
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.blisspointmedia.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
cdn.taboola.com
cdn.us.heap-api.com
cdn8.eu.inside.chat
cds.taboola.com
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
ct.pinterest.com
data.cdnbasket.net
dsum-sec.casalemedia.com
elfcosmetics.a.bigcontent.io
events.bouncex.net
external-api.jebbit.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
h64.online-metrix.net
ib.adnxs.com
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
js.cnnx.link
js.jebbit.com
match.adsrvr.org
page.cdnbasket.net
pd.cdnwidget.com
pips.taboola.com
pixel-config.reddit.com
pixel.pointmediatracker.com
pixel.rubiconproject.com
player.vimeo.com
psb.taboola.com
qoe-1.yottaa.net
rcom.dynamicyield.com
s.pinimg.com
sdk.iad-05.braze.com
secure.adnxs.com
sgtm.elfcosmetics.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.ordergroove.com
stats.g.doubleclick.net
sync.intentiq.com
syncv4.intentiq.com
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tags.rd.linksynergy.com
trc-events.taboola.com
trc.taboola.com
use.fontawesome.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aa36h3wt3vvakc6zoy7kfwjwmfka6ngrkod8fb95c47a7079e5sac.d.aa.online-metrix.net
websdk.appsflyer.com
www.cosmeticcriminals.com
www.elfcosmetics.com
www.facebook.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.paypal.com
www.redditstatic.com
www.youtube.com
www8.eu.inside.chat
cdn-fsly.yottaa.net
www.elfcosmetics.com
104.18.27.193
104.18.38.107
104.18.8.17
104.18.9.17
104.26.13.205
108.138.64.38
141.226.224.32
141.226.224.48
142.251.174.157
15.197.236.154
151.101.1.21
151.101.1.44
151.101.129.140
151.101.129.21
151.101.3.1
151.101.66.133
157.240.229.35
162.159.138.60
165.254.198.210
172.217.222.157
172.253.115.103
172.253.115.104
172.64.145.183
173.194.205.102
173.194.207.149
173.194.66.156
18.160.10.125
18.160.18.74
18.165.83.57
192.225.157.157
192.225.158.1
192.225.158.3
204.2.50.125
209.85.201.148
209.85.201.149
23.212.248.141
23.220.128.196
23.47.22.7
2600:1408:c400:22::17d4:fb0b
2600:1408:c400:387::1931
2600:1901:0:56e0::
2600:9000:2305:5400:1c:df99:ffc0:93a1
2600:9000:2479:4400:11:85b0:d600:93a1
2600:9000:26c1:8000:1b:6b7d:2300:93a1
2600:9000:27c2:5c00:15:ad21:c740:93a1
2600:9000:27c2:b000:a:7914:b00:93a1
2600:9000:28a9:a000:a:b89d:a6c0:93a1
2606:4700:3037::ac43:8ef5
2606:4700:4400::6812:252f
2606:4700:4400::ac40:9b23
2606:4700:4400::ac40:9b77
2606:4700::6812:572a
2607:f8b0:4004:c06::9b
2607:f8b0:400d:c00::5b
2607:f8b0:400d:c01::5d
2607:f8b0:400d:c02::64
2607:f8b0:400d:c09::61
2607:f8b0:400d:c1d::5e
2620:1ec:33::10
2a04:4e42::396
2a04:4e42::649
3.162.103.75
3.167.88.57
3.213.38.112
31.13.66.19
34.102.147.248
34.111.8.32
34.120.126.172
34.120.253.250
34.149.130.207
34.149.157.115
34.248.124.161
34.49.124.132
34.98.67.3
34.98.72.95
35.201.112.105
35.244.154.8
35.71.131.137
44.217.190.26
50.16.172.121
52.85.132.4
54.90.6.32
68.67.161.208
69.173.146.5
74.125.192.94
99.84.188.31
027a54200aa2f21b6ad993545923c2d5b75d2a449766aed488362f5d7d044f1f
03ffba13e365b1a03178951a763247122b615616241a7284a71e43b0a0a0b9a9
06ef01e99787e891b4398e590bddf47a6d4292c69489f46bdfd2a3fb838ffed2
097ece141436f930315dd1ef80c15e89a1a1bc2eaaf634e96d4d53c1b0d07cfc
0ba6b163f965f258c24888cf11c6dfe0d044de0800284da2e78a3faf7bd12925
0c34a0cc5c5e472589a32746a26ff106919c30e1978fdac19e19889fdb4f5a07
0d03ec58d6b4c5ed6237510999b594e790db5a60836c2d3ba8e4c025199ef051
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35
1137ccc708634238c9c949f62c4e2f29112fd4a103e60be2bad26a4c7ff2fdb1
12b5eaccd8a9d81a6a12512566d2b72aa7c100b4a261a08ee6aae4679a9e36b4
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a
145b6536261490a3596321cd3c1018019dfa2bf0b2ea1cf93102d62c6bcdfaaa
14939503c8a97bef459ce94218f0e65933ab569f7b1d726bcb0b3c1031ebccf9
183ae143a7f66c133f3948bdf61a0a9f97eb326be7de5947c1f19b93f3b9db24
19bba2072525e746a5bf5bfc23d985f91eacfd203af7ed0aa224497768d28bb0
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
1daeb8f2b20e643498e588a0f3bc753699fe28c787205ece9b0fc5cd5a7b06be
223a298a1a02096375ccf01e37a4091566d8aca165bb8e0fb089bb257789891d
226049a96ceaa190e0dd45980c8fba9367127b7c2b19b635ee30bb7f4fa17e52
235082e9c3ffbe90f1e2586931b7402ac5949e20833ea4661a2974e78e369a22
24751cbae618f6fbeb532498fd1ceeda5350f30085086cd5426961a2695e3d9f
25e01968137675b5d89773ef5575463c864d91805d5457031d80be7e8f17bd7d
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
2a04538c3f22839b940e0c46dca865629677da2901b79d30576fcd1fc1774710
2adcf9fd70c1c834f4b13d732b66f4900cec9a6bbdc587b85dbc68cdd9a34be4
317dbf63b324173465b73d3a60f73635e80ce3ed8d476a0bd01bbb14cdeaa66e
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
340fc27e07826bb12765c9437682c9daca2d8ba79a4c7edec4a5235aab19bb1b
359722b660d0b4a5afb34561728a3918b96bdccf3a3cddc4291ee4cd15f65c3f
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
3b0f317806d1ce70f504afd76f39bd17a3467778641af122dc06e95e73a03613
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d
3f007217f4ab512c055cc4948a09770bb524c1479007851fe53b4fa737948e2d
3f7b77746f0147deccbe5d0cfc5f51cd7770707706940120a1bdd4af00feaac1
410435b46620aaadc41bb3931524f941316bfe78b96906325b7f6a2268d38953
41bac5cd3920317207f2f775493f67391d90560758f7dab29836c0209898bf6b
427134e1561e3e038ec2e1ee282f64ff356eaef3ce76a89ae984266ee0965df1
46811578437caf8eac61ac10112c43b46ede17063b29ac96b866c7027b6fd1d2
47407e3845cb067265a07cb279ccc7a38b927b0c2dc034b627f089115ac0d306
4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43
495b6c4a195f2e48f175b6e86696578e7716c3053ef82277f81290025eb7d5b1
498a41eab15456686643b139ae2c289c961bb02da852aaad698540831d0e9bb5
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4ab23e2ad243d6d78cfb7a0e0c190047e6608a331ccfef82dd8f0494cfeefc7f
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4c225989448788e7394a256c85ac33a9b701e5a69cb7d0a9a0b2ec158b4382e1
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50d93a2c186cbd1032ed973e133713a6dfbbd5f7fba4fb89069350f228ce4d81
546e554a3c51ce180d022de9ff5506f14603b38d40ece9f2be43c88328358a52
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
569ea89aad6b084576812a77096086f813134af50eabd9697c456e156eb5de54
56aea4e78cf1538541603e3c8f14b15dfc9bfee27cadb946f8b3017ebe8abe3b
5888535e9046a3aef958775d8b2f7894a7814bbc1f0d2bd89a1359b52f430cee
5a80b10ec0c44ff82a283f3d78f81623e15d8381656a111ad9211878700f89c2
5a9f3a10a6b75a1ec7b594154788ac5b0e12e90d8e1a0b0712de34d388c12287
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350
5dc0d7bd68b30ae8330274f08b4f3424d474fa1f10bc1abfcceaa89901bb3c08
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
5fbf274307b0005c6c7e28165828d62def90546a6395cc49c4bf08aa9a7fd2a2
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
6128f856855a4c1f3a0ff77ee2a342fc948d930c71bb56a9d3654645f20af06c
657eda1b44ac53f15bfa8bbc9d70db4bf9549cd2d9facadf250b2ed9784a9e8d
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
69beb39687e8656561a843b13137c292498648b7f1ae665214eb292527cd436b
6a6240fc70c4193e3497375940a96cd2580f7c13229bd18efef3f71299951ae7
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
6ada904b348f3aec8423f2b8a1335f55aa68d2d8d636da40fb02a2ac7cd4b193
6c496fcbe60fec78dc1b86a9136644d9a97cae20df32be3e9a4a62ce7bd0e6a6
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6e7ad75958d726a30a23b8d0cdc8baf4f506dc3d6ef27abc761a27d2bb0a37a3
72d98271bd7fa245ce2bd969e67de44698203263143ff696b6bcbda8ae5b00cf
780b63ab12a6d6c8d02e06a3b73b29f1b2f7505c4bb754ce564b30aafca8746f
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7b78b9170d1e1da68dd52e57d79c9e906137b28f87eca1f17b2c350f73d1f3ba
7d18501cdddaa0f91603653eddba194fb539e232e6ec7d6568f28f862bebaf8c
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
7dfd49da85f27253b8292acfff370e2db77f1f8ce38e96bde8c84534140df097
7e3aeccbebe3566a7e5aff29419d5fbaf573a65ab02cbdcb6f01003970aa4086
7f96305f2b3644eb5433cde8741e1385420bff850a333a6522f18157d05e3c20
83ad7afbc0337725d1ebd2d6dc111178686ca59eac905d4f173d08e3e3c561f7
853b983923a033223e4f391790e6e86619b31d542b40e7e1e8221fb0d6957ab1
85ab852bfb2016bce3933a1c7107b1bce807179f46364db291ab1f86b89addbb
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
8df9e9875419d2c0d1bc8af23e63949a7e20b1ff5cd2f57c7958fc65a7be8b56
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
911894783ee4fd2bdbea04f4cf5c1ccfa3cab4be816e5ebed6c5d2c2cb6d38a3
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
9a52852e4f3a8c6b4617559bc00b2045665b7387c2acc83f9353167334073f47
a01f55d86200409b1cb965ccea692ad963c67742591d0a94f4ff8fe56ae241a2
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a8b68b46f44aac34f59d2926e8db6bdae4bc3b7fe3aad60948e97f428b087531
a92babe0280635e6b8a8cd8b631230f248bfa16bfb2ae7a7e04d404df5518ccb
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
aca990e4ea5c882dcfe05c1b6de93300cc4e0ed49fe61d511422b67c9953ec0d
afff8d1f631c224e6e81a720ed6dd71fe6f8aea5e8e548c2f2afa8055bc6697a
b02a020f88f0cd42fad80078f958d9a87a2f83cee756d5fb426a40bc9823da92
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22
b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6
b275b973b3ef66906426da75d690fb9471cf6c1b7f15b5603b62bfb8e228ba63
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b6256a23d20660dd818c16474cef2f1a10a0404702b8983335f26c4bfd926a7b
b95919664015f9b87c5a654335292349aef8397f178f7105887f8044114eee60
ba3710ffb62361879a717271253bcda8d3a4d1c61f22abc95e00181ca2fea228
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb378098ee9eb555df3b46abb37f65c770427b74147322c7707da6f623b28144
bce4b47b8fc12de49fac0a00e9039e38aa568aba0ee9154b93d20465f0289cfa
bf055e03c860dd88d9d4017203050548dc930d6b78749b07320c9b08f3625071
bf500a4c158d24ba238d521a5fa775e693d03c507fa3f882bffbbeaf9fedeb64
c2ac7532466beef2ea338502b864a697286dfb2a61cefb19fcebe0cccc40f068
c50a0366bab0d95bd0dfbbf67ed889b5fd383ee7464a77660088c32e4ef91c20
c78f8435e7b99d460a79994b0ff71a74985547ce2991a67559831f3ed143b0e0
c8e389d2665b0d2e2fb7ca53c4663e91c8bacadae16640c30cc66a2ec323b0d1
c9dc8b4206fa8a943926774e6d6b9da08c2ee10e23ea04ba2715769104859eee
c9f83027cf2e267d24b2cfe366bc6664841765f0aaf362faf0156bccdce42355
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
cdea9e433bc90d56d9039a6b9bec123356b22f2d182c5a66163c659c9967f5a0
d1b7436d57bbd56df91450d22a16d4fd6ddf96317161e3f452809f9aa72c1225
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda
d5267085b5489f178aae1444e1367dbca2debc7c061d5ddd803a16711a19c93b
d6c3044cac89443573246ae5f86c231cb7c2c02b278792b12bb9db64ae986ea9
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca
d7d6f2d3cc5c5e3b057e899b45fb372d18890b7b61e0df9ced47891f9bbf0061
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
db0da7efe3ac5fc9e598f71e291326f137ea7bbbf97fed4fee0e86b717b0d9a8
e063d4b3802acd955a51f772a6b39d6e5d155d315780a5669ae79dd6b6706f55
e11886f6895356e33dc8f22fb6b2316070cdfd01a62a62ebfa51ff3978e33b14
e21ebec0058943cb9d884199217cf1c1d4bbdbf5faee0e80835f74874d93262a
e35ebb7e01dda1bdb1fbb86be8bb4163c3b3a0b1353a0b90d573d1ebb913eddd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e7112b70eed95d42b178135728e6153e34f07001827870748de87cd7dec3538e
e79dea9b0707ff2fa615359bdb9683037505ddb2a00daae13de4ae1a80055adf
e7ef779f7d66c4f085939e2aeaefacae8fc01ef02b34ea79bf9c9512500da368
e8c96800d18c9bb2eeec360a8003e493e580a4ea7e9f0aa6338b6460ba797971
e92913c2b11fc1e9e7c4f84628362d1c9660e7f7e88904d124c9ebbbef9d4e48
e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029
ea7c1612005824699aa4574b764875370605733abc4d06f0650d309772423239
ecf6e5354373fa78e0539f812ecc35f949250f81c4146c419b6208a4166c0005
eef52bd0c8a7abdd22a88a94381a05bc58c34d48c1c4155ff816ba21c38cca28
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efbc8ec864a755ab2dc18e0e3e511ede759ca1ed89ab6a428a7f590a9b79fab8
f309b4b6297e8c886d8d6b1ff31decc2d09f6eecf7804e3325bf5a2d3a5eac55
f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6
f89ecfe895e92414e7dc009d8c1eb6c3a642307fa86f9c8ff2f498368ae73df6
fa150a81619027314181390628b303e5b930c2e67048ce26c02180fd0d5025fd
fb11430bad0503642a242e3c42be2690df96d11efc4f08e27b9b96f02480f8ee
fb298350052d73bf05c430b61a0464dfb1f16711dea168f38987df5a0990e267
fb322d9e801b20f445402380d99d144e674abdc4821c6b5d30936c0ecfe381ab
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921
fb4c235be8ee324fdecbbaa5ddcd4123c7afbcc3006c13aaf7bcdbdaeebbf434
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a