www.elfcosmetics.com Open in urlscan Pro
165.254.56.168 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cosmeticscriminal.ca/
Effective URL:
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Submission: On April 22 via api (April 22nd 2024, 9:10:17 am UTC) from US — Scanned from CA

Summary HTTP 213 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 65 IPs in 3 countries across 52 domains to perform 213 HTTP transactions. The main IP is 165.254.56.168, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 67092.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.

This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	165.254.198.211 165.254.198.211	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1 17	165.254.56.168 165.254.56.168	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
2 8	2606:4700:440... 2606:4700:4400::6812:205a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:400... 2607:f8b0:4004:c17::be	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
2	2606:4700:440... 2606:4700:4400::6812:26d1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	151.101.66.133 151.101.66.133	54113 (FASTLY) (FASTLY)
5	2606:4700:440... 2606:4700:4400::ac40:965f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2606:4700::68... 2606:4700::6813:b234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2607:f8b0:400... 2607:f8b0:4004:c19::61	15169 (GOOGLE) (GOOGLE)
3	2600:9000:26a... 2600:9000:26a0:2a00:a:b89d:a6c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	172.67.74.152 172.67.74.152	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	35.190.10.96 35.190.10.96	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4004:c1d::71	15169 (GOOGLE) (GOOGLE)
1	2600:9000:269... 2600:9000:269f:7400:15:ad21:c740:93a1	16509 (AMAZON-02) (AMAZON-02)
2 3	2607:f8b0:400... 2607:f8b0:4004:c1d::63	15169 (GOOGLE) (GOOGLE)
1 2	2607:f8b0:400... 2607:f8b0:4004:c1b::9a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2607:f8b0:400... 2607:f8b0:4004:c19::9c	15169 (GOOGLE) (GOOGLE)
6	3.162.3.87 3.162.3.87	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:21a... 2600:9000:21a2:6c00:11:85b0:d600:93a1	16509 (AMAZON-02) (AMAZON-02)
2 2	34.225.38.119 34.225.38.119	14618 (AMAZON-AES) (AMAZON-AES)
1 3	52.73.200.224 52.73.200.224	14618 (AMAZON-AES) (AMAZON-AES)
2 4	68.67.160.26 68.67.160.26	29990 (ASN-APPNEX) (ASN-APPNEX)
4 4	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1 1	172.253.122.156 172.253.122.156	15169 (GOOGLE) (GOOGLE)
1 1	8.43.72.98 8.43.72.98	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:400... 2607:f8b0:4004:c1b::5e	15169 (GOOGLE) (GOOGLE)
2	54.237.131.176 54.237.131.176	14618 (AMAZON-AES) (AMAZON-AES)
1	204.2.50.19 204.2.50.19	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1	34.102.147.248 34.102.147.248	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	151.101.129.21 151.101.129.21	54113 (FASTLY) (FASTLY)
1	23.47.22.7 23.47.22.7	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.161.213.65 3.161.213.65	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:269... 2600:9000:269f:e600:13:d6f4:3240:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:1408:c40... 2600:1408:c400:383::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f00... 2a03:2880:f003:c0e:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
3	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
10	23.212.249.197 23.212.249.197	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2600:9000:21a... 2600:9000:21a2:7800:a:7914:b00:93a1	16509 (AMAZON-02) (AMAZON-02)
2	34.120.253.250 34.120.253.250	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2606:4700:440... 2606:4700:4400::ac40:91b7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:480... 2001:4860:4802:38::181	15169 (GOOGLE) (GOOGLE)
5	34.49.124.132 34.49.124.132	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	34.98.67.3 34.98.67.3	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	192.229.210.155 192.229.210.155	15133 (EDGECAST) (EDGECAST)
4	44.197.106.9 44.197.106.9	14618 (AMAZON-AES) (AMAZON-AES)
2	3.162.3.47 3.162.3.47	16509 (AMAZON-02) (AMAZON-02)
3 6	142.251.16.149 142.251.16.149	15169 (GOOGLE) (GOOGLE)
2	34.232.82.191 34.232.82.191	14618 (AMAZON-AES) (AMAZON-AES)
1	34.249.47.228 34.249.47.228	16509 (AMAZON-02) (AMAZON-02)
2	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
3	151.101.65.35 151.101.65.35	54113 (FASTLY) (FASTLY)
2 2	35.244.154.8 35.244.154.8	15169 (GOOGLE) (GOOGLE)
1	44.209.94.203 44.209.94.203	14618 (AMAZON-AES) (AMAZON-AES)
8	151.101.0.84 151.101.0.84	54113 (FASTLY) (FASTLY)
11	34.98.72.95 34.98.72.95	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a03:2880:f10... 2a03:2880:f103:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
13	192.225.157.157 192.225.157.157	30286 (THM) (THM)
1	34.96.126.215 34.96.126.215	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.96.74.85 34.96.74.85	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.117.93.237 34.117.93.237	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	192.225.158.1 192.225.158.1	30286 (THM) (THM)
1	192.225.158.3 192.225.158.3	30286 (THM) (THM)
1 1	172.253.122.155 172.253.122.155	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:5... 2600:1901:0:56e0::	15169 (GOOGLE) (GOOGLE)
2	34.149.130.207 34.149.130.207	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
8	34.111.8.32 34.111.8.32	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	142.251.16.148 142.251.16.148	() ()
213	65

1 165.254.198.211 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

cosmeticscriminal.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 165.254.56.168 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

www.elfcosmetics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:4400::6812:205a (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.media.amplience.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c17::be (Washington, United States)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:26d1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.static.amplience.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.66.133 (United States)

ASN54113 (FASTLY, US)

cdn-fsly.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:4400::ac40:965f (United States)

ASN13335 (CLOUDFLARENET, US)

sdk.iad-05.braze.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6813:b234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4004:c19::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:26a0:2a00:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.74.152 (United States)

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com

collector-pxxt4gy2ig.px-cloud.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c1d::71 (Washington, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:269f:7400:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)

st.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c1d::63 (Washington, United States) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1b::9a (Washington, United States) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c19::9c (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.162.3.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-3-87.yul62.r.cloudfront.net

async-px.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21a2:6c00:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.cnnx.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.225.38.119 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-38-119.compute-1.amazonaws.com

pixel.pointmediatracker.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.73.200.224 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-200-224.compute-1.amazonaws.com

cnv.event.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.160.26 (New York, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 15.197.193.217 (Seattle, United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.122.156 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bh-in-f156.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.43.72.98 (United States) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.36.155 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c1b::5e (Washington, United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.237.131.176 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-237-131-176.compute-1.amazonaws.com

api.cquotient.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.2.50.19 (United States)

ASN393259 (YOTTAA-AS-1, US)

qoe-1.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com

tag.rmp.rakuten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.129.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.47.22.7 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-22-7.deploy.static.akamaitechnologies.com

static.ordergroove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.161.213.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-213-65.yul62.r.cloudfront.net

t.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:269f:e600:13:d6f4:3240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.usehero.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1408:c400:383::1931 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f003:c0e:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.212.249.197 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-212-249-197.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:21a2:7800:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.jebbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com

tag.wknd.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:91b7 (United States)

ASN13335 (CLOUDFLARENET, US)

elfcosmetics.a.bigcontent.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:38::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.49.124.132 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 132.124.49.34.bc.googleusercontent.com

sgtm.elfcosmetics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com

ut.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.229.210.155 (United States)

ASN15133 (EDGECAST, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 44.197.106.9 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-197-106-9.compute-1.amazonaws.com

c.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.162.3.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-3-47.yul62.r.cloudfront.net

cdn-scripts.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.251.16.149 (Farmingdale, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: bl-in-f149.1e100.net

9231397.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
10742279.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.232.82.191 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-82-191.compute-1.amazonaws.com

api.usehero.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.47.228 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-47-228.eu-west-1.compute.amazonaws.com

srm.ba.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.65.35 (United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.154.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.209.94.203 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-209-94-203.compute-1.amazonaws.com

external-api.jebbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.0.84 (United States)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f103:83:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 192.225.157.157 (United States)

ASN30286 (THM, US)

imgs.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.126.215 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 215.126.96.34.bc.googleusercontent.com

data.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.74.85 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 85.74.96.34.bc.googleusercontent.com

page.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.93.237 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 237.93.117.34.bc.googleusercontent.com

view.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.225.158.1 (United States)

ASN30286 (THM, US)

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.225.158.3 (United States)

ASN30286 (THM, US)

w2txo5aaspapa23jnvm2mz7jguiadlbq35rsqpesa2bf6449f2cf2358sac.d.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.122.155 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bh-in-f155.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:56e0:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

ids.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.130.207 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 207.130.149.34.bc.googleusercontent.com

pd.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
idr.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com

api.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
events.bouncex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.16.148 (None, ) 1 redirects

ASN- ()

10742279.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	elfcosmetics.com 1 redirects www.elfcosmetics.com — Cisco Umbrella Rank: 67092 sgtm.elfcosmetics.com — Cisco Umbrella Rank: 164395	364 KB
15	signifyd.com cdn-scripts.signifyd.com — Cisco Umbrella Rank: 8294 imgs.signifyd.com — Cisco Umbrella Rank: 7079	69 KB
14	doubleclick.net 6 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 36 stats.g.doubleclick.net — Cisco Umbrella Rank: 84 cm.g.doubleclick.net — Cisco Umbrella Rank: 262 9231397.fls.doubleclick.net — Cisco Umbrella Rank: 284657 10742279.fls.doubleclick.net — Cisco Umbrella Rank: 238988	3 KB
12	bounceexchange.com assets.bounceexchange.com — Cisco Umbrella Rank: 2403 api.bounceexchange.com — Cisco Umbrella Rank: 2692	301 KB
12	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 306	170 KB
10	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 709	270 KB
10	dynamicyield.com cdn.dynamicyield.com — Cisco Umbrella Rank: 8903 st.dynamicyield.com — Cisco Umbrella Rank: 8386 async-px.dynamicyield.com — Cisco Umbrella Rank: 8616	242 KB
10	amplience.net 2 redirects cdn.media.amplience.net — Cisco Umbrella Rank: 14404 cdn.static.amplience.net — Cisco Umbrella Rank: 42889	6 MB
8	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 908	5 KB
8	paypal.com www.paypal.com — Cisco Umbrella Rank: 2924 t.paypal.com — Cisco Umbrella Rank: 3505	125 KB
7	bouncex.net events.bouncex.net — Cisco Umbrella Rank: 2186	702 B
6	contentsquare.net t.contentsquare.net — Cisco Umbrella Rank: 3548 c.contentsquare.net — Cisco Umbrella Rank: 4473 srm.ba.contentsquare.net — Cisco Umbrella Rank: 18916 k-aeu1.contentsquare.net Failed	72 KB
5	jebbit.com js.jebbit.com — Cisco Umbrella Rank: 33809 external-api.jebbit.com — Cisco Umbrella Rank: 33959	61 KB
5	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 2 analytics.google.com — Cisco Umbrella Rank: 145	423 B
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	478 KB
5	braze.com sdk.iad-05.braze.com — Cisco Umbrella Rank: 3156	1 KB
4	google.ca www.google.ca — Cisco Umbrella Rank: 9881	253 B
4	adsrvr.org 4 redirects insight.adsrvr.org — Cisco Umbrella Rank: 622 match.adsrvr.org — Cisco Umbrella Rank: 356	2 KB
4	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 497 ib.adnxs.com — Cisco Umbrella Rank: 252	4 KB
4	px-cloud.net collector-pxxt4gy2ig.px-cloud.net — Cisco Umbrella Rank: 189618	2 KB
4	youtube.com www.youtube.com — Cisco Umbrella Rank: 66	69 KB
4	yottaa.net cdn-fsly.yottaa.net — Cisco Umbrella Rank: 24651 Failed qoe-1.yottaa.net — Cisco Umbrella Rank: 10420	1 MB
3	cdnwidget.com ids.cdnwidget.com — Cisco Umbrella Rank: 3963 pd.cdnwidget.com — Cisco Umbrella Rank: 3909 idr.cdnwidget.com — Cisco Umbrella Rank: 8402	1 KB
3	cdnbasket.net data.cdnbasket.net — Cisco Umbrella Rank: 5087 page.cdnbasket.net — Cisco Umbrella Rank: 5094 view.cdnbasket.net — Cisco Umbrella Rank: 5092	1014 B
3	bigcontent.io elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 140856	8 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 337	14 KB
3	usehero.com cdn.usehero.com — Cisco Umbrella Rank: 64874 api.usehero.com — Cisco Umbrella Rank: 60125	31 KB
3	bidr.io 1 redirects cnv.event.prod.bidr.io — Cisco Umbrella Rank: 10849	2 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	21 KB
2	online-metrix.net h.online-metrix.net — Cisco Umbrella Rank: 2489 w2txo5aaspapa23jnvm2mz7jguiadlbq35rsqpesa2bf6449f2cf2358sac.d.aa.online-metrix.net	438 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 97	400 B
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2623	16 KB
2	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 457	834 B
2	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1342	735 B
2	linksynergy.com ut.rd.linksynergy.com — Cisco Umbrella Rank: 8870 tags.rd.linksynergy.com — Cisco Umbrella Rank: 5305	696 B
2	wknd.ai tag.wknd.ai — Cisco Umbrella Rank: 4604	6 KB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1221	10 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	73 KB
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 940	22 KB
2	cquotient.com api.cquotient.com — Cisco Umbrella Rank: 41702	516 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 629	1 KB
2	pointmediatracker.com 2 redirects pixel.pointmediatracker.com — Cisco Umbrella Rank: 4863	1 KB
2	ipify.org api.ipify.org — Cisco Umbrella Rank: 2959	227 B
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 123	23 B
1	ordergroove.com static.ordergroove.com — Cisco Umbrella Rank: 31095	43 KB
1	rakuten.com tag.rmp.rakuten.com — Cisco Umbrella Rank: 7918	15 KB
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 378	915 B
1	cnnx.link js.cnnx.link — Cisco Umbrella Rank: 9481	1 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 535	305 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 767	24 KB
1	cosmeticscriminal.ca 1 redirects cosmeticscriminal.ca	331 B
0	pubmatic.com Failed simage2.pubmatic.com Failed
213	52

	Domain	Requested by
17	www.elfcosmetics.com	1 redirects www.elfcosmetics.com cdn-fsly.yottaa.net
13	imgs.signifyd.com	www.elfcosmetics.com imgs.signifyd.com
12	cdn.cookielaw.org	cdn-fsly.yottaa.net cdn.cookielaw.org www.elfcosmetics.com
11	assets.bounceexchange.com	www.elfcosmetics.com
10	analytics.tiktok.com	www.elfcosmetics.com analytics.tiktok.com
8	ct.pinterest.com	s.pinimg.com www.elfcosmetics.com analytics.tiktok.com
8	cdn.media.amplience.net	2 redirects www.elfcosmetics.com
7	events.bouncex.net
6	async-px.dynamicyield.com	cdn.dynamicyield.com
5	sgtm.elfcosmetics.com	www.googletagmanager.com analytics.tiktok.com
5	www.paypal.com	www.elfcosmetics.com www.paypal.com analytics.tiktok.com
5	www.googletagmanager.com	www.elfcosmetics.com
5	sdk.iad-05.braze.com	cdn-fsly.yottaa.net
4	10742279.fls.doubleclick.net	2 redirects www.elfcosmetics.com
4	9231397.fls.doubleclick.net	2 redirects www.elfcosmetics.com
4	c.contentsquare.net	t.contentsquare.net
4	js.jebbit.com	www.elfcosmetics.com
4	www.google.ca
4	collector-pxxt4gy2ig.px-cloud.net	www.elfcosmetics.com analytics.tiktok.com
4	www.youtube.com	www.elfcosmetics.com
3	t.paypal.com
3	elfcosmetics.a.bigcontent.io
3	bat.bing.com	www.elfcosmetics.com
3	match.adsrvr.org	3 redirects
3	secure.adnxs.com	1 redirects
3	cnv.event.prod.bidr.io	1 redirects
3	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
3	www.google.com	2 redirects
3	www.google-analytics.com	www.elfcosmetics.com www.google-analytics.com
3	cdn.dynamicyield.com	www.elfcosmetics.com
3	cdn-fsly.yottaa.net	www.elfcosmetics.com
2	www.facebook.com
2	www.paypalobjects.com	www.elfcosmetics.com
2	idsync.rlcdn.com	2 redirects
2	alb.reddit.com
2	api.usehero.com	cdn.usehero.com analytics.tiktok.com
2	cdn-scripts.signifyd.com	www.elfcosmetics.com
2	analytics.google.com	www.googletagmanager.com
2	tag.wknd.ai	www.elfcosmetics.com
2	www.redditstatic.com	www.elfcosmetics.com www.redditstatic.com
2	connect.facebook.net	www.elfcosmetics.com
2	s.pinimg.com	www.elfcosmetics.com
2	api.cquotient.com	cdn-fsly.yottaa.net
2	dsum-sec.casalemedia.com	1 redirects
2	pixel.pointmediatracker.com	2 redirects
2	googleads.g.doubleclick.net	1 redirects
2	api.ipify.org	cdn-fsly.yottaa.net
2	cdn.static.amplience.net	www.elfcosmetics.com
1	idr.cdnwidget.com
1	api.bounceexchange.com	www.elfcosmetics.com
1	pd.cdnwidget.com	analytics.tiktok.com
1	ids.cdnwidget.com	analytics.tiktok.com
1	www.googleadservices.com	1 redirects
1	w2txo5aaspapa23jnvm2mz7jguiadlbq35rsqpesa2bf6449f2cf2358sac.d.aa.online-metrix.net
1	h.online-metrix.net	imgs.signifyd.com
1	view.cdnbasket.net	analytics.tiktok.com
1	page.cdnbasket.net	analytics.tiktok.com
1	data.cdnbasket.net	analytics.tiktok.com
1	external-api.jebbit.com	js.jebbit.com
1	tags.rd.linksynergy.com
1	srm.ba.contentsquare.net	t.contentsquare.net
1	ut.rd.linksynergy.com	www.elfcosmetics.com
1	cdn.usehero.com	www.elfcosmetics.com
1	t.contentsquare.net	www.elfcosmetics.com
1	static.ordergroove.com	www.elfcosmetics.com
1	tag.rmp.rakuten.com	www.elfcosmetics.com
1	qoe-1.yottaa.net	www.elfcosmetics.com
1	ib.adnxs.com	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	cm.g.doubleclick.net	1 redirects
1	insight.adsrvr.org	1 redirects
1	js.cnnx.link	www.googletagmanager.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	st.dynamicyield.com	www.elfcosmetics.com
1	code.jquery.com	www.elfcosmetics.com
1	cosmeticscriminal.ca	1 redirects
0	simage2.pubmatic.com Failed
0	k-aeu1.contentsquare.net Failed	t.contentsquare.net
213	78

This site contains links to these domains. Also see Links.

Domain
cdn.dynamicyield.com
st.dynamicyield.com
rcom.dynamicyield.com
www.tiktok.com
www.instagram.com
www.pinterest.com
www.facebook.com
www.youtube.com
twitter.com
www.snapchat.com
www.linkedin.com
www.elfbeauty.com
preferences.elfcosmetics.com
www.onetrust.com

Subject Issuer	Validity	Valid
*.elfcosmetics.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-25` - `2024-10-25`	a year	crt.sh
dm.amplience.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-20` - `2024-08-14`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.yottaa.net GlobalSign RSA OV SSL CA 2018	`2023-09-13` - `2024-10-14`	a year	crt.sh
sdk.iad-05.braze.com E1	`2024-04-19` - `2024-07-18`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
*.dynamicyield.com Amazon RSA 2048 M02	`2023-09-03` - `2024-10-01`	a year	crt.sh
ipify.org GTS CA 1P5	`2024-03-21` - `2024-06-19`	3 months	crt.sh
*.px-cloud.net Sectigo RSA Domain Validation Secure Server CA	`2023-08-15` - `2024-09-13`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
js.cnnx.link Amazon RSA 2048 M02	`2023-07-11` - `2024-08-07`	a year	crt.sh
*.google.ca GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
*.cquotient.com Amazon RSA 2048 M02	`2024-03-05` - `2025-04-02`	a year	crt.sh
tag.rmp.rakuten.com GTS CA 1D4	`2024-03-31` - `2024-06-29`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2024-02-08` - `2025-02-08`	a year	crt.sh
*.ordergroove.com Go Daddy Secure Certificate Authority - G2	`2023-08-04` - `2024-08-17`	a year	crt.sh
t.contentsquare.net Amazon RSA 2048 M01	`2023-09-13` - `2024-10-11`	a year	crt.sh
*.usehero.com Amazon RSA 2048 M02	`2023-08-28` - `2024-09-24`	a year	crt.sh
*.pinterest.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-07` - `2024-08-07`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-01-30` - `2024-04-29`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-08` - `2024-07-06`	6 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 02	`2024-04-22` - `2024-06-27`	2 months	crt.sh
*.tiktok.com RapidSSL ECC CA 2018	`2023-07-14` - `2024-08-13`	a year	crt.sh
*.jebbit.com Amazon RSA 2048 M01	`2023-05-24` - `2024-06-21`	a year	crt.sh
tag.wknd.ai R3	`2024-03-19` - `2024-06-17`	3 months	crt.sh
*.bigcontent.io GeoTrust TLS RSA CA G1	`2024-04-02` - `2025-05-03`	a year	crt.sh
sgtm.elfcosmetics.com GTS CA 1D4	`2024-03-17` - `2024-06-15`	3 months	crt.sh
*.rd.linksynergy.com ZeroSSL RSA Domain Secure Site CA	`2024-01-23` - `2025-01-22`	a year	crt.sh
dep.bf.contentsquare.net Amazon RSA 2048 M03	`2024-02-18` - `2025-03-19`	a year	crt.sh
cdn-scripts.signifyd.com Amazon RSA 2048 M01	`2023-07-03` - `2024-07-31`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
api.usehero.com Amazon RSA 2048 M03	`2024-01-06` - `2025-02-03`	a year	crt.sh
srm.ba.contentsquare.net Amazon RSA 2048 M02	`2023-11-07` - `2024-12-06`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-15` - `2024-07-13`	6 months	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2023-09-21` - `2024-10-21`	a year	crt.sh
assets.bounceexchange.com GTS CA 1D4	`2024-03-19` - `2024-06-17`	3 months	crt.sh
imgs.signifyd.com Go Daddy Secure Certificate Authority - G2	`2023-10-20` - `2024-11-20`	a year	crt.sh
data.cdnbasket.net GTS CA 1D4	`2024-03-06` - `2024-06-04`	3 months	crt.sh
page.cdnbasket.net GTS CA 1D4	`2024-03-13` - `2024-06-11`	3 months	crt.sh
view.cdnbasket.net GTS CA 1D4	`2024-03-17` - `2024-06-15`	3 months	crt.sh
online-metrix.net Viking Cloud Organization Validation CA, Level 1	`2023-10-20` - `2024-10-21`	a year	crt.sh
*.aa.online-metrix.net Viking Cloud Organization Validation CA, Level 1	`2023-10-20` - `2024-10-21`	a year	crt.sh
ids.cdnwidget.com R3	`2024-03-12` - `2024-06-10`	3 months	crt.sh
pd.cdnwidget.com R3	`2024-03-12` - `2024-06-10`	3 months	crt.sh
*.wunderkind.co R3	`2024-04-04` - `2024-07-03`	3 months	crt.sh
idr.cdnwidget.com R3	`2024-03-12` - `2024-06-10`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh

This page contains 15 frames:

Primary Page: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Frame ID: B71B70466BD75C81590C821D848D3433
Requests: 188 HTTP requests in this frame

Frame: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Frame ID: 5BF2D9CBCD3C7A93BED848635072FFF0
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: D80171434E81850F521A07C3DC84B575
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.63.0&integrationType=SDK
Frame ID: 42AD3194548932F9F01453534C25DDAB
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CLSpje281YUDFRPEwgQdGPwKOw;src=9231397;type=retarget;cat=globa0;ord=3708628731187;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: BC5C4A353B563EB96B0B67D9AD5CB3DE
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=COTdkO281YUDFRLQwgQdJAAC1A;src=10742279;type=elf8j0;cat=glo_flap;ord=7298429179453;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 4A04D27C1FCC4534BD28EDEC5C477519
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 6AD77847A4928B2E37343B6F9E621A63
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 5CAA168215BFC9BEE4E2D74C687D9711
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/QMUd8HZfWdMaYW2B?b03d6a1871a1c200=kt3WuY4tZu46NQJ8Aa2tH4GaVoeOSfuyWUUc9_PCqOTNdvKNqIxvEeVwZ4KwRfRhXl9XPKNYukFeCYCQIGYbn8lZCIPaXHgql09YkhesP0c16Q4Iy4st4db8K7X_Dth3Mc_A8WbjIhsdyr0emPH7NX4nBaAHp3DAZEl2MVD1vcJE64fog7rzNrNalrAkLUGYeKcr6QrZ8VYBEvr-UckRjFJsnwQ&jb=3d3b242662736577355d6b666e6d77712e607965375563666e677f732f383831392668736875354360726d656d2468736a3d496a7a656f6d2f3030333a3e
Frame ID: C1E160801A5E1C1BB2974C35F54CDBC2
Requests: 11 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: 80DC7DE2DDEA41EA3DAFCB83BC7B1143
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/QBMiTW0VTuULG47J?4a8909b33502e08d=lI9vawTuxEzI7ww3jVq2WyfmUqxD5GmrjdwwKm1wIjqiZe9D3NuPL-3UjfMRUgbwKXTyefWlb87ki1jltFQwxgKUfjSra1gFUQ72L3xArBdOzSg7Og1gz-Q5tFsKlI74AozpLORFoYUGrYXmLoExmHPzFij2xEpOaFObWgh-ER17FrGVqj-iEEmEMb0QwTMOqluCzoH3hBEaMFKWkRjIXy_pWs_xVg
Frame ID: B6C32B95D166F5C89B041665EA6814B5
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/8KKHML-_GFAf5OTr?66ac57b4dd2e7949=XnZjNjOYNhSAedPkFWvNp46pFa4RbWEjfbqwrVYygomAW4SoiQbH-16ZTJa38xs3RF7al16o96hsAXGusv_jqzqatN2BfKNk8PL9qTN0XgtAY_HKA0B8Dab8DHCjSxlumkZsXegjnnIiMACudtcBuHzfyZhATNBK7RGqeAX7gGVOI5DtVE-cb9C2sITtoMwjWE7t6ueVQ4yONze-yYdu2xn0G7N-dYk
Frame ID: A5F229B6E46C86416B747F840FE6364F
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/L3CtcFyQV3hPNgRs?33cdd05c66242ccb=AL5pEhTNxV2WbGtzR1-cUYBiAHe5_NZ42IKDH4H7c2O4FxMQwCA6Itsr1HJ2j7ot5o5E0UWEHG7YxZpJnLuRHM8H-WKcboRBTAUNpVZb_YjfimrqJEEyCClk3k-slktLiYyttA0j9jAmfbIbNAkhMs5395ix8BvSlR7h75ISTU_lZsIMrPocL5ZFwR5Syd2pwRZpKH8Nlk-i4BDg-wjlco5GrRJJFlQ
Frame ID: C765B36B9A6284EAAC0F38DAFFFAFF7D
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CPyMy_K81YUDFcnHwgQd-g4GiQ;src=9231397;type=retarget;cat=globa0;ord=8979899249655;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 66C0026FBCE141BAB568A94A72DA992A
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CNXEzvK81YUDFZCJfwQdTjEO9g;src=10742279;type=elf8j0;cat=glo_flap;ord=3607896815072;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: A10CB91FB5233C863C043913F5BD4EEE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cosmetic Criminals | e.l.f. Cosmetics

Page URL History Show full URLs

https://cosmeticscriminal.ca/ HTTP 301
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Dynamic Yield (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

cdn\.dynamicyield\.\w+/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

PerimeterX (Security) Expand

Overall confidence: 100%
Detected patterns

Rakuten (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

tag\.rmp\.rakuten\.com

basket.js (JavaScript Libraries) Expand

Overall confidence: 10%
Detected patterns

basket.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

213
Requests

93 %
HTTPS

37 %
IPv6

52
Domains

78
Subdomains

65
IPs

3
Countries

9931 kB
Transfer

19310 kB
Size

97
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://cdn.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://st.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://rcom.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@elfyeah/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/eyeslipsfacedotcom

Search URL Search Domain Scan URL

URL: https://twitter.com/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.snapchat.com/add/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/e-l-f-beauty

Search URL Search Domain Scan URL

URL: https://www.elfbeauty.com/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.elfbeauty.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://preferences.elfcosmetics.com/privacy
Title: Privacy Rights Request Form

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cosmeticscriminal.ca/ HTTP 301
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4

Request Chain 16

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4

Request Chain 28

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=YZ8PDiotdryFfyTh8B9SKuptUvJDHvRUUh8FY4axdjo HTTP 303
https://www.elfcosmetics.com/callback?usid=3b1c6452-fa2f-4292-8909-8fdf924f6167&code=y5CB51H8r6X1ZhnKjGcJTMFcsIP6RkifTk32Er_5e54

Request Chain 33

https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=141723064.1713777001&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He44h0n81WL3STMXv896608294za200&auid=493848422.1713777001 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=141723064.1713777001&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He44h0n81WL3STMXv896608294za200&auid=493848422.1713777001

Request Chain 50

https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=c7078f10-6195-41f7-a22d-ce07feacc395&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=254335499 HTTP 302
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=2f9c6ab2-346a-4d24-98d5-fd3d59bfd581.&ord=2610723753168217777 HTTP 303
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=2f9c6ab2-346a-4d24-98d5-fd3d59bfd581.&ord=2610723753168217777&_bee_ppp=1

Request Chain 51

https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2

Request Chain 52

https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=OTU5YmRkZjYtNTk1ZC00MWMwLTlmZWItNDQwMWRhN2E1YWEy&gdpr=0&gdpr_consent=&ttd_tdid=959bddf6-595d-41c0-9feb-4401da7a5aa2 HTTP 302
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=959bddf6-595d-41c0-9feb-4401da7a5aa2&google_gid=CAESED2rbQsVc6OComu49vWaF60&google_cver=1 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=959bddf6-595d-41c0-9feb-4401da7a5aa2&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=959bddf6-595d-41c0-9feb-4401da7a5aa2 HTTP 302
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=4303390990826304848&ttd_tdid=959bddf6-595d-41c0-9feb-4401da7a5aa2 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=959bddf6-595d-41c0-9feb-4401da7a5aa2&expiration=1716369004&gdpr=0&gdpr_consent= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=959bddf6-595d-41c0-9feb-4401da7a5aa2&expiration=1716369004&gdpr=0&gdpr_consent=&C=1

Request Chain 114

https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=3708628731187;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
https://9231397.fls.doubleclick.net/activityi;dc_pre=CLSpje281YUDFRPEwgQdGPwKOw;src=9231397;type=retarget;cat=globa0;ord=3708628731187;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals

Request Chain 120

https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7298429179453;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
https://10742279.fls.doubleclick.net/activityi;dc_pre=COTdkO281YUDFRLQwgQdJAAC1A;src=10742279;type=elf8j0;cat=glo_flap;ord=7298429179453;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals

Request Chain 131

https://idsync.rlcdn.com/458359.gif?partner_uid=c29fa750-4ab4-484e-9504-cef589a92c48 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGMyOWZhNzUwLTRhYjQtNDg0ZS05NTA0LWNlZjU4OWE5MmM0OBAAGg0I8NKYsQYSBQjoBxAAQgBKAA HTTP 307
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=662078a772a997626ac22bebeda6092bc4233127183ff32142bbcd3e5ed856cb6ac34734d8e453ee

Request Chain 177

https://www.googleadservices.com/pagead/conversion/698270988/?random=1072386027&fst=1713777009840&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h0v9125640115z8896608294z99175401888za200&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=493848422.1713777001&bttype=purchase&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=364504026&fst=1713777009840&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h0v9125640115z8896608294z99175401888za200&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=493848422.1713777001&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQI&eitems=ChAI8JWYsQYQ7pGyz5zS3aBmEh0AcPI6X9Dv5ulIKFXZ29Tthpo4km2Fp2iwSKrXmQ&pscrd=IhMI6-2u77zVhQMV-BPQBB2uBwh9MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v HTTP 302
https://www.google.com/pagead/1p-conversion/698270988/?random=364504026&fst=1713777009840&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h0v9125640115z8896608294z99175401888za200&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=493848422.1713777001&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQI&pscrd=IhMI6-2u77zVhQMV-BPQBB2uBwh9MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQB7FLtq8_-jPrtN3ZtkLJCxvps88I1F_frS9F3NOYLiFoiCF5Tfovvg&eitems=ChAI8JWYsQYQ7pGyz5zS3aBmEh0AcPI6X3CUOwHRKRBzI4Q56iUezS76fDe9DSKIdg&random=2946790655 HTTP 302
https://www.google.ca/pagead/1p-conversion/698270988/?random=364504026&fst=1713777009840&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h0v9125640115z8896608294z99175401888za200&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=493848422.1713777001&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQI&pscrd=IhMI6-2u77zVhQMV-BPQBB2uBwh9MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQB7FLtq8_-jPrtN3ZtkLJCxvps88I1F_frS9F3NOYLiFoiCF5Tfovvg&eitems=ChAI8JWYsQYQ7pGyz5zS3aBmEh0AcPI6X3CUOwHRKRBzI4Q56iUezS76fDe9DSKIdg&random=2946790655&ipr=y

Request Chain 203

https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=c7078f10-6195-41f7-a22d-ce07feacc395&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=New&gtmcb=341035732 HTTP 302
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=5ce69275-65fe-4584-a1b2-9331fddac447.&ord=7102165727994152417

Request Chain 207

https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=959bddf6-595d-41c0-9feb-4401da7a5aa2&r=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dpubmatic

Request Chain 211

https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=8979899249655;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
https://9231397.fls.doubleclick.net/activityi;dc_pre=CPyMy_K81YUDFcnHwgQd-g4GiQ;src=9231397;type=retarget;cat=globa0;ord=8979899249655;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals

Request Chain 212

https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=3607896815072;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
https://10742279.fls.doubleclick.net/activityi;dc_pre=CNXEzvK81YUDFZCJfwQdTjEO9g;src=10742279;type=elf8j0;cat=glo_flap;ord=3607896815072;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals

213 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request elf-cosmetic-criminals Show response
www.elfcosmetics.com/en_CA/
Redirect Chain

https://cosmeticscriminal.ca/
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

892 KB
230 KB

2884ms
2364ms

Document
text/html

165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

f4792525e21308c736bdd2d13fe0fc7da8c35c67fab2403c4d02088de729c60d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 0
alt-svc: h3=":443"; ma=86400
cache-control: public, must-revalidate, s-maxage=900
content-encoding: gzip
content-length: 234690
content-type: text/html; charset=utf-8
date: Mon, 22 Apr 2024 09:09:56 GMT
etag: W/"c1ede-OlIw9+eQsgrD63n+zFiuFLHF7mM"
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 0632dce52bb4d036890e14a88154db56.cloudfront.net (CloudFront)
x-amz-apigw-id: WntnfED7iYcEOng=
x-amz-cf-id: SF6xgbd3pc9A9EFSF0DYFnsrObmoOXK9diR0Sy-WSleaYujU02S-3g==
x-amz-cf-pop: LHR62-C3
x-amzn-remapped-connection: close
x-amzn-remapped-content-length: 794334
x-amzn-remapped-date: Mon, 22 Apr 2024 09:09:56 GMT
x-amzn-requestid: 8161116a-3f6d-49e7-b4c2-4fe81554c3a5
x-amzn-trace-id: Root=1-66262962-7c08510c6a4f6e081f6bc58e;Parent=276477d01be4bcdb;Sampled=0;lineage=2b75b0e9:0
x-cache: Miss from cloudfront
x-yottaa-metrics: 3421a5fe3832/[1885,1773,-] 34D1a5fe38a8/[-,1982.183]
x-yottaa-optimizations: ob/1000000100001000 si/34D1a5fe38a8-1713544936-7713373176 tts/1710864117465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os: 200

Redirect headers

age: 0
content-length: 1197
content-type: text/html; charset=utf-8
date: Mon, 22 Apr 2024 09:09:53 GMT
location: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
vary: User-Agent
x-yottaa-fw: fb/100000 tid/658f1dead931403bb4ae3e88 rid/658f270fd931403bb4ae60d5 stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics: 32D1a5fec6d3/[-,0.318]
x-yottaa-optimizations: ob/0 si/32D1a5fec6d3-1713544935-6850872920 tts/1713776993997 ti/0 ai/658f1dead931403bb4ae3e88

GET
H2 200 init.js Show response
www.elfcosmetics.com/XT4Gy2ig/ 168 KB
75 KB 1773ms
1772ms Script
application/javascript 165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: c6b243117e6ff2250376ec7c2bac7d8ae7379a0f447d05b4df06c8de2eb1f338

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:09:57 GMT
content-encoding: gzip
etag: "2a0eb-vsW9NT8cQGLVR3vvc5tGFGGks2c"
active-cdn: Akamai
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: active-cdn,x-served-by,Akamai-Request-BC
cache-control: max-age=600
x-yottaa-metrics: 34D1a5fe38a8/[-,1500.199]
x-px-hash: Mzg2NTJlNjI3OTMzNGUyMmJiZmJkYmQ5YTYxOTVhNDYwNjM5NTA4NjNiZjg2NWJmODRhZDQ2ZTdhZGY5ZDhjNw==
x-yottaa-optimizations: ob/0 si/34D1a5fe38a8-1713544936-7713373189 tts/1713776998662 ti/0 ai/5a0c9b7632f01c35d42101b2

GET /
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/ 0
0

GET
H2 200 PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 630 KB
631 KB 494ms
118ms Image
image/jpeg 2606:4700:4400::6812:205a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:205a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:09:57 GMT
cf-cache-status: HIT
age: 2553
x-amp-srv: CF
edge-cache-tag: nHCweV-KL,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: CJP8Wscuez
alt-svc: h3=":443"; ma=86400
content-length: 644728
x-xss-protection: 1; mode=block
x-amp-source-height: 1249
last-modified: Mon, 22 Apr 2024 08:27:24 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 3199
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 87847a5c08783703-YYZ
x-amp-published: Wed, 20 Dec 2023 20:47:39 GMT

GET
H2 200 PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 205 KB
205 KB 720ms
345ms Image
image/png 2606:4700:4400::6812:205a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:205a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:09:57 GMT
cf-cache-status: HIT
age: 2553
x-amp-srv: CF
edge-cache-tag: EriXWOR7n,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: T5sW31YLlc
alt-svc: h3=":443"; ma=86400
content-length: 209440
x-xss-protection: 1; mode=block
x-amp-source-height: 340
last-modified: Mon, 22 Apr 2024 08:27:24 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
x-amp-source-width: 800
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 87847a5c087a3703-YYZ
x-amp-published: Wed, 20 Dec 2023 20:47:39 GMT

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d

Request headers

Referer
Origin: https://www.elfcosmetics.com
Accept-Language: en-CA,en;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac

Request headers

Referer
Origin: https://www.elfcosmetics.com
Accept-Language: en-CA,en;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H2 200 bxGKZ6lfJ7A
www.youtube.com/embed/ Frame 5BF2 0
0 663ms
263ms Document
text/html 2607:f8b0:4004:c17::be
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::be Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Apr 2024 09:09:57 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 rZPCKoUReO0
www.youtube.com/embed/ Frame D801 0
0 592ms
195ms Document
text/html 2607:f8b0:4004:c17::be
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::be Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-security-policy-report-only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-djKLDNP63fHdriC1rw3Y_A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Apr 2024 09:09:57 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 2 MB
2 MB 215ms
214ms Image
image/png 2606:4700:4400::6812:205a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:205a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:09:57 GMT
cf-cache-status: HIT
age: 2553
x-amp-srv: CF
edge-cache-tag: kHZIc2XA6,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: 3z7iU3mG57
alt-svc: h3=":443"; ma=86400
content-length: 2085695
x-xss-protection: 1; mode=block
x-amp-source-height: 1484
last-modified: Mon, 22 Apr 2024 08:27:24 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
x-amp-source-width: 3080
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 87847a5d69463703-YYZ
x-amp-published: Wed, 03 Jan 2024 21:02:28 GMT

GET
H2 200 PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 330 KB
331 KB 129ms
127ms Image
image/jpeg 2606:4700:4400::6812:205a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:205a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:09:58 GMT
cf-cache-status: HIT
age: 2554
x-amp-srv: CF
edge-cache-tag: bAXApDK0q,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: t9Ss-aX2AJ
alt-svc: h3=":443"; ma=86400
content-length: 338113
x-xss-protection: 1; mode=block
x-amp-source-height: 1062
last-modified: Mon, 22 Apr 2024 08:27:24 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 2806
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 87847a5eca103703-YYZ
x-amp-published: Wed, 27 Dec 2023 17:21:33 GMT

GET
H2 200 PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 180 KB
180 KB 107ms
104ms Image
image/jpeg 2606:4700:4400::6812:205a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:205a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:09:58 GMT
cf-cache-status: HIT
age: 2554
x-amp-srv: CF
edge-cache-tag: r_hJXD8VE,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: MyNCxafAGx
alt-svc: h3=":443"; ma=86400
content-length: 184181
x-xss-protection: 1; mode=block
x-amp-source-height: 1108
last-modified: Mon, 22 Apr 2024 08:27:24 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 1952
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 87847a5eca123703-YYZ
x-amp-published: Fri, 29 Dec 2023 07:51:47 GMT

GET
H2 200 PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 614 KB
614 KB 139ms
137ms Image
image/png 2606:4700:4400::6812:205a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:205a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:09:58 GMT
cf-cache-status: HIT
age: 2554
x-amp-srv: CF
edge-cache-tag: 7QyXPqcNv,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: OVwjvLxZow
alt-svc: h3=":443"; ma=86400
content-length: 628288
x-xss-protection: 1; mode=block
x-amp-source-height: 525
last-modified: Mon, 22 Apr 2024 08:27:24 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
x-amp-source-width: 3200
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 87847a5eca133703-YYZ
x-amp-published: Thu, 28 Dec 2023 16:15:28 GMT

GET
H2 200 jquery-3.7.1.slim.min.js Show response
code.jquery.com/ 69 KB
24 KB 450ms
93ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:09:57 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 5192870
x-cache: HIT, HIT
content-length: 24036
x-served-by: cache-lga21942-LGA, cache-yyz4520-YYZ
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1713776998.842956,VS0,VE0
etag: W/"28feccc0-11278"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 1313, 1284

GET
H2 200 player_api Show response
www.youtube.com/ 1 KB
2 KB 539ms
155ms Script
text/javascript 2607:f8b0:4004:c17::be
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/player_api

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::be Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f7946dea8d21c37f3206bb7a0d16d78ce2dba8ae76144eba2c5ba27ada695e38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:09:58 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: text/javascript; charset=utf-8
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Mon, 22 Apr 2024 09:09:58 GMT

GET
H2

206

8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4

1 MB
1 MB

478ms
102ms

Media
video/mp4

2606:4700:4400::6812:26d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Server: 2606:4700:4400::6812:26d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Apr 2024 09:09:58 GMT
x-amz-version-id: null
cf-cache-status: HIT
x-amz-request-id: 82WM8XYVADS0PDKV
age: 2553
Content-Range: bytes 0-1060947/1060948
Content-Length: 1060948
x-amz-id-2: S5eieCINQx2E1mulj1hqFpRzWto7RjfuFMd7POQ1ajQZ8keB4wIlpYRg0s7XEQ7G3rDicKcF6j4=
last-modified: Fri, 22 Dec 2023 15:50:27 GMT
server: cloudflare
etag: "dd3676819bd88a250c875a11e38c307d"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: video/mp4
cf-ray: 87847a627a4a53fb-YYZ

Redirect headers

date: Mon, 22 Apr 2024 09:09:58 GMT
cf-cache-status: HIT
age: 2554
x-amp-srv: CF
edge-cache-tag: -8l9n7ahO,l4p5bDg2e,bgWw7nQ29
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 87847a5f6b9536aa-YYZ

GET
H2

206

c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4

1 MB
1 MB

733ms
379ms

Media
video/mp4

2606:4700:4400::6812:26d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Server: 2606:4700:4400::6812:26d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Apr 2024 09:09:58 GMT
x-amz-version-id: null
cf-cache-status: HIT
x-amz-request-id: 82WW45WRD0R7T8D0
age: 2553
Content-Range: bytes 0-1262366/1262367
Content-Length: 1262367
x-amz-id-2: HUURqjmEk4g3IHf/XtdG5YAR2FAaOnP0cWlTXy2dbJRcN+Pl9jjv2Yz0keT9sOV3GtabPlqQupI=
last-modified: Fri, 22 Dec 2023 17:43:50 GMT
server: cloudflare
etag: "91a2cbc7ca143aac79d0312d84bb77fb"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: video/mp4
cf-ray: 87847a627a4953fb-YYZ

Redirect headers

date: Mon, 22 Apr 2024 09:09:58 GMT
cf-cache-status: HIT
age: 2554
x-amp-srv: CF
edge-cache-tag: KnS3FQkJo,l4p5bDg2e,fH6Lo3_5e
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 87847a5f9baa36aa-YYZ

GET
H2 200 vendor.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/ 2 MB
620 KB 393ms
125ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b2e0bde8a120edcd0e126c139ff4c62dc420e43a86bb9e22c92044fdda3fc3ef

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:09:58 GMT
via: 1.1 968842023e92f9868a60ec906f146c2c.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
x-amz-cf-pop: SFO53-P2
age: 396316
x-yottaa-optimizations: ob/1100 si/2511cc02853e-1706727921-1747665582 tts/1710864117465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 731232
content-length: 634413
x-amz-meta-bundle: 11109
x-served-by: cache-yyz4562-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1713776999.615722,VS0,VE0
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 2521cc028a8e/[15,-,1713380668921] 2511cc02853e/[-,128.237]
accept-ranges: bytes
x-amz-cf-id: R5FzEYhohmNaj9MYflSqPJ0oAYtvWPayRNqY7WnN78uvW6srqZ5z3w==
x-cache-hits: 3

GET
H2 200 main.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/ 2 MB
485 KB 329ms
80ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/main.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 48eac18ec8b1c06a5b11f38fbf38abf0d52f42b46f0c17a6250872645845dd82

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:09:58 GMT
via: 1.1 cb0b891eddf58d69d157d55977c68bce.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
x-amz-cf-pop: SFO53-P2
age: 396330
x-yottaa-optimizations: ob/1001 si/2511cc028a74-1706727919-1154700029 tts/1710864117465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 731232
content-length: 495549
x-amz-meta-bundle: 11109
x-served-by: cache-yyz4562-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1713776999.615690,VS0,VE0
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 2521cc0285f8/[111,83,-] 2511cc028a74/[hit]
accept-ranges: bytes
x-amz-cf-id: NwS-yKYLNcy_E-MGZpbERF5y90pqXobX1WrTJeY63zT2WAR-qW4cRw==
x-cache-hits: 3

GET
H2 200 pages-product-list-product-list-page.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/ 42 KB
12 KB 103ms
79ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/pages-product-list-product-list-page.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9f2461f7629a9751a8ce13d4fa6465bd4dade527356dedaa1e07be6712694ec4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:09:58 GMT
via: 1.1 86364f3fbc9271997968ac61fea44a02.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
x-amz-cf-pop: SFO53-P2
age: 396316
x-yottaa-optimizations: ob/1100 si/2511cc028a76-1706727919-519252215 tts/1710864117465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Miss from cloudfront, HIT
x-amz-meta-deploy: 731232
content-length: 11877
x-amz-meta-bundle: 11109
x-served-by: cache-yyz4562-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1713776999.615704,VS0,VE0
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 2521cc028a87/[2,-,1713380668834] 2511cc028a76/[-,5.397]
accept-ranges: bytes
x-amz-cf-id: J_a7tua4pMuyVkGxAiCUddjxNc8OlRLbgE7B-WSsLFsTGk8Sh73H9A==
x-cache-hits: 343

OPTIONS
H2 200 /
sdk.iad-05.braze.com/api/v3/data/ Frame 0
0 647ms
226ms Preflight 2606:4700:4400::ac40:965f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:965f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 87847a6c783e36bf-YYZ
content-encoding: gzip
date: Mon, 22 Apr 2024 09:10:00 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 476ms
111ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/main.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 22 Apr 2024 09:10:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: zgTRIDojRJmnmBTwUyI2Vw==
age: 55069
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 18 Apr 2024 19:47:50 GMT
server: cloudflare
etag: 0x8DC5FE06E4C260E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 8befe9e8-701e-008c-2f73-92518d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87847a6b2ff138e2-YYZ

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 486 KB
130 KB 593ms
123ms Script
application/javascript 2607:f8b0:4004:c19::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a0e1f68cb48f0896e7940cc0a70c1ff76155cd44ed8aef2f4406c8f9da7979b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 133205
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 22 Apr 2024 09:10:00 GMT

GET
H2 200 api_dynamic.js Show response
cdn.dynamicyield.com/api/8772046/ 475 KB
52 KB 709ms
265ms Script
application/javascript 2600:9000:26a0:2a00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26a0:2a00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: bcb200189a4d9d85fdd5d2b7baed695287012a6727a98245613633d80d32b1b9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:01 GMT
content-encoding: gzip
via: 1.1 275c32bc50366db37e8c3324dfc942a6.cloudfront.net (CloudFront)
last-modified: Fri, 19 Apr 2024 20:46:33 GMT
server: DYCDN
x-amz-cf-pop: YUL62-P2
x-amz-server-side-encryption: AES256
etag: W/"e5ee12564f7b49f0fa6fb54706ecb5b2"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=30
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: 3hgppM8xYUYN54DXrOy-4x70pN2I9zNwYEJPFEfQR-0jo4xK228SJA==

GET
H2 200 api_static.js Show response
cdn.dynamicyield.com/api/8772046/ 388 KB
114 KB 563ms
119ms Script
application/javascript 2600:9000:26a0:2a00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26a0:2a00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 498ea43ee2b31ee61f58f43b798dfaec6eb59b63fefdfaa7c01bba897ba57a33

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 06:36:26 GMT
content-encoding: gzip
via: 1.1 275c32bc50366db37e8c3324dfc942a6.cloudfront.net (CloudFront)
last-modified: Tue, 09 Apr 2024 08:59:55 GMT
server: DYCDN
age: 9215
x-amz-cf-pop: YUL62-P2
x-amz-server-side-encryption: AES256
etag: W/"64e0187feba0c97d38f8aabb6e6d66cd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: 9ASOvokAToncjS7FLOj9hby0cXQc_YD0JIJjoIXcFeeXfpSc-yJvVA==

GET
H2 200 / Show response
api.ipify.org/ 21 B
154 B 498ms
224ms XHR
application/json 172.67.74.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bd6b502fae9a1f0f71f9ce361cdf0d01ccc35b86e98ee06fa144bd670339569

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:00 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: application/json
access-control-allow-origin: *
cf-ray: 87847a6abfd136bc-YYZ
content-length: 21

GET
H2 200 / Show response
api.ipify.org/ 21 B
73 B 645ms
148ms XHR
application/json 172.67.74.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bd6b502fae9a1f0f71f9ce361cdf0d01ccc35b86e98ee06fa144bd670339569

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:00 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: application/json
access-control-allow-origin: *
cf-ray: 87847a6c190236bc-YYZ
content-length: 21

POST
H2 201 / Show response
sdk.iad-05.braze.com/api/v3/data/ 323 B
565 B 485ms
485ms XHR
application/json 2606:4700:4400::ac40:965f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:965f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3ae86d8fbcc84609de7b5bfe595b16a556a015462d9c74be57e2da19df9a63a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest: true
X-Braze-DataRequest: true
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type: application/json
Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:01 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: c43ba788-3616-4411-a25d-b0f913c8205b
x-runtime: 0.329329
server: cloudflare
etag: W/"b3ae86d8fbcc84609de7b5bfe595b16a"
vary: Origin,Accept-Encoding
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1713777003
access-control-max-age: 7200
x-ratelimit-limit: 500.0
cf-ray: 87847a6dd91336bf-YYZ
x-ratelimit-remaining: 498.0

GET
H2

200

callback
www.elfcosmetics.com/
Redirect Chain

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
https://www.elfcosmetics.com/callback?usid=3b1c6452-fa2f-4292-8909-8fdf924f6167&code=y5CB51H8r6X1ZhnKjGcJTMFcsIP6RkifTk32Er_5e54

0
0

428ms
427ms

Fetch
application/json

165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/callback?usid=3b1c6452-fa2f-4292-8909-8fdf924f6167&code=y5CB51H8r6X1ZhnKjGcJTMFcsIP6RkifTk32Er_5e54

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Server

165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Apr 2024 09:10:01 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 299d6cdcc49a194864ae1dbfa6512d00.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 0
x-amz-cf-pop: LHR62-C3
age: 0
x-amzn-remapped-connection: close
x-amzn-requestid: 78debf9c-72d4-4903-834a-c54d34206353
x-yottaa-optimizations: ob/1000 si/34D1a5fe38a8-1713544936-7713373211 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
x-amz-apigw-id: WntohFRmiYcEWuw=
content-length: 0
alt-svc: h3=":443"; ma=86400
x-yottaa-forcecache: true
x-amzn-trace-id: Root=1-66262969-1c82a7bc4bfef80a47daf61d;Parent=025ed08990c768fe;Sampled=0;lineage=2b75b0e9:0
content-type: application/json
cache-control: public, max-age=604800
x-yottaa-os: 200
x-yottaa-metrics: 3421a5fe3893/[245,238,-] 34D1a5fe38a8/[-,248.368]
x-amzn-remapped-date: Mon, 22 Apr 2024 09:10:01 GMT
x-amz-cf-id: 2WkbpRGC4PA9hWkx8zN6uc85Jwm82Bc5CTzCaCzTBm_b8cWChxgBGA==

Redirect headers

date: Mon, 22 Apr 2024 09:10:01 GMT
x-correlation-id: 87847a703ed394ea
via: 1.1 bed6fe20b9fca9f4014b1a1d2375d67e.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: LHR62-C3
age: 0
x-yottaa-optimizations: ob/0 si/34D1a5fe38a8-1713544936-7713373209 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
x-ratelimit-1m-remaining: 23984, 1999188
x-ratelimit-1m-reset: 58936, 58935
x-ratelimit-1m-limit: 24000, 2000000
vary: Accept-Encoding
location: https://www.elfcosmetics.com/callback?usid=3b1c6452-fa2f-4292-8909-8fdf924f6167&code=y5CB51H8r6X1ZhnKjGcJTMFcsIP6RkifTk32Er_5e54
cache-control: no-store
x-yottaa-os: 303
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=YZ8PDiotdryFfyTh8B9SKuptUvJDHvRUUh8FY4axdjo
x-yottaa-metrics: 3421a5fe3895/[202,197,-] 34D1a5fe38a8/[-,204.213]
cf-ray: 87847a703ed394ea-LHR
x-amz-cf-id: M7sy-ckwtfTW2naErUSQDXtB2dPyxzH5dNfUXD1cVOl9mq2K9cqE7A==

POST
H2 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 540 B
787 B 424ms
150ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 2a34c585b687cf0ffbe166649496eb072159e73bebe56216ee0c2fcd386149f4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 22 Apr 2024 09:10:00 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 540

GET
H2 200 6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json Show response
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 6 KB
2 KB 457ms
115ms XHR
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55baa715ccc8c2512bceb1c949c1d0927944ca327e7edd2d5fc312d2a41986e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 22 Apr 2024 09:10:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 52052
content-md5: j7e7fSdncC8T3SCV/IpUig==
content-length: 1740
x-ms-lease-status: unlocked
last-modified: Mon, 08 Apr 2024 18:41:03 GMT
server: cloudflare
etag: 0x8DC57FB71838BE4
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: c3fb1654-801e-0031-68e4-89d890000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87847a6dfa8d5443-YYZ
expires: Tue, 23 Apr 2024 09:10:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 503ms
112ms Script
text/javascript 2607:f8b0:4004:c1d::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Apr 2024 08:42:22 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 1659
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 22 Apr 2024 10:42:22 GMT

GET
H2 200 st Show response
st.dynamicyield.com/ 118 KB
10 KB 576ms
132ms Script
text/javascript 2600:9000:269f:7400:15:ad21:c740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=sy9gmbmfb06wkiz68bwjyu2efbc6t1fh&ref=&scriptVersion=2.32.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-CA%22%2C%22data%22%3A%5B%5D%7D
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:269f:7400:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 29dc36d07a779a9ec991dffd8404ee1cf0fb61875a7bcb9c1277d730aeffdaab

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:01 GMT
content-encoding: gzip
via: 1.1 ddaa088f1b6b5a9bcdc791a053431534.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control: no-cache
x-amz-cf-id: tBg3Gnc_9O5Y714zGjavyUEKg6jr3QB_YKGRDn7SQzOvjtvj3Ij29g==
expires: Mon, 22 Apr 2024 09:10:00 GMT

GET
H3

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=141723064.1713777001&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He44h0n81WL3STMXv896...
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=141723064.1713777001&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He44h0n...

42 B
65 B

547ms
129ms

Ping
image/gif

2607:f8b0:4004:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=141723064.1713777001&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He44h0n81WL3STMXv896608294za200&auid=493848422.1713777001

Protocol

Server

2607:f8b0:4004:c1b::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:02 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:02 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=141723064.1713777001&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He44h0n81WL3STMXv896608294za200&auid=493848422.1713777001
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 67 B
305 B 828ms
179ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66707b7434e14fc523f2fc692e4a190958a02598dd3d9c45ec0f65f90091727b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
accept: application/json
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 87847a736e90a205-YYZ
access-control-allow-headers: Content-Type

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 0
0 155ms
154ms Preflight 2606:4700:4400::ac40:965f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:965f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 87847a70fb1936bf-YYZ
content-encoding: gzip
date: Mon, 22 Apr 2024 09:10:01 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 85 B
228 B 223ms
222ms XHR
application/json 2606:4700:4400::ac40:965f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:965f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e126a64544d4259873e83d18a5d93e51bc233860d0a5e7412f1bef9adbb6315c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest: true
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type: application/json
BRAZE-SYNC-RETRY-COUNT: 0
Referer: https://www.elfcosmetics.com/
X-Requested-With: XMLHttpRequest
Accept-Language: en-CA,en;q=0.9;q=0.9
X-Braze-ContentCardsRequest: true
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:01 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: 8c85b257-85fe-4322-895b-4bd10aeadf68
x-runtime: 0.069087
server: cloudflare
etag: W/"e126a64544d4259873e83d18a5d93e51"
vary: Origin,Accept-Encoding
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1713777003
access-control-max-age: 7200
x-ratelimit-limit: 500.0
cf-ray: 87847a71eba236bf-YYZ
x-ratelimit-remaining: 497.0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
212 B 122ms
121ms XHR
text/plain 2607:f8b0:4004:c1d::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=86093818&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dp=%2Fen_CA%2Felf-cosmetic-criminals&ul=en-ca&de=UTF-8&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgAI~&jid=1428152886&gjid=1703726699&cid=911738470.1713777001&tid=UA-432816-1&_gid=1337011146.1713777001&_r=1&_slc=1&gtm=45He44h0n81WL3STMXv896608294za200&gcs=G111&gcd=13t3t3t3t5&dma=0&z=1190316211

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 600 B
655 B 165ms
164ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 018f00241e2ed29200198289fed411722bca5d8f91cd2dd6168c8d6741cefd69

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 22 Apr 2024 09:10:00 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 600

GET
H2 200 dy-coll-min.js Show response
cdn.dynamicyield.com/scripts/2.32.0/ 196 KB
65 KB 112ms
110ms Script
text/javascript 2600:9000:26a0:2a00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26a0:2a00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 42997132bd0142564014ac4a809356dc0ceb9b7a90eede2b5b48019f1700cc58

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Apr 2024 06:17:06 GMT
content-encoding: gzip
via: 1.1 275c32bc50366db37e8c3324dfc942a6.cloudfront.net (CloudFront)
last-modified: Tue, 02 Apr 2024 09:13:12 GMT
server: DYCDN
age: 1306376
x-amz-cf-pop: YUL62-P2
etag: W/"65b3e284856fb8d657d1f6a3423618c7"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=31536000
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: KPUe-dHCQGUpypMjF12bmjCOzUvrEk8c7fxxwHd3CyNyUq60UxKTsw==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
352 B 599ms
203ms XHR
text/plain 2607:f8b0:4004:c19::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-432816-1&cid=911738470.1713777001&jid=1428152886&gjid=1703726699&_gid=1337011146.1713777001&_u=YEBAAEAAAAAAACgAI~&z=623983915

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 22 Apr 2024 09:10:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/ 404 KB
98 KB 107ms
106ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 22 Apr 2024 09:10:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: XJk1ZZTljtwHFT3qcIJg+w==
age: 41710
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 99599
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:36 GMT
server: cloudflare
etag: 0x8DB82A15D413626
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 80bad15d-801e-006c-2fda-12d214000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87847a74de0b38e2-YYZ

POST
H2 200 token Show response
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 2 KB
2 KB 376ms
376ms Fetch
application/json 165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

377e5d1ccadd71e93ad1eccf2a768fffd06365f859665580ef73cef261c262f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:01 GMT
content-encoding: gzip
x-correlation-id: 87847a7559ff76ff
cf-cache-status: DYNAMIC
via: 1.1 392aafb38d46b0d6c1710455b6663726.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: LHR62-C3
age: 0
x-yottaa-optimizations: ob/1000 si/34D1a5fe38a8-1713544936-7713373214 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
pragma: no-cache
x-ratelimit-1m-remaining: 23973, 1998439
x-ratelimit-1m-reset: 58092, 58091
vary: Accept-Encoding, User-Agent
x-ratelimit-1m-limit: 24000, 2000000
content-type: application/json
cache-control: no-store
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics: 3421a5fe382d/[191,189,-] 34D1a5fe38a8/[-,195.305]
cf-ray: 87847a7559ff76ff-LHR
x-amz-cf-id: FVS4wMjUQNy7iEaM_L6FoB9dzc6XAlrCukE2CtuGeJgLi_D411PBhA==

POST
H2 200 uia Show response
async-px.dynamicyield.com/ 0
383 B 406ms
108ms XHR
text/plain 3.162.3.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/uia?cnst=1&_=1713777001921
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.3.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-3-87.yul62.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:02 GMT
via: 1.1 726979f71f252186e97d38202269f636.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P2
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: -6nG1fo3ayjfuafMGQFTbFLZL2RHIGuO6q7URdjoxE5s37HSwzaAoA==
expires: 0

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/018ebeca-ecda-7202-9bf3-a2ff4acebe55/ 158 KB
34 KB 112ms
112ms Fetch
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/018ebeca-ecda-7202-9bf3-a2ff4acebe55/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

009342098f06d5ae7b2186f1076fab177d05b5a481ffe1190535fe501c1cae68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 22 Apr 2024 09:10:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 52011
content-md5: 5rS6k6LfUu8toMASIT8lMw==
content-length: 34672
x-ms-lease-status: unlocked
last-modified: Mon, 08 Apr 2024 18:41:17 GMT
server: cloudflare
etag: 0x8DC57FB7A1265A4
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: abd0a229-b01e-0083-53e4-8927e1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87847a768fe35443-YYZ
expires: Tue, 23 Apr 2024 09:10:02 GMT

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 346ms
107ms Fetch 3.162.3.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=665455&uid=734086977198369129&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=3219ab37aece76c55a8fca3570b866c1&expSes=63580&aud=884367.884385.884387.1167402.1324059.1846919.2324421.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=5640412116092688511&cgtgDecisionId=5640412117876123265&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1713777001980&rri=8590559
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.3.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-3-87.yul62.r.cloudfront.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:02 GMT
via: 1.1 726979f71f252186e97d38202269f636.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P2
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: 4l9s2bV7udr5fSJNidgU4_r9yT-YcH2T-obBwgRmkuAcxNn-mT4h-w==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 347ms
109ms Fetch 3.162.3.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=700214&uid=734086977198369129&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=3219ab37aece76c55a8fca3570b866c1&expSes=63580&aud=884367.884385.884387.1167402.1324059.1846919.2324421.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=5640412117368436982&cgtgDecisionId=5640412115593444961&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1713777001982&rri=1195367
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.3.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-3-87.yul62.r.cloudfront.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:02 GMT
via: 1.1 726979f71f252186e97d38202269f636.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P2
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: 8bLPTpNQsHL0cuzp3weWsCYRwMIGcAbsaLbA6l-mESeYsXN53AmDvw==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 345ms
108ms Fetch 3.162.3.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=613829&uid=734086977198369129&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=3219ab37aece76c55a8fca3570b866c1&expSes=63580&aud=884367.884385.884387.1167402.1324059.1846919.2324421.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=5640412115055183699&cgtgDecisionId=5640412114980228700&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1713777001983&rri=6211712
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.3.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-3-87.yul62.r.cloudfront.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:02 GMT
via: 1.1 726979f71f252186e97d38202269f636.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P2
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: xVXfjgQdLluQfxu_64z3TRQrkJ86ku3nAaWqq2jGrVWSbPTOlSKwyw==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 381ms
145ms Fetch 3.162.3.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=468247&uid=734086977198369129&sec=8772046&t=ri&e=1575901&p=1&ve=12991774&va=%5B28646951%5D&ses=3219ab37aece76c55a8fca3570b866c1&expSes=63580&aud=884367.884385.884387.1167402.1324059.1846919.2324421.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=5640412117535544171&cgtgDecisionId=5640412115891507619&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1713777001984&rri=5062391
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.3.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-3-87.yul62.r.cloudfront.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:02 GMT
via: 1.1 726979f71f252186e97d38202269f636.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P2
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: wtwRrrfSTrSOXzTIAhThRhwGCN969Dwxf0klcCt1EE2lGkYUdE3Nog==
expires: 0

GET
H2 200 cnxtag-min.js Show response
js.cnnx.link/roi/ 2 KB
1 KB 564ms
110ms Script
text/javascript 2600:9000:21a2:6c00:11:85b0:d600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21a2:6c00:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:01:54 GMT
via: 1.1 google, 1.1 12fcb6e1bd9ccc1cb02eb21308b59e46.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: YUL62-C1
age: 488
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
cache-control: max-age=600
x-amz-cf-id: IZrWcRwDqRiKElz8Ign2-pDt3zxLGY2kXjeJZjqo7gYZLew7sqGi3w==

GET
H/1.1

200
OK

cnv
cnv.event.prod.bidr.io/log/
Redirect Chain

https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=c7078f10-6195-41f7-a22d-ce07feacc395&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=un...
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=2f9c6ab2-346a-4d24-98d5-fd3d59bfd581.&ord=2610723753168217777
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=2f9c6ab2-346a-4d24-98d5-fd3d59bfd581.&ord=2610723753168217777&_bee_ppp=1

43 B
796 B

93ms
93ms

Image
image/gif

52.73.200.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=2f9c6ab2-346a-4d24-98d5-fd3d59bfd581.&ord=2610723753168217777&_bee_ppp=1

Protocol

HTTP/1.1

Server

52.73.200.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-73-200-224.compute-1.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
Date: Mon, 22 Apr 2024 09:10:04 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=2f9c6ab2-346a-4d24-98d5-fd3d59bfd581.&ord=2610723753168217777&_bee_ppp=1
Date: Mon, 22 Apr 2024 09:10:04 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2

43 B
1 KB

102ms
101ms

Image
image/gif

68.67.160.26
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2

Protocol

Server

68.67.160.26 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:03 GMT
an-x-request-uuid: 68f6b4dc-53c7-4015-98b8-72546dd1155e
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 166.0.205.46; 166.0.205.46; 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:03 GMT
an-x-request-uuid: 969c4185-63a5-41f2-a6c8-c9fa460964c2
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
cache-control: no-store, no-cache, private
x-proxy-origin: 166.0.205.46; 166.0.205.46; 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=OTU5YmRkZjYtNTk1ZC00MWMwLTlmZWItNDQwMWRhN2E1YWEy&gdpr=0&gdpr_consent=&ttd_tdid=959bddf6-595d-41c0-9feb-4401d...
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=959bddf6-595d-41c0-9feb-4401da7a5aa2&google_gid=CAESED2rbQsVc6OComu49vWaF60&google_cver=1
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=959bddf6-595d-41c0-9feb-4401da7a5aa2&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=959bddf6-595d-41c0-9feb-4401da7a5aa2
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=4303390990826304848&ttd_tdid=959bddf6-595d-41c0-9feb-4401da7a5aa2
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=959bddf6-595d-41c0-9feb-4401da7a5aa2&expiration=1716369004&gdpr=0&gdpr_consent=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=959bddf6-595d-41c0-9feb-4401da7a5aa2&expiration=1716369004&gdpr=0&gdpr_consent=&C=1

43 B
344 B

102ms
101ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=959bddf6-595d-41c0-9feb-4401da7a5aa2&expiration=1716369004&gdpr=0&gdpr_consent=&C=1
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:05 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ILuy9aFjBHFA75w%2F9lbdUzHQCtxTZOt8w1PO93YZqPn43pSMfeqW2pTnxU5dwiKcJi%2FpSSK8JVGLQi6iZgd0%2BMh1oU%2Bm%2Fh4%2F064auH%2B4haq1mv9h44w7NRWiU%2Bbtfp2IHh95LKgIM9xXWg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 87847a8b693839f8-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:05 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ugThdfxxJ3%2FnxEY0YAzGAMboovq%2BdcFUvmv8q1YIiwJC5AqGcqh%2F68Snr0kUEIEWKzVdAUl6tez2c2cQ8en1uHVBTaMI3%2FL6Wg8QIBeeu0dPCjmN3ZnXb8%2BVfW7ZUYIvAMrBfJvFDGNxEg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=39&external_user_id=959bddf6-595d-41c0-9feb-4401da7a5aa2&expiration=1716369004&gdpr=0&gdpr_consent=&C=1
cache-control: no-cache
cf-ray: 87847a8a285039f8-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 121ms
121ms Image
image/gif 2607:f8b0:4004:c1d::63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=911738470.1713777001&jid=1428152886&_u=YEBAAEAAAAAAACgAI~&z=762794971

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::63 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 461ms
124ms Image
image/gif 2607:f8b0:4004:c1b::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=911738470.1713777001&jid=1428152886&_u=YEBAAEAAAAAAACgAI~&z=762794971

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 batch
async-px.dynamicyield.com/ 0
383 B 450ms
160ms Ping
text/plain 3.162.3.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/batch?cnst=1&_=1713777002047_383890
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.3.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-3-87.yul62.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:08 GMT
via: 1.1 1f0f1388abc5c7a2f1935aa322216120.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P2
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: P5AW61Kv4f0GwR3hq3bZQLyUCgeNLXL3i_bZ0j_3HCnxBfh0mwacOQ==
expires: 0

GET
H2 200 favicon.ico
www.elfcosmetics.com/ 34 KB
34 KB 282ms
281ms Other
image/x-icon 165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:02 GMT
via: 1.1 87641e1239bec79625df251e657d6b44.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 34494
x-amz-cf-pop: LHR62-C3
age: 291, 291
x-amzn-remapped-connection: close
x-amzn-requestid: c2a0da94-cdd1-416d-8495-afc8fdcbb470
x-yottaa-optimizations: ob/100 si/34D1a5fe38a8-1713544936-7713373215 tts/1710864117465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront
x-amz-apigw-id: WmX9nFejiYcEZjg=
content-length: 34494
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 17 Apr 2024 19:04:06 GMT
x-amzn-trace-id: Root=1-6625a056-27abec5d054b8c8a01d9d3df;Parent=7ef114ecccf9aac3;Sampled=0;lineage=2b75b0e9:0
etag: W/"86be-18eed71dc70"
vary: Accept-Encoding
content-type: image/x-icon
cache-control: max-age=600, s-maxage=600
x-yottaa-metrics: 3421a5fe382f/[4,-,1713776673463] 34D1a5fe38a8/[-,7.359]
accept-ranges: bytes
x-amzn-remapped-date: Sun, 21 Apr 2024 23:25:10 GMT
x-amz-cf-id: 8g54Fr3h5CIYxePVt0Gfr4s5M8r4vqpP1sBWv4qjFM162qLxGJQ_tg==

POST
H2 204 sessions Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 0
1 KB 351ms
350ms XHR
text/plain 165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MzFkYTk4OS01NGU2LTQwYjUtYTI5OC0wZDQxYjc1ZjdiMWUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjNiMWM2NDUyLWZhMmYtNDI5Mi04OTA5LThmZGY5MjRmNjE2NyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTM3NzY5NzEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFiazBnVndYd1lscmdSeEtjV3hHWVlrSElXOjpjaGlkOiAiLCJleHAiOjE3MTM3Nzg4MDEsImlhdCI6MTcxMzc3NzAwMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNTEwNDMzNjI0MjcwODQwMyJ9.AKK1mZNSf8EO6vvokrPO4-W2Pw5V0lY5ffV0bMXibJlZHldOJwNyplRNJODuD9YOwA9uH5daISXh-AitSsr0fA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:02 GMT
via: 1.1 1f2188741578a30afe87356d2b5507e2.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: LHR62-C3
age: 0
x-yottaa-optimizations: ob/0 si/34D1a5fe38a8-1713544936-7713373216 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
pragma: no-cache
allow: OPTIONS,POST
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 3421a5fe382e/[167,165,-] 34D1a5fe38a8/[-,169.130]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges: bytes
cf-ray: 87847a77ba0a48b9-LHR
x-dw-request-base-id: qbDRQmopJmYBAAB_
x-amz-cf-id: qs82YbArkInGCc7Wx4MJixwkujzbEx-_BCeEPssRrCYuLXHhYpQqeQ==
x-yottaa-os: 204
expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H2 200 shoppercontext Show response
www.elfcosmetics.com/api/v1/ 135 B
883 B 764ms
763ms XHR
application/json 165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

d7003226e2fea50e6765c46fe1bdacfe3a16adedd6c7a2530fef876c2356cf9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MzFkYTk4OS01NGU2LTQwYjUtYTI5OC0wZDQxYjc1ZjdiMWUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjNiMWM2NDUyLWZhMmYtNDI5Mi04OTA5LThmZGY5MjRmNjE2NyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTM3NzY5NzEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFiazBnVndYd1lscmdSeEtjV3hHWVlrSElXOjpjaGlkOiAiLCJleHAiOjE3MTM3Nzg4MDEsImlhdCI6MTcxMzc3NzAwMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNTEwNDMzNjI0MjcwODQwMyJ9.AKK1mZNSf8EO6vvokrPO4-W2Pw5V0lY5ffV0bMXibJlZHldOJwNyplRNJODuD9YOwA9uH5daISXh-AitSsr0fA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 8a2dbe2d91170aaa26a5c93eeaf49e5c.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 135
content-encoding: gzip
x-amz-cf-pop: LHR62-C3
age: 0
x-amzn-remapped-connection: close
x-amzn-requestid: 379e33d4-40e8-4004-ae79-f0285dc1409c
x-yottaa-optimizations: ob/1000 si/34D1a5fe38a8-1713544936-7713373217 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
x-amz-apigw-id: WntopFdZiYcEG9g=
content-length: 119
alt-svc: h3=":443"; ma=86400
etag: W/"87-WFt3zDSdrvttkMP6rAK367Qj/Rw"
x-amzn-trace-id: Root=1-6626296a-5e6106b024b80ac0261e08d5;Parent=47e8af26d6622922;Sampled=0;lineage=2b75b0e9:0
content-type: application/json; charset=utf-8
x-yottaa-os: 200
x-yottaa-metrics: 3421a5fe3830/[582,581,-] 34D1a5fe38a8/[-,586.290]
x-amzn-remapped-date: Mon, 22 Apr 2024 09:10:02 GMT
x-amz-cf-id: P63QUQEwTQ8bR9uAX2YeDf7-U09DJrB3O1izeg8BK2cKF3bDRCTFnQ==

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 85 B
251 B 594ms
594ms XHR
application/json 2606:4700:4400::ac40:965f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:965f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65c9e34fa469e61be320cd10500f8592a33b307af08aa332df3c8cfe88cf8d7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest: true
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type: application/json
BRAZE-SYNC-RETRY-COUNT: 0
Referer: https://www.elfcosmetics.com/
X-Requested-With: XMLHttpRequest
Accept-Language: en-CA,en;q=0.9;q=0.9
X-Braze-ContentCardsRequest: true
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:02 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: 724b364f-b26f-473a-9765-4ac5c5513717
x-runtime: 0.436717
server: cloudflare
etag: W/"65c9e34fa469e61be320cd10500f8592"
vary: Origin,Accept-Encoding
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1713777003
access-control-max-age: 7200
x-ratelimit-limit: 500.0
cf-ray: 87847a774eca36bf-YYZ
x-ratelimit-remaining: 492.0

GET
H2 200 geo-ip Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 189 B
904 B 532ms
531ms XHR
application/json 165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=166.0.205.46

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

85461719c1f6479769151df8cad3514d6819310afbe893ec9fc124501c5b1697

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type: application/json
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:02 GMT
sfdc_customization: HOOK
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
via: 1.1 0632dce52bb4d036890e14a88154db56.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR62-C3
x-yottaa-optimizations: ob/1000 si/34D1a5fe38a8-1713544936-7713373219 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
age: 0
alt-svc: h3=":443"; ma=86400
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=166.0.205.46
x-yottaa-metrics: 3421a5fe3832/[352,350,-] 34D1a5fe38a8/[-,355.085]
cf-ray: 87847a78bf566517-LHR
x-dw-request-base-id: qbDTQmopJmYBAAB_
x-amz-cf-id: a2vwH4DYoMDVteexxMRJUZVCZQMHXnwAJiyXv5yE8y9Jt7ZA0wdNsA==

OPTIONS
H2 200 viewPage
api.cquotient.com/v3/activities/bbxc-elf-us/ Frame 0
0 523ms
166ms Preflight 54.237.131.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.237.131.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-237-131-176.compute-1.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-cq-client-id
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization, content-type, x-cq-tenant, x-cq-client-id
access-control-allow-methods: POST
access-control-allow-origin: https://www.elfcosmetics.com
content-length: 0
date: Mon, 22 Apr 2024 09:10:02 GMT
server: envoy
strict-transport-security: max-age=15552000; includeSubdomains
x-envoy-upstream-service-time: 1

GET
H2 200 geo-ip Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 189 B
903 B 1255ms
722ms XHR
application/json 165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=166.0.205.46

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

85461719c1f6479769151df8cad3514d6819310afbe893ec9fc124501c5b1697

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type: application/json
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:03 GMT
sfdc_customization: HOOK
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
via: 1.1 7654e8d5fbf72d40d262281571df7bae.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR62-C3
x-yottaa-optimizations: ob/1000 si/34D1a5fe38a8-1713544936-7713373222 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
age: 0
alt-svc: h3=":443"; ma=86400
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=166.0.205.46
x-yottaa-metrics: 3421a5fe3834/[444,443,-] 34D1a5fe38a8/[-,447.611]
cf-ray: 87847a7ca85e88c2-LHR
x-dw-request-base-id: HVphzGspJmYBAAB_
x-amz-cf-id: ow9ej8kpYAT5DuGxClUgxXAjO5YpCZe0yYGSO7775QBz3j2LJtpGyA==

GET
H2 200 baskets Show response
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abk0gVwXwYlrgRxKcWxGYYkHIW/ 11 B
2 KB 597ms
596ms Fetch
application/json 165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abk0gVwXwYlrgRxKcWxGYYkHIW/baskets?siteId=elf-us

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MzFkYTk4OS01NGU2LTQwYjUtYTI5OC0wZDQxYjc1ZjdiMWUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjNiMWM2NDUyLWZhMmYtNDI5Mi04OTA5LThmZGY5MjRmNjE2NyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTM3NzY5NzEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFiazBnVndYd1lscmdSeEtjV3hHWVlrSElXOjpjaGlkOiAiLCJleHAiOjE3MTM3Nzg4MDEsImlhdCI6MTcxMzc3NzAwMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNTEwNDMzNjI0MjcwODQwMyJ9.AKK1mZNSf8EO6vvokrPO4-W2Pw5V0lY5ffV0bMXibJlZHldOJwNyplRNJODuD9YOwA9uH5daISXh-AitSsr0fA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:02 GMT
sfdc_customization: HOOK
dnt: 0
cf-cache-status: DYNAMIC
x-correlation-id: 87847a799ae89544
x-content-type-options: nosniff
via: 1.1 392aafb38d46b0d6c1710455b6663726.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR62-C3
x-yottaa-optimizations: ob/1000 si/34D1a5fe38a8-1713544936-7713373221 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=BI6.N.BwQzyLqZNOBblTW.0bxK5rlglMYfd3Ze5xEXw-1713777002-1.0.1.1-p0SNgXR_j1dEejlCVAyNIi1cZvSVRf0E6lDcak_BFnEBBowqKq6F9JhibJqPz0i8QDB5xpdwos12.tdm_SIoVZtxAvyA8zKOn7b7yqHhwPul8KE0YYX7XxSuQ1EP9DTAy_ahTYRZ.pjY1BPIyr66AAGrACSlbndW.Bld9fMAnaAMlAQMgMWV0cL2NZR6MYMc; report-to cf-csp-endpoint
x-cache: Miss from cloudfront
age: 0
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
content-length: 37
allow: GET,HEAD,OPTIONS
x-ratelimit-remaining: 999
content-type: application/json;charset=UTF-8
vary: Accept-Encoding
sfdc_load: 1
x-yottaa-metrics: 3421a5fe3833/[270,267,-] 34D1a5fe38a8/[-,272.258]
cache-control: max-age=0,no-cache,no-store
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abk0gVwXwYlrgRxKcWxGYYkHIW/baskets?siteId=elf-us
x-ratelimit-limit: 99999
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=BI6.N.BwQzyLqZNOBblTW.0bxK5rlglMYfd3Ze5xEXw-1713777002-1.0.1.1-p0SNgXR_j1dEejlCVAyNIi1cZvSVRf0E6lDcak_BFnEBBowqKq6F9JhibJqPz0i8QDB5xpdwos12.tdm_SIoVZtxAvyA8zKOn7b7yqHhwPul8KE0YYX7XxSuQ1EP9DTAy_ahTYRZ.pjY1BPIyr66AAGrACSlbndW.Bld9fMAnaAMlAQMgMWV0cL2NZR6MYMc"}],"group":"cf-csp-endpoint","max_age":86400}
accept-ranges: bytes
cf-ray: 87847a799ae89544-LHR
x-amz-cf-id: cd5JC4AwDi2bQqVUW8zxfDqy2QfnCeZ__c2LgbwxICMv-jgYN_RtEg==
x-yottaa-os: 200

POST
H2 200 viewPage Show response
api.cquotient.com/v3/activities/bbxc-elf-us/ 98 B
516 B 104ms
104ms Fetch
application/json 54.237.131.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/main.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.237.131.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-237-131-176.compute-1.amazonaws.com

Software

envoy /

Resource Hash

ff4e16e0f34624fec4fa1d76b55e5f86bbd348dd117ea2acdfa1f0b86b059ee8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
x-cq-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.elfcosmetics.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:02 GMT
strict-transport-security: max-age=15552000; includeSubdomains
server: envoy
etag: W/"62-0sU4Fu/UidIEF/RjlR8sF39M1MQ"
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 4
content-length: 98

POST
H2 200 event
qoe-1.yottaa.net/log-nt/ 3 B
191 B 509ms
171ms Ping
text/json 204.2.50.19
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://qoe-1.yottaa.net/log-nt/event
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.2.50.19 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 22 Apr 2024 09:10:08 GMT
access-control-expose-headers: X-Results-Data-Source
access-control-allow-credentials: true
cache-control: no-cache
timing-allow-origin: *
content-type: text/json

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/1a390536/www-widgetapi.vflset/ 216 KB
67 KB 116ms
114ms Script
text/javascript 2607:f8b0:4004:c17::be
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1a390536/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::be Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85b38e7085ac3e5d7b57603c31d75140522fa3a4a70c0a944ad7337b80451e1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 19 Apr 2024 11:56:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 249185
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68321
x-xss-protection: 0
last-modified: Thu, 18 Apr 2024 04:15:21 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sat, 19 Apr 2025 11:56:58 GMT

GET
H2 200 110221.ct.js Show response
tag.rmp.rakuten.com/ 47 KB
15 KB 382ms
104ms Script
text/javascript 34.102.147.248
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.rmp.rakuten.com/110221.ct.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

248.147.102.34.bc.googleusercontent.com

Software

Resource Hash

0b2f3284731451436ae24019f5bced6829fc4f1c005ba21e4694a6dbc6e98f8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:04 GMT
content-encoding: gzip
via: 1.1 google
strict-transport-security: max-age=31536000
last-modified: Mon, 22 Apr 2024 09:10:04 GMT
x-cache: hit
x-samesite: secure
content-type: text/javascript
cache-control: max-age=86400
x-dyn: 0
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 js Show response
www.paypal.com/sdk/ 419 KB
117 KB 350ms
80ms Script
application/javascript 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5fcc27d86413eb4682a9c5392e8938f5c90ac54c3938360d5ac1db40e8bf6474

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-rmYB4ANAPeCB4N/0FHOfEQGgNSjTEmqHePzDLFfXhaHbOpQJ' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-rmYB4ANAPeCB4N/0FHOfEQGgNSjTEmqHePzDLFfXhaHbOpQJ' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-rmYB4ANAPeCB4N/0FHOfEQGgNSjTEmqHePzDLFfXhaHbOpQJ' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-rmYB4ANAPeCB4N/0FHOfEQGgNSjTEmqHePzDLFfXhaHbOpQJ' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
disable-set-cookie: true
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Mon, 22 Apr 2024 09:10:04 GMT
age: 9728
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT, HIT, MISS
p3p: true
paypal-debug-id: f50892307a308
server-timing: "traceparent;desc="00-0000000000000000000f50892307a308-3a7d85131934e2c4-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 117884
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200163-BUR, cache-yyz4529-YYZ, cache-yyz4529-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f50892307a308-f0fe6c35df3fe923-01
x-timer: S1713777005.529539,VS0,VE4
etag: W/"1cc7c-fKO3YtMzy7+SsWbeBFfWZoqFb88"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 1, 2, 0

GET
H/1.1 200
OK main.js Show response
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 145 KB
43 KB 595ms
172ms Script
application/javascript 23.47.22.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.47.22.7 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-47-22-7.deploy.static.akamaitechnologies.com

Software

nginx / Express

Resource Hash

f7f7d48fa4ef27a882d9690c581637c5f56c8f0870e7d375a333c6604b54c432

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=15768000
Content-Encoding: gzip
Date: Mon, 22 Apr 2024 09:10:04 GMT
Server: nginx
X-Powered-By: Express
ETag: W/"057b1d4cea90cfb374227140e2f2f95d96013931-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: must-revalidate, max-age=900
Connection: keep-alive
Content-Length: 43204
Expires: Mon, 22 Apr 2024 09:25:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 314 KB
102 KB 138ms
137ms Script
application/javascript 2607:f8b0:4004:c19::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e6c79e72683ebef227c5767d4a239deac31faa1188dcbc23942813397e8298f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 104276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 22 Apr 2024 09:10:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 299 KB
99 KB 139ms
138ms Script
application/javascript 2607:f8b0:4004:c19::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c35e6b899389cf76f7b026a545a741757f12c0ac3aa16b799129288c73bb1f29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 101305
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 22 Apr 2024 09:10:04 GMT

GET
H2 200 1a8bfa042c9c5.js Show response
t.contentsquare.net/uxa/ 292 KB
71 KB 380ms
102ms Script
application/javascript 3.161.213.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.213.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-213-65.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 329a5e6b08a931ac1df4877349d5fb131ee553dd231dad91850a0422d7d89dd8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 21 Apr 2024 06:49:23 GMT
content-encoding: br
via: 1.1 a6f2e7c3dd76750ec70d32e7fcf09838.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P1
age: 0
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 71694
last-modified: Thu, 04 Apr 2024 14:00:49 GMT
server: AmazonS3
etag: "f5dfc1db5e16fbec46d877d4586c2484"
vary: Accept-Encoding, Origin
content-type: application/javascript;charset=utf-8
cache-control: max-age=900
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: YjVcYgc1GD5wIEqNpBVc7rxxSzEMw7KINwV6-bdaNFBdkKNFEqRrFw==

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 13 KB
3 KB 108ms
107ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 22 Apr 2024 09:10:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 5mNZducabMgxSDzBo+ZI8w==
age: 45944
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3017
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:30 GMT
server: cloudflare
etag: 0x8DB82A159AF8EA6
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 0c718e4e-201e-0081-6f27-129959000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87847a7869545443-YYZ

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/ 61 KB
12 KB 124ms
123ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 22 Apr 2024 09:10:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: sXFDxCJwbPEMIT/8f5Prwg==
age: 54850
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12544
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:33 GMT
server: cloudflare
etag: 0x8DB82A15AFF8646
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 99943331-001e-00a9-52a5-21f8f1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87847a78895f5443-YYZ

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 5 KB
2 KB 122ms
122ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 22 Apr 2024 09:10:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: v0pzgeeelPwcAOki15i3HA==
age: 54850
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1766
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:32 GMT
server: cloudflare
etag: 0x8DB82A15AB9FB83
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: cd67b2fb-901e-0094-1c03-248eea000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87847a7889605443-YYZ

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 21 KB
4 KB 130ms
130ms Fetch
text/css 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 22 Apr 2024 09:10:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: oWkBTLgDDXvrUsd93y/Zxg==
age: 49848
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:41 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: b54dfe3f-901e-004f-6264-2348d7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 87847a7889615443-YYZ

GET
H2 200 loader.js Show response
cdn.usehero.com/ 98 KB
28 KB 584ms
136ms Script
application/javascript 2600:9000:269f:e600:13:d6f4:3240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.usehero.com/loader.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:269f:e600:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 08:25:43 GMT
content-encoding: gzip
via: 1.1 7ea5749a224369d9af20b6d6ce7dbd92.cloudfront.net (CloudFront)
last-modified: Tue, 19 Sep 2023 07:56:38 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-P1
age: 2662
x-amz-server-side-encryption: AES256
etag: W/"fbf714a58cbac38c0deea519667d9044"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: DQ9AP-zcvmObpMrGyuaPOHKWOQ8lDJdJLf5_TCHGRwl9z1C79laXjQ==

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 203 KB
73 KB 131ms
131ms Script
application/javascript 2607:f8b0:4004:c19::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8add184e36bdf719545387283b61f9fb297b6333aef824170bea1f32d5943615

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 75113
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 22 Apr 2024 09:10:04 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 203 KB
73 KB 133ms
132ms Script
application/javascript 2607:f8b0:4004:c19::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

227ae61dd515aedc028b23d5d57498bf67cbb18668f87aafa04de256ba1b5d94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 75044
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 22 Apr 2024 09:10:05 GMT

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 5 KB
2 KB 596ms
142ms Script
application/javascript 2600:1408:c400:383::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:383::1931 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 62e7cb03e8f65ceb4f43a5a56a3b9c3950158fae3fea85699e3f4c68672f4c2f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
x-cdn: akamai
etag: "2a48a6694c41c203319b5f6018c2bbbc"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: X-CDN
cache-control: max-age=7200
accept-ranges: bytes
alt-svc: h3=":443"; ma=600
content-length: 1899

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 218 KB
59 KB 574ms
154ms Script
application/x-javascript 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

01e9582655224c83e6c075f44b7eecb135e108b6ad2150bf6f78a0a77c4ad5e0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 22 Apr 2024 09:10:05 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57850
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=13, mss=1392, tbw=2772, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: UY26FvE0d291kPrbaakt9zxNKNfX8f7FnCMcvJjcbnQa3UubXQ9KIhN0lCdLrnUOfB+7wyWl+Ue1rb8rB4fKcQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 28 KB
9 KB 485ms
98ms Script
application/javascript 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:05 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 15 Feb 2024 20:38:48 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "9a680c8c475d8bba600d4d87b4fa7ee5"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 8702

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 447ms
107ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 22 Apr 2024 09:10:06 GMT
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D45C37FE6E0D4EDB9AE2A32307000078 Ref B: YTO01EDGE0819 Ref C: 2024-04-22T09:10:06Z
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13261

GET
H2 200 sdk.js Show response
analytics.tiktok.com/i18n/pixel/ 8 KB
3 KB 569ms
227ms Script
application/javascript 23.212.249.197
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=BRR4GA0I9JJBU29G8GF0
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.197 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-197.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a7c9377b659a6085ae7692459706c2e40f936ee3110ada12b818d3ab3c4ed68b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 4d30355d
date: Mon, 22 Apr 2024 09:10:06 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240422091006535A3BC845C4F4F9198A-7608F84A7AAD04D6-00
x-cache: TCP_MISS from a23-220-105-197.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing: inner; dur=2, cdn-cache; desc=MISS, edge; dur=25, origin; dur=20
content-length: 2528
pragma: no-cache
server: nginx
x-tt-logid: 20240422091006535A3BC845C4F4F9198A
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 20,23.220.105.197
x-tt-trace-host: 013dcb17053a1a5dbd53e1e4039d3a49b8f413ad74e517f46643fe27a4ab0871d8b7a8ae00d900c8ae593e59a94c8b5e0682b28ef534d33343024dbc9f0ce2295c28e94d090b6ae9186bc54a6cb40576f90249072d28fd2b9b22fe8a1c24976a03
expires: Mon, 22 Apr 2024 09:10:06 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 6 KB
3 KB 126ms
125ms Script
application/javascript 23.212.249.197
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.197 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-197.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 736ec1fceccf675f5082662be789e53be1c78d00c8ca683a976d769ee581a790

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 4d30364e
date: Mon, 22 Apr 2024 09:10:06 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240422091006A15135B7998E2DF4FCDC-4B9E6D0E78EF42C7-00
x-cache: TCP_MISS from a23-220-105-197.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=0, origin; dur=6
content-length: 2076
pragma: no-cache
server: nginx
x-tt-logid: 20240422091006A15135B7998E2DF4FCDC
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 6,23.220.105.197
x-tt-trace-host: 013dcb17053a1a5dbd53e1e4039d3a49b8f413ad74e517f46643fe27a4ab0871d86318ba73107d3a4478c23de20b19c639a8097cff125f357006b1cadfe25d013efc67df1402602a183497a0bd46e2abfd247a1ffb98e8476cfb4a9542e59a68cc
expires: Mon, 22 Apr 2024 09:10:06 GMT

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
624 B 106ms
106ms Image
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 22 Apr 2024 09:10:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 55071
x-ms-lease-status: unlocked
last-modified: Thu, 18 Apr 2024 19:47:54 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 0d01d5c9-201e-0017-5009-929088000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 87847a7948ef38e2-YYZ

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
517 B 102ms
101ms Fetch
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 22 Apr 2024 09:10:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 41550
x-ms-lease-status: unlocked
last-modified: Thu, 18 Apr 2024 19:47:54 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: ff66d6a8-601e-0080-3914-92c685000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 87847a7959cd5443-YYZ

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 113ms
112ms Image
image/png 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 22 Apr 2024 09:10:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 55075
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Thu, 18 Apr 2024 19:47:54 GMT
server: cloudflare
etag: 0x8DC5FE070ADC548
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: e3ca2056-101e-007e-4209-92a9c4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87847a942af138e2-YYZ

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 114ms
113ms Image
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 22 Apr 2024 09:10:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 46183
x-ms-lease-status: unlocked
last-modified: Thu, 18 Apr 2024 19:47:54 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: d44abfc7-d01e-0003-228c-92d8e7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 87847a942af538e2-YYZ

GET
H2 200 widget.js Show response
js.jebbit.com/companion/v1/ 44 KB
45 KB 573ms
122ms Script
text/javascript 2600:9000:21a2:7800:a:7914:b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.jebbit.com/companion/v1/widget.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21a2:7800:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a938eea663af09f75118101cf9061107fbef7c4770d7d123c71e33c52c565139

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: R3KY_K4A_1J6MbzxdLc7TwnPZXsf4837
date: Sun, 21 Apr 2024 14:53:09 GMT
via: 1.1 0dbb84b34f6ac39ad26a6446ff2b18ec.cloudfront.net (CloudFront)
last-modified: Wed, 21 Feb 2024 21:57:20 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C1
age: 65818
x-amz-server-side-encryption: AES256
etag: "cc4e73d84c409b310a274ca12ee462bc"
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 45249
x-amz-cf-id: kwhyubWDqXeqQ72UdkfjH4-v4tfTP8cmrDfb46d3ezNBkmgwFDQPgw==

GET
H2 200 i.js Show response
tag.wknd.ai/6664/ 17 KB
6 KB 347ms
79ms Script
text/plain 34.120.253.250
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.wknd.ai/6664/i.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 250.253.120.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: fa231056681e8d80c926f3a7c027699435f2dac18f21543b74fc144912bd88f4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:09:03 GMT
content-encoding: gzip
via: 1.1 google
age: 64
x-envoy-upstream-service-time: 0
x-region: us-central1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5537
server: istio-envoy
etag: eafeb909ea8ada
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=60
timing-allow-origin: *
link: <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect

POST
H2 200 baskets Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 3 KB
2 KB 457ms
456ms XHR
application/json 165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

6cbda453a5f8a1d851d55c0fe673b992cdf39e211ab31b1b4f6c290731b4a362

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MzFkYTk4OS01NGU2LTQwYjUtYTI5OC0wZDQxYjc1ZjdiMWUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjNiMWM2NDUyLWZhMmYtNDI5Mi04OTA5LThmZGY5MjRmNjE2NyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTM3NzY5NzEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFiazBnVndYd1lscmdSeEtjV3hHWVlrSElXOjpjaGlkOiAiLCJleHAiOjE3MTM3Nzg4MDEsImlhdCI6MTcxMzc3NzAwMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNTEwNDMzNjI0MjcwODQwMyJ9.AKK1mZNSf8EO6vvokrPO4-W2Pw5V0lY5ffV0bMXibJlZHldOJwNyplRNJODuD9YOwA9uH5daISXh-AitSsr0fA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type: application/json
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:03 GMT
sfdc_customization: HOOK
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 20340eb7909bfa098c771e4c93be880a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR62-C3
age: 0
x-yottaa-optimizations: ob/1000 si/34D1a5fe38a8-1713544936-7713373223 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding: gzip
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 1105
pragma: no-cache
etag: 01f63fdfc154183d5dc0542060767cc8a09e9cf557383c6b0a946048373e75fd
allow: OPTIONS,POST
content-type: application/json;charset=UTF-8
x-dw-resource-state: 01f63fdfc154183d5dc0542060767cc8a09e9cf557383c6b0a946048373e75fd
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 3421a5fe3835/[216,213,-] 34D1a5fe38a8/[-,219.636]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges: bytes
cf-ray: 87847a7d4c25547b-LHR
x-dw-request-base-id: qbDfQmspJmYBAAB_
x-amz-cf-id: 2qxhtDLrn-C-oAK5fLfLZY-fTOHGrJJNAEqQvZgPAxrxgRzJSpM1dA==
x-yottaa-os: 200
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 200 NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 5 KB
6 KB 452ms
106ms Image
image/png 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:03 GMT
x-amz-version-id: null
cf-cache-status: HIT
age: 79518
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 5378
last-modified: Sun, 21 Apr 2024 11:04:45 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 87847a7fed8ca1ec-YYZ
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H3 200 icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 2 KB
1 KB 453ms
108ms Image
image/svg+xml 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%203x
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:03 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
age: 49680
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 21 Apr 2024 19:22:03 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 87847a7fed8ea1ec-YYZ
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H3 200 icon-noun-mist-spray-6491531-2
elfcosmetics.a.bigcontent.io/v1/static/ 649 B
753 B 448ms
103ms Image
image/svg+xml 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-mist-spray-6491531-2?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-mist-spray-6491531-2?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-mist-spray-6491531-2?%24Desktop%24=&fmt=auto%203x
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ce9fb17074b954a06fc54f99d41dd29e2b613c7d843577775dafdf870cc00ac

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:03 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
age: 61428
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 21 Apr 2024 16:06:15 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 87847a7fed8ba1ec-YYZ
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 84759 Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/products/ 20 KB
5 KB 729ms
728ms XHR
application/json 165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/products/84759?siteId=elf-us&locale=en-CA&currency=CAD&expand=availability%2Cbundled_products%2Clinks%2Cpromotions%2Coptions%2Cimages%2Cprices%2Cvariations%2Cset_products%2Crecommendations&all_images=true&perPricebook=true

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

b4fa8c9378d9dbd823f033e64101ab85cdfec1e0adf456c68b50ceabb6452591

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type: application/json
c_x-pwa-request: true
cache-control: no-cache
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:03 GMT
sfdc_customization: HOOK
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: gzip
via: 1.1 67ef3abac0a476e3c8690ff0f09febb8.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR62-C3
x-yottaa-optimizations: ob/1000 si/34D1a5fe38a8-1713544936-7713373224 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
age: 0
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 22 Apr 2024 09:10:03 GMT
allow: GET,HEAD,OPTIONS
vary: accept-encoding
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/products/84759?siteId=elf-us&locale=en-CA&currency=CAD&expand=availability%2Cbundled_products%2Clinks%2Cpromotions%2Coptions%2Cimages%2Cprices%2Cvariations%2Cset_products%2Crecommendations&all_images=true&perPricebook=true
x-yottaa-metrics: 3421a5fe3836/[548,545,-] 34D1a5fe38a8/[-,551.449]
cf-ray: 87847a7e38416547-LHR
x-dw-request-base-id: DRACNGspJmYBAAB_
x-amz-cf-id: I5U9haDYRfoFyGw0aa7XJdaNoyvCrQvwf13grCZHUSGce8itYwnQgQ==

POST
H3 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 32 B
49 B 151ms
151ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 7586f9164e6bc95d916e3828d687c85f77cf253b34a5908fffa5f6f17dfd0d72

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 22 Apr 2024 09:10:03 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32

GET
H2 200 PWA-UpdateSession Show response
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/ 56 B
1 KB 606ms
606ms XHR
application/json 165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce

Request headers

c_x-pwa-request: true
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:03 GMT
content-encoding: gzip
via: 1.1 8bdb05fbf74c6dd0d9d93215e88dbeee.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: LHR62-C3
age: 0
x-yottaa-optimizations: ob/1000 si/34D1a5fe38a8-1713544936-7713373225 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
pragma: no-cache
content-type: application/json
cache-control: no-cache, no-store, must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
x-yottaa-metrics: 3421a5fe3837/[379,376,-] 34D1a5fe38a8/[-,382.138]
cf-ray: 87847a802d3d635f-LHR
x-dw-request-base-id: HVpqzGspJmYBAAB_
x-amz-cf-id: 3X6kMBWchAYdPJ-r0ITaJ7-YME5lb8Vcgz1bTnSPpfiYlNOXKIAtWg==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 promotions Show response
www.elfcosmetics.com/mobify/proxy/api/pricing/shopper-promotions/v1/organizations/f_ecom_bbxc_prd/ 1 KB
1 KB 360ms
360ms Fetch
application/json 165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/pricing/shopper-promotions/v1/organizations/f_ecom_bbxc_prd/promotions?siteId=elf-us&ids=chooseyourgwp-CA-2%2C2024-04-fs-%2450-Canada&locale=en-CA

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

de4c69e340960eb3472db636f541e7f04b6482965dda55ac281535efe8e03ea7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MzFkYTk4OS01NGU2LTQwYjUtYTI5OC0wZDQxYjc1ZjdiMWUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjNiMWM2NDUyLWZhMmYtNDI5Mi04OTA5LThmZGY5MjRmNjE2NyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTM3NzY5NzEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFiazBnVndYd1lscmdSeEtjV3hHWVlrSElXOjpjaGlkOiAiLCJleHAiOjE3MTM3Nzg4MDEsImlhdCI6MTcxMzc3NzAwMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNTEwNDMzNjI0MjcwODQwMyJ9.AKK1mZNSf8EO6vvokrPO4-W2Pw5V0lY5ffV0bMXibJlZHldOJwNyplRNJODuD9YOwA9uH5daISXh-AitSsr0fA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:04 GMT
content-encoding: gzip
dnt: 0
cf-cache-status: DYNAMIC
x-correlation-id: 87847a82db15640d
x-content-type-options: nosniff
via: 1.1 bed6fe20b9fca9f4014b1a1d2375d67e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR62-C3
x-yottaa-optimizations: ob/1000 si/34D1a5fe38a8-1713544936-7713373226 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
age: 0
alt-svc: h3=":443"; ma=86400
allow: GET,HEAD,OPTIONS
vary: accept-encoding
content-type: application/json;charset=UTF-8
x-ratelimit-remaining: 999
sfdc_load: 2
cache-control: private,max-age=29
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/pricing/shopper-promotions/v1/organizations/f_ecom_bbxc_prd/promotions?siteId=elf-us&ids=chooseyourgwp-CA-2%2C2024-04-fs-%2450-Canada&locale=en-CA
x-ratelimit-limit: 99999
accept-ranges: bytes
cf-ray: 87847a82db15640d-LHR
x-amz-cf-id: cOwnW-4EKx116VqOIVZmDGvcHxGoYCVHJajNKQ6bMQBvjT_LSCaLXQ==
x-yottaa-metrics: 3421a5fe3838/[177,174,-] 34D1a5fe38a8/[-,179.701]

PATCH
H2 200 5e5a6b935fffc5f6808456805f Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/ 3 KB
2 KB 412ms
411ms XHR
application/json 165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/5e5a6b935fffc5f6808456805f

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

0107f7c7bd2635c376a31fd288f1f01146dbe07a6814f6de62956feb4c276b6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MzFkYTk4OS01NGU2LTQwYjUtYTI5OC0wZDQxYjc1ZjdiMWUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjNiMWM2NDUyLWZhMmYtNDI5Mi04OTA5LThmZGY5MjRmNjE2NyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTM3NzY5NzEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFiazBnVndYd1lscmdSeEtjV3hHWVlrSElXOjpjaGlkOiAiLCJleHAiOjE3MTM3Nzg4MDEsImlhdCI6MTcxMzc3NzAwMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNTEwNDMzNjI0MjcwODQwMyJ9.AKK1mZNSf8EO6vvokrPO4-W2Pw5V0lY5ffV0bMXibJlZHldOJwNyplRNJODuD9YOwA9uH5daISXh-AitSsr0fA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type: application/json
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform: "Win32"

Response headers

x-yottaa-profileid: 5a0c9b7632f01c35d4210220
date: Mon, 22 Apr 2024 09:10:04 GMT
sfdc_customization: HOOK
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 c72aed82acf017b1476dc574b8d5da80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR62-C3
age: 0
x-yottaa-optimizations: ob/1000 si/34D1a5fe38a8-1713544936-7713373227 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding: gzip
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 995
etag: 5fdae117fdd8f974d2e2d590188d208c1739bdfa1746165a8732c11a9923f673
allow: DELETE,GET,HEAD,OPTIONS,PATCH
content-type: application/json;charset=UTF-8
x-dw-resource-state: 5fdae117fdd8f974d2e2d590188d208c1739bdfa1746165a8732c11a9923f673
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-os: 200
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets/5e5a6b935fffc5f6808456805f
accept-ranges: bytes
cf-ray: 87847a83de7477b8-LHR
x-dw-request-base-id: HVpvzGwpJmYBAAB_
x-amz-cf-id: LqP66O5Cd1z5fx5bAcJJNQnA9UDNV-ZnJo-lRY-0pfdIv_2QlungTQ==
x-yottaa-metrics: 3421a5fe3839/[194,191,-] 34D1a5fe38a8/[-,197.653]

POST
H2 200 productratings Show response
www.elfcosmetics.com/api/v1/ 84 B
871 B 736ms
735ms Fetch
application/json 165.254.56.168
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/api/v1/productratings

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/main.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

165.254.56.168 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

45a5d600f2b5443a9cb77612666c44b4426ddc140b38d899a0fe8a2ac6303170

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 22 Apr 2024 09:10:04 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 1b5424f4e08ca48fc35e311bea9e9ff6.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 84
content-encoding: gzip
x-amz-cf-pop: LHR62-C3
age: 0
x-amzn-remapped-connection: close
x-amzn-requestid: 52a870b6-a92e-4cc3-a78f-59e1522210de
x-yottaa-optimizations: ob/1000 si/34D1a5fe38a8-1713544936-7713373228 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
x-amz-apigw-id: Wnto_E61iYcEmhw=
content-length: 106
alt-svc: h3=":443"; ma=86400
etag: W/"54-dodahslLhdkxH1N+n5n4YLdZd/w"
x-amzn-trace-id: Root=1-6626296c-05a645f106dfb85b4ff43e9f;Parent=72642f1aed0954cd;Sampled=0;lineage=2b75b0e9:0
content-type: application/json; charset=utf-8
x-yottaa-os: 200
x-yottaa-metrics: 3421a5fe383a/[521,519,-] 34D1a5fe38a8/[-,523.377]
x-amzn-remapped-date: Mon, 22 Apr 2024 09:10:04 GMT
x-amz-cf-id: cANXR3BnB26SLALk33NUvNVWXg9hO6_PgYyXPvzSzP1ONLskEISiMw==

POST
H2 204 collect
analytics.google.com/g/ 0
102 B 114ms
112ms Ping
text/plain 2001:4860:4802:38::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je44h0v879088318z8896608294za200&_gaz=1&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=911738470.1713777001&ul=en-ca&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&_s=1&sid=1713777004&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_ss=2&tfd=10976
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:38::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 120ms
120ms Ping
text/plain 2607:f8b0:4004:c19::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=911738470.1713777001&gtm=45je44h0v879088318z8896608294za200&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5&npa=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c19::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 126ms
126ms Image
image/gif 2607:f8b0:4004:c1b::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZLYXLXNDL8&cid=911738470.1713777001&gtm=45je44h0v879088318z8896608294za200&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5&npa=1&z=171311345

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect Show response
sgtm.elfcosmetics.com/g/ 742 B
1 KB 486ms
217ms XHR
text/plain 34.49.124.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je44h0v9125640115z8896608294za200&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=911738470.1713777001&ecid=741721254&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&sst.rnd=141723064.1713777001&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=1&sid=1713777004&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_ss=1&tfd=11166&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.124.49.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

c259a0900a6ec6c80a27247e1c5de5429f99ade9d54de534aab83dd73e6d4fad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:05 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
server: Google Frontend
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering: no

GET
H2 200 collect Show response
sgtm.elfcosmetics.com/g/ 65 B
565 B 466ms
216ms XHR
text/plain 34.49.124.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je44h0v9125640115z8896608294za200&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=911738470.1713777001&ecid=741721254&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&sst.rnd=141723064.1713777001&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=2&sid=1713777004&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=pageview&ep.vendor_id=pinterest&ep.email=&_et=3&tfd=11185&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.124.49.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:05 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
server: Google Frontend
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering: no

GET
H2 200 collect Show response
sgtm.elfcosmetics.com/g/ 65 B
397 B 623ms
372ms XHR
text/plain 34.49.124.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je44h0v9125640115z8896608294za200&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=911738470.1713777001&ecid=741721254&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&sst.rnd=141723064.1713777001&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=3&sid=1713777004&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&ep.vendor_id=facebook&ep.event_id=1713777989687_17137772613525&ep.email=&ep.phone=&_et=2&tfd=11186&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.124.49.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:05 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
server: Google Frontend
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering: no

GET
H2 200 jsp Show response
ut.rd.linksynergy.com/ 148 B
404 B 427ms
149ms Script
text/plain 34.98.67.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.67.98.34.bc.googleusercontent.com

Software

Resource Hash

d46c6843838f08abb96e1309d5f48505a57781b1bfc928294709696acfae8b18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: text/plain; charset=utf-8
date: Mon, 22 Apr 2024 09:10:07 GMT
via: 1.1 google
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 148
x-samesite: secure

GET
H2 200 local
www.paypal.com/credit-presentment/experiments/ Frame 42AD 0
0 469ms
100ms Document
text/html 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.63.0&integrationType=SDK

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (chf/16A2) /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com https:; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-expose-headers: Server-Timing
age: 53050
cache-control: s-maxage=86400, max-age=0
content-encoding: gzip
content-length: 1525
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type: text/html; charset=utf-8
date: Mon, 22 Apr 2024 09:10:05 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"1479-Cw0bW9SNdV/AdJwbOb5XSdbCup8"
last-modified: Sun, 21 Apr 2024 18:25:55 GMT
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 080598a057159
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (chf/16A2)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000080598a057159-d1bb1d3de4a7a726-01
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 14 KB
6 KB 82ms
81ms Script
application/x-javascript 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.434&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1c2cdad2aa4655d406e0c845b39c86f4c646e0f250dbddf0a1057ad6177553d9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-dMrE0twMjRtDWJBki3uQ+l14hRfl19bzzPfNWY+pXRO0V1sC' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-dMrE0twMjRtDWJBki3uQ+l14hRfl19bzzPfNWY+pXRO0V1sC' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Apr 2024 09:10:06 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 52301
x-cache: HIT, HIT, MISS
paypal-debug-id: f32134242a1eb
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 4797
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200151-BUR, cache-yyz4529-YYZ, cache-yyz4529-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f32134242a1eb-65e092ec7c0204fb-01
x-timer: S1713777007.915192,VS0,VE6
etag: W/"3692-Isq0RVKtCY8jvMFBDsyU4qsNXKk"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=3600
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 157, 81, 0

GET
H2 204 pageview
c.contentsquare.net/ 0
320 B 537ms
165ms Image
text/plain 44.197.106.9
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/pageview?ex=&dt=2629&pvt=n&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6759&ww=1600&wh=1200&sw=1600&sh=1200&uu=4f6b7749-e081-af55-f966-f032f5e3dc66&sn=1&hd=1713777004&v=14.5.1&pid=1926&pn=1&r=985247
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.197.106.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-106-9.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:07 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H2 200 script-tag.js Show response
cdn-scripts.signifyd.com/api/ 10 KB
3 KB 399ms
90ms Script
application/javascript 3.162.3.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.3.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-3-47.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 68f6710cb2cc63e278cd3be6a0593c700b3ac346e36c1d636c5c13374dc20e91

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 08:51:17 GMT
content-encoding: gzip
via: 1.1 726979f71f252186e97d38202269f636.cloudfront.net (CloudFront)
last-modified: Wed, 10 Jan 2024 11:26:22 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-P2
age: 1131
x-amz-server-side-encryption: AES256
etag: W/"d34fe38d39e71cd6ace9ab1bfc0bb10a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1800
x-amz-cf-id: DucmBqtTYHMgeRO32yswMpgsciHylr31_TLngCvN9atpD6uCn6mGKQ==

GET
BLOB 200
OK e37a5616-ab06-44c8-8535-3520aa22d708
https://www.elfcosmetics.com/ 7 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.elfcosmetics.com/e37a5616-ab06-44c8-8535-3520aa22d708
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d959f985f144d73bf7e483dc5b5027417eb785966a53fb8b1378979c43d6f90

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length: 7329
Content-Type: application/javascript

GET
H2

200

activityi;dc_pre=CLSpje281YUDFRPEwgQdGPwKOw;src=9231397;type=retarget;cat=globa0;ord=3708628731187;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined...
9231397.fls.doubleclick.net/ Frame BC5C
Redirect Chain

https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=3708628731187;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefin...
https://9231397.fls.doubleclick.net/activityi;dc_pre=CLSpje281YUDFRPEwgQdGPwKOw;src=9231397;type=retarget;cat=globa0;ord=3708628731187;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-c...

0
0

266ms
263ms

Document
text/html

142.251.16.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9231397.fls.doubleclick.net/activityi;dc_pre=CLSpje281YUDFRPEwgQdGPwKOw;src=9231397;type=retarget;cat=globa0;ord=3708628731187;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.149 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f149.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 469
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Apr 2024 09:10:05 GMT
expires: Mon, 22 Apr 2024 09:10:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Apr 2024 09:10:05 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9231397.fls.doubleclick.net/activityi;dc_pre=CLSpje281YUDFRPEwgQdGPwKOw;src=9231397;type=retarget;cat=globa0;ord=3708628731187;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 dvar
c.contentsquare.net/ 0
319 B 332ms
165ms Image
text/plain 44.197.106.9
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/dvar?v=14.5.1&pid=1926&pn=1&sn=1&uu=4f6b7749-e081-af55-f966-f032f5e3dc66&dv=H4sIAAAAAAAAA6tWcnSKd4mMd8%2FJT0rMUXDOzyspys9RCEktLlGyUnKpzEvMzUxWiMxMzUlRcK0oSC3KTM1LTi1W0oHqQ4gpGAI1hCUWZSaWZObnAXkwJT755QqeeSWpeSATA%2FILSnOAikoqlWoB8S1cunwAAAA%3D&ct=2&r=047923
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.197.106.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-106-9.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:07 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H2 204 collect
analytics.google.com/g/s/ 0
210 B 540ms
176ms Image
text/plain 2001:4860:4802:38::181
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analytics.google.com/g/s/collect?dma=0&gtm=45j91e44h0v9125640115z8896608294z99175401888za200&_gsid=5D80LRC85NZ3__V3GKuTHl8MHP9iyO7A
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:38::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 127ms
126ms Image
image/gif 2607:f8b0:4004:c1b::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&tid=G-5D80LRC85N&cid=cO0gCheWVWQDwjU9oh1ARG%2FJkfdpbPCrFojglcdz7nc%3D.1713777001&gtm=45j91e44h0v9125640115z8896608294z99175401888za200&aip=1&z=878920081

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 collect
stats.g.doubleclick.net/g/ 0
57 B 124ms
122ms Image
text/plain 2607:f8b0:4004:c19::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&dma=0&tid=G-5D80LRC85N&cid=cO0gCheWVWQDwjU9oh1ARG%2FJkfdpbPCrFojglcdz7nc%3D.1713777001&gtm=45j91e44h0v9125640115z8896608294z99175401888za200&aip=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c19::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 display Show response
api.usehero.com/webplugin/ 189 B
1 KB 555ms
168ms XHR
application/json 34.232.82.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&state=untouched&outboundFeature=

Requested by

Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.232.82.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-232-82-191.compute-1.amazonaws.com

Software

Resource Hash

ced90899f2c35db79eddfbcefad19b3131b471e291767c77cfddfa445d8b68a7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies: none
surrogate-control: no-store
x-dns-prefetch-control: off
klarna-correlation-id: 2b63d4c7-f350-4933-9b96-7d858fc9afa3
cross-origin-resource-policy: same-origin
x-geo-longitude: -73.58870
pragma: no-cache
referrer-policy: same-origin
etag: W/"bd-JdikP63vEcQG17ulYQR7Uz2adv0"
x-frame-options: SAMEORIGIN
x-geo-zip: H3H
content-type: application/json; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?1
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude: 45.50750
x-accuracy: 20
expires: 0
date: Mon, 22 Apr 2024 09:10:05 GMT
strict-transport-security: max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp
x-time-zone: America/Toronto
x-envoy-upstream-service-time: 14
content-length: 189
x-xss-protection: 0
x-request-id: 2b63d4c7-f350-4933-9b96-7d858fc9afa3
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-country: CA
x-geo-city: Montreal

GET
H2

200

activityi;dc_pre=COTdkO281YUDFRLQwgQdJAAC1A;src=10742279;type=elf8j0;cat=glo_flap;ord=7298429179453;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-cr...
10742279.fls.doubleclick.net/ Frame 4A04
Redirect Chain

https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7298429179453;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic...
https://10742279.fls.doubleclick.net/activityi;dc_pre=COTdkO281YUDFRLQwgQdJAAC1A;src=10742279;type=elf8j0;cat=glo_flap;ord=7298429179453;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfco...

0
0

187ms
185ms

Document
text/html

142.251.16.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10742279.fls.doubleclick.net/activityi;dc_pre=COTdkO281YUDFRLQwgQdJAAC1A;src=10742279;type=elf8j0;cat=glo_flap;ord=7298429179453;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.149 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f149.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 407
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Apr 2024 09:10:05 GMT
expires: Mon, 22 Apr 2024 09:10:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Apr 2024 09:10:05 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10742279.fls.doubleclick.net/activityi;dc_pre=COTdkO281YUDFRLQwgQdJAAC1A;src=10742279;type=elf8j0;cat=glo_flap;ord=7298429179453;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 exist Show response
srm.ba.contentsquare.net/ 2 B
94 B 1031ms
384ms Fetch
application/json 34.249.47.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://srm.ba.contentsquare.net/exist?v=14.5.1&pid=1926&pn=1&sn=1&uu=4f6b7749-e081-af55-f966-f032f5e3dc66
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.47.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-47-228.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 22 Apr 2024 09:10:06 GMT
content-length: 2
content-type: application/json

GET
H2 200 t2_16331p_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 545ms
186ms XHR
application/json 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_16331p_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:06 GMT
content-encoding: gzip
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server: snooserv
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
content-length: 98

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 416ms
148ms Image
image/gif 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1713777005783&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=b28f05e0-fb4a-4cf9-9331-2d1a3689f404&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_c9439d84&dpm=&dpcc=&dprc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:07 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 main.6192ffb7.js Show response
s.pinimg.com/ct/lib/ 69 KB
20 KB 115ms
114ms Script
application/javascript 2600:1408:c400:383::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.6192ffb7.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:383::1931 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6982e83b9ea7682534a77808bc53b3e516bc5d26dc406de1a2ea81c2fdf63a33

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
x-cdn: akamai
etag: "0c0f2aed16e51276069e2c6e45c878c1"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: X-CDN
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 19940

GET
H2 200 1638306756445368 Show response
connect.facebook.net/signals/config/ 68 KB
14 KB 125ms
124ms Script
application/x-javascript 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1638306756445368?v=2.9.154&r=stable&domain=www.elfcosmetics.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

03f75fe69f0db79ae7b1f31af46cf0eb412c23d8d0a19cb8b1cf16a35fcf7ca1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 22 Apr 2024 09:10:07 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 14210
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=60, mss=1392, tbw=63195, tp=-1, tpl=-1, uplat=3, ullat=-1
pragma: public
x-fb-debug: sv0G5ERIPkRGNXEUDZbnJYioy4YQqGdb5wOwzMhkHmF63J58v30TU+OrZujBXOm+poN+fuhQAxP3RNNupUJ4Kg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 5013978.js Show response
bat.bing.com/p/action/ 0
117 B 107ms
107ms Script
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5013978.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 22 Apr 2024 09:10:07 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 571B5461A9B840CA9C683A96B4ADF6C9 Ref B: YTO01EDGE0819 Ref C: 2024-04-22T09:10:07Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
361 B 187ms
187ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=bbef6336-a545-47bd-bb9c-852e0dbdf7a8&sid=1c907450008811efbf683de83abe2e27&vid=1c90bc50008811ef8a3cd5daf14b1a69&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&p=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&r=&lt=8491&evt=pageLoad&sv=1&rn=904190

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 22 Apr 2024 09:10:07 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5C4B475962EF4EFCBA506894F3B4FF2E Ref B: YTO01EDGE0819 Ref C: 2024-04-22T09:10:07Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.MTIyYzc3NzllMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ 411 KB
109 KB 119ms
117ms Script
application/javascript 23.212.249.197
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.197 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-197.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a54234f412b9bfdc07fcbd75a6e3e22c0f89f89f861ea0e6e6a96c7048834c41

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 4d304567
date: Mon, 22 Apr 2024 09:10:07 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20240419041004CF8DF9E4E3C37BA95BA6
x-tt-trace-id: 00-240419041004CF8DF9E4E3C37BA95BA6-7E75C7D6715F7D95-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-105-197.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01b7abb95817c8c34d8c93c827b7ea955a1cf4a5892b4ccd45e281ce594a8a95b5ddb75c0324958dd72b4852f0a4f1ef7900d2e9da511b560b1d840d0b5f064d84c0dc9cb40d2362bc60a91321fb0148d6d8c8a4982972e8e4470fc72f99da6f69
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=20
content-length: 111109

GET
H2 200 main.MTIyYzc3NzllMQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 431 KB
114 KB 214ms
212ms Script
application/javascript 23.212.249.197
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.197 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-197.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 19cc1cced30687035cb740cbbf86a4c2d7c5085ca95e3fdef76d7e28d35af57d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 4d3045c8
date: Mon, 22 Apr 2024 09:10:07 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202404190410053D468379F2B9A3A4172A
x-tt-trace-id: 00-2404190410053D468379F2B9A3A4172A-1651EC251E5875C1-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-105-197.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01c6176d7baf164bbf4af64ba1dd0b81731b603c75173f854ca2c0899c2f6d1434e6c926bc3c46698380b53b2cfbb06af96afb0a41854f698e96a70f7f04fbbf2617e49fe26c2e7140cdfb965dc23d567180838ad4fad3bb334e036e1a29842f6b
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=19
content-length: 116231

GET
H2 200 ts
t.paypal.com/ 42 B
554 B 448ms
171ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1713777006962&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-cache-hits: 0, 0
date: Mon, 22 Apr 2024 09:10:08 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 38d37cef63a5a
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-bur-kbur8200158-BUR, cache-yyz4547-YYZ
pragma: no-cache
correlation-id: 38d37cef63a5a
traceparent: 00-000000000000000000038d37cef63a5a-86a869f5853da365-01
x-timer: S1713777008.213752,VS0,VE93
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Apr 2024 09:10:08 GMT

GET
H2

200

cs
tags.rd.linksynergy.com/
Redirect Chain

https://idsync.rlcdn.com/458359.gif?partner_uid=c29fa750-4ab4-484e-9504-cef589a92c48
https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGMyOWZhNzUwLTRhYjQtNDg0ZS05NTA0LWNlZjU4OWE5MmM0OBAAGg0I8NKYsQYSBQjoBxAAQgBKAA
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=662078a772a997626ac22bebeda6092bc4233127183ff32142bbcd3e5ed856cb6ac34734d8e453ee

37 B
292 B

105ms
99ms

Image
image/gif

34.98.67.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tags.rd.linksynergy.com/cs?ns=lr&uid3=662078a772a997626ac22bebeda6092bc4233127183ff32142bbcd3e5ed856cb6ac34734d8e453ee

Protocol

Server

34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.67.98.34.bc.googleusercontent.com

Software

Resource Hash

bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

content-type: image/gif
date: Mon, 22 Apr 2024 09:10:08 GMT
via: 1.1 google
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37
x-samesite: secure

Redirect headers

date: Mon, 22 Apr 2024 09:10:08 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://tags.rd.linksynergy.com/cs?ns=lr&uid3=662078a772a997626ac22bebeda6092bc4233127183ff32142bbcd3e5ed856cb6ac34734d8e453ee
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 widget.css
js.jebbit.com/companion/v1/ 15 KB
16 KB 108ms
107ms Stylesheet
text/css 2600:9000:21a2:7800:a:7914:b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.jebbit.com/companion/v1/widget.css
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21a2:7800:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: rlLQSdBm9ZTNXvLaketZ1ik.75AdGtXG
date: Mon, 22 Apr 2024 07:53:12 GMT
via: 1.1 0dbb84b34f6ac39ad26a6446ff2b18ec.cloudfront.net (CloudFront)
last-modified: Wed, 21 Feb 2024 21:57:20 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C1
age: 4616
x-amz-server-side-encryption: AES256
etag: "de1b72e797664b9b2c2139e5ccb24844"
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 15521
x-amz-cf-id: qpOi66OrF3a8xdaj-uh2j61U3Zj3zyFdy3z8LGxpPVSNvX0Yn1MSQw==

GET
H2 200 launcher_configs Show response
external-api.jebbit.com/moments/v2/ 2 B
448 B 520ms
170ms XHR
application/json 44.209.94.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVuX0NBJTJGZWxmLWNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=

Requested by

Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.209.94.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-209-94-203.compute-1.amazonaws.com

Software

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
surrogate-control: no-store
x-dns-prefetch-control: off
content-length: 2
x-xss-protection: 1; mode=block
pragma: no-cache
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-download-options: noopen
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials: true
expires: 0

GET
H2 200 company_toolkit.js Show response
cdn-scripts.signifyd.com/api/ 4 KB
2 KB 82ms
81ms Script
application/javascript 3.162.3.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.3.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-3-47.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:01:18 GMT
content-encoding: gzip
via: 1.1 726979f71f252186e97d38202269f636.cloudfront.net (CloudFront)
last-modified: Tue, 30 May 2023 10:18:44 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-P2
age: 530
x-amz-server-side-encryption: AES256
etag: W/"2c3950f122b3977df61b0e077aaa92c8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1800
x-amz-cf-id: fExRHBQgFwrhVdtHK9BDkg0kEwD0OxlyHovvyt5PTGvYXJkyOtzGHg==

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ 55 KB
16 KB 468ms
105ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (chf/1693) /

Resource Hash

20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 6f446f73052e1
dc: ccg11-origin-www-1.paypal.com
content-length: 16355
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
server: ECAcc (chf/1693)
traceparent: 00-00000000000000000006f446f73052e1-6d5dd35a517fc6f1-01
etag: "64f25363-daa8+gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Mon, 22 Apr 2024 10:10:08 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 321 B
305 B 416ms
151ms XHR
application/json 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1713777007474&dep=2%2CPAGE_LOAD
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.6192ffb7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:07 GMT
content-encoding: gzip
x-cdn: fastly
x-envoy-upstream-service-time: 1
alt-svc: h3=":443";ma=600
x-pinterest-rid: 8291049215992823
content-length: 186
pin-unauth: dWlkPVl6SmxNekUwTm1JdE9XWXlZaTAwWldZMExXSXlZMlF0T0RNeU1HSTJObVF4WWpJMA
pragma: no-cache
referrer-policy: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: 0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 321 B
635 B 412ms
150ms XHR
application/json 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1713777007477&dep=5%2CEVENT_TAGS_ABSENT
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.6192ffb7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:07 GMT
content-encoding: gzip
x-cdn: fastly
x-envoy-upstream-service-time: 0
alt-svc: h3=":443";ma=600
x-pinterest-rid: 1419582685379967
content-length: 186
pin-unauth: dWlkPU5XVXlOek5sTnpjdFlUVXlPUzAwTlRGaExXRXdPVGt0TVdJNFkyVmxZMkpqT1RNMQ
pragma: no-cache
referrer-policy: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: 0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
0 411ms
151ms Fetch
image/gif 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%226192ffb7%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22124%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22124%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22124.0.6367.60%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1713777007479
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.6192ffb7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:07 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: https://www.elfcosmetics.com
pinterest-version: 0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
alt-svc: h3=":443";ma=600
x-pinterest-rid: 1369223674687564
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 runtime_6459738026535cda4232dc813c61447d.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 3 KB
2 KB 347ms
77ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_6459738026535cda4232dc813c61447d.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 20 Apr 2024 21:54:28 GMT
content-encoding: br
age: 126940
x-guploader-uploadid: ABPtcPruaWoB3OnwpYggMXx2LK3G9oTzRGasUtNP94ncalDDEBARY-muU_7mXyHPV9b7DN87Dcg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1316
last-modified: Thu, 18 Apr 2024 19:25:37 GMT
server: UploadServer
etag: "09512239cb2a22728ca9f8608dfc2181"
x-goog-generation: 1705949047694544
x-goog-hash: crc32c=BS9gKg==, md5=CVEiOcsqInKMqfhgjfwhgQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 1316
accept-ranges: bytes
content-type: text/javascript

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 597ms
204ms Image
text/plain 2a03:2880:f103:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1713777007655&sw=1600&sh=1200&v=2.9.154&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1713777007649.814071667&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1713777005892&coo=false&eid=1713777989687_17137772613525&tm=1&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=28, rtx=0, c=10, mss=1392, tbw=2764, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 22 Apr 2024 09:10:08 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
0 98ms
97ms Fetch
image/gif 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1713777007898&dep=5%2CEVENT_TAGS_ABSENT&pd=%7B%22np%22%3A%22gtm%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%226192ffb7%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22124%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22124%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22124.0.6367.60%22%2C%22ecm_enabled%22%3Afalse%7D
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.6192ffb7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:07 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: https://www.elfcosmetics.com
pinterest-version: 0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
alt-svc: h3=":443";ma=600
x-pinterest-rid: 6066594878572988
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK c8ypq4i09dm039gm.js Show response
imgs.signifyd.com/ 96 KB
14 KB 626ms
212ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/c8ypq4i09dm039gm.js?ko9dm3gl90y3sn1o=w2txo5aa&4ua8kqct5i3zan7u=L2VuX0NBLzVlNWE2YjkzNWZmZmM1ZjY4MDg0NTY4MDVm

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

5f863668aeca72e75de7250d4c5c8722394cd8188bf70edfefdc51e1cb3b862d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 22 Apr 2024 09:10:08 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: CP=IVAa PSAa
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 identify_c26a2.js Show response
analytics.tiktok.com/i18n/pixel/static/ 139 KB
37 KB 115ms
115ms Script
application/javascript 23.212.249.197
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c26a2.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.197 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-197.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a869fe8cddaf23f1ee50724c35748cefb30c697095b2cf4a231033cb8f43b4ab

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 4d304869
date: Mon, 22 Apr 2024 09:10:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202404190410040B785546B6FC8AAEBB77
x-tt-trace-id: 00-2404190410040B785546B6FC8AAEBB77-09CA818233B70C6B-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-105-197.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01b7abb95817c8c34d8c93c827b7ea955a1cf4a5892b4ccd45e281ce594a8a95b5dd1b3211d00ffeb32fe3a34a46ffdfdbc3f80ff709c257e2c975fb563845fce3f7db82cdcb69e15228184dd3e4815d01bf955f31b72eb00ad6266f68c19efad3
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=13
content-length: 37293

POST
H2 200 performance_interaction
analytics.tiktok.com/api/v2/ 0
842 B 138ms
138ms Ping
text/plain 23.212.249.197
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/performance_interaction
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.197 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-197.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: fbb5091a.4d304c92
date: Mon, 22 Apr 2024 09:10:08 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240422091008CAE1C62E4D36700DF9A3-31A555585FF4CC74-00
x-cache: TCP_MISS from a23-220-105-197.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
x-parent-response-time: 17,23.220.105.197
server-timing: cdn-cache; desc=MISS, edge; dur=11, origin; dur=15, inner; dur=10
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240422091008CAE1C62E4D36700DF9A3
x-cache-remote: TCP_MISS from a23-48-200-40.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 15,23.48.200.40
x-tt-trace-host: 013dcb17053a1a5dbd53e1e4039d3a49b8f6f903c2da2e72b083c9f2b34b635749dea4396142ed8b37db1b54fb4873007d73ef4abd522e38afa07f045c3f182b5f780ab3fafb007b0142fe232f7928a8ace6b28720fb1441f43bbaf486264d3a4e48a0119f382c89eed05dd350115c69b3
access-control-allow-headers: Authorization,*
expires: Mon, 22 Apr 2024 09:10:08 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
702 B 181ms
181ms Ping
text/plain 23.212.249.197
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.197 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-197.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 4d304d4b
date: Mon, 22 Apr 2024 09:10:08 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240422091008535A3BC845C4F4F91A3B-71B60F804DFB4A97-00
x-cache: TCP_MISS from a23-220-105-197.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing: inner; dur=29, cdn-cache; desc=MISS, edge; dur=9, origin; dur=33
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240422091008535A3BC845C4F4F91A3B
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 34,23.220.105.197
x-tt-trace-host: 013dcb17053a1a5dbd53e1e4039d3a49b8f413ad74e517f46643fe27a4ab0871d8b7a8ae00d900c8ae593e59a94c8b5e06e65e0705edd27f1891c07dd17ec0f4d4c5fd279c2e69bd46f69c02db68d92d5fc1e3ce96b01195da670882d3a7bfdb68
access-control-allow-headers: Authorization,*
expires: Mon, 22 Apr 2024 09:10:08 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
702 B 179ms
178ms Ping
text/plain 23.212.249.197
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.197 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-197.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 4d304d4c
date: Mon, 22 Apr 2024 09:10:08 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240422091008AE5D2751CD403DF6A75E-40B4818656BD3C89-00
x-cache: TCP_MISS from a23-220-105-197.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing: inner; dur=15, cdn-cache; desc=MISS, edge; dur=14, origin; dur=19
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240422091008AE5D2751CD403DF6A75E
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 20,23.220.105.197
x-tt-trace-host: 013dcb17053a1a5dbd53e1e4039d3a49b8f413ad74e517f46643fe27a4ab0871d8a3dd17b0b938feff6963a205f5264c20943b0a8e86cab3f67128bcb0aa11f2dfd5d79bbde8b456e44dbd59fb6d4ed066da87cdb30c3a18e082072fa29f9270a3
access-control-allow-headers: Authorization,*
expires: Mon, 22 Apr 2024 09:10:08 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
700 B 256ms
256ms Ping
text/plain 23.212.249.197
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.197 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-197.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 4d304dfd
date: Mon, 22 Apr 2024 09:10:08 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240422091008756CE7FC2FAB96097D02-202E9A0B2D3A7459-00
x-cache: TCP_MISS from a23-220-105-197.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing: inner; dur=28, cdn-cache; desc=MISS, edge; dur=7, origin; dur=31
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240422091008756CE7FC2FAB96097D02
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 31,23.220.105.197
x-tt-trace-host: 013dcb17053a1a5dbd53e1e4039d3a49b8f413ad74e517f46643fe27a4ab0871d8ba997b55063cfa33796ef0b1344eafd47878aa38b36324b420126ffda258128aacf28895985b00a77d87ee54824eca2be5370482f2baf183abd3ec87246299f7
access-control-allow-headers: Authorization,*
expires: Mon, 22 Apr 2024 09:10:08 GMT

GET
H2 200 main-v2_c24410c35e5d87b630f3d54a49f2b820.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 486 KB
106 KB 78ms
77ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_c24410c35e5d87b630f3d54a49f2b820.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e2e032414af88512367db0555f566e941050b9618167bb97dc795e7635f1fd71

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Apr 2024 19:25:32 GMT
content-encoding: br
age: 308676
x-guploader-uploadid: ABPtcPrvzAMBSxejF22N5cyc18cTMWTUvLCr2bIGqmWwl0ElbFytvEHyG6gjLRw51TegJNpEsA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 108148
last-modified: Thu, 18 Apr 2024 19:25:27 GMT
server: UploadServer
etag: "94eec0687b93ad1f90569cf639841e9c"
x-goog-generation: 1713468327468057
x-goog-hash: crc32c=jzjaEQ==, md5=lO7AaHuTrR+QVpz2OYQenA==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 108148
accept-ranges: bytes
content-type: text/javascript

GET
H2 200 cjs_min_1e55b565811f11b08485230cf1d150d6.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 49 KB
16 KB 158ms
157ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 07:42:21 GMT
content-encoding: gzip
age: 955667
x-guploader-uploadid: ABPtcPqiSjB_cFFOmzluzErI8K8FOIw6-QEyHz3ZBEyMgAPFOeNzgHmHgmkdVdtSqQHsPz1gcOLjX2GDhyVxnWw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15751
last-modified: Wed, 13 Dec 2023 16:23:11 GMT
server: UploadServer
etag: "d7dc7d7ebcc4f5af5fc2d4804e7ec737"
x-goog-generation: 1702484591435387
x-goog-hash: crc32c=3TW0yQ==, md5=19x9frzE9a9fwtSATn7HNw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000,no-transform
x-goog-stored-content-length: 15751
accept-ranges: bytes
content-type: text/javascript; charset=utf-8

GET
H3 200 token_create.js Show response
ct.pinterest.com/static/ct/ 4 KB
4 KB 76ms
76ms Script
application/javascript 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/static/ct/token_create.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_256_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca727c9d9c5d3ffa9fc01a2c57d612263a5ef4138da8d9b8e76e354835882466

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:08 GMT
x-cdn: fastly
age: 5968
etag: "2a8d051abafd7b1d3f62592455b15f0c"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
timing-allow-origin: https://ct.pinterest.com
alt-svc: h3=":443";ma=600
content-length: 4101

GET
H2 200 ct.html
ct.pinterest.com/ Frame 6AD7 0
0 403ms
146ms Document
text/html 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/ct.html
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443";ma=600
cache-control: max-age=86400
content-encoding: gzip
content-length: 323
content-type: text/html; charset=utf-8
date: Mon, 22 Apr 2024 09:10:08 GMT
pinterest-version: 0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
referrer-policy: origin
x-cdn: fastly
x-envoy-upstream-service-time: 0
x-pinterest-rid: 9721046431701564

GET
H2 200 index.html
www.paypalobjects.com/muse/analytics/ Frame 5CAA 0
0 86ms
86ms Document
text/html 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (chf/16CA) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-length: 16754
content-type: text/html
date: Mon, 22 Apr 2024 09:10:08 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "64f25363-dacc+gzip"
expires: Mon, 22 Apr 2024 10:10:08 GMT
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id: dc7c8b33c028b
server: ECAcc (chf/16CA)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000dc7c8b33c028b-1f3e5c03a995b564-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
702 B 210ms
209ms Ping
text/plain 23.212.249.197
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.197 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-197.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 4d3053c3
date: Mon, 22 Apr 2024 09:10:09 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240422091009AE5D2751CD403DF6A79D-0DB793529B6ADE47-00
x-cache: TCP_MISS from a23-220-105-197.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing: inner; dur=27, cdn-cache; desc=MISS, edge; dur=9, origin; dur=31
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240422091009AE5D2751CD403DF6A79D
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 31,23.220.105.197
x-tt-trace-host: 013dcb17053a1a5dbd53e1e4039d3a49b8f413ad74e517f46643fe27a4ab0871d8a3dd17b0b938feff6963a205f5264c2023e2ba161888889f9daf4fac1fa6bab3e7d5e6c49a22489405b64756a929c4218631f3448be319b4c48adb9386d1fe85
access-control-allow-headers: Authorization,*
expires: Mon, 22 Apr 2024 09:10:09 GMT

GET
H2 200 ts
t.paypal.com/ 42 B
202 B 176ms
176ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1713777008515&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-cache-hits: 0, 0
date: Mon, 22 Apr 2024 09:10:08 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 76254e4b0b888
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-bur-kbur8200129-BUR, cache-yyz4547-YYZ
pragma: no-cache
correlation-id: 76254e4b0b888
traceparent: 00-000000000000000000076254e4b0b888-072bbd8b15f6b862-01
x-timer: S1713777009.561642,VS0,VE98
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Apr 2024 09:10:08 GMT

GET
H3 200 inbox-v2_749c9ccd613f1a40075d1e7b59caea42.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 17 KB
5 KB 78ms
77ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_749c9ccd613f1a40075d1e7b59caea42.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 3a0cb24163d51976d5904bac47f896454a8bdbd333ebccc00ca9805645b165c4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Mar 2024 20:26:04 GMT
content-encoding: br
age: 2119444
x-guploader-uploadid: ABPtcPp-T6o6-_yiI_GOqnlxeVjY9wE2SwU9Zgl6XtTPDKOdh_xuw4xhM4x5d0ShPh40BU1IFnc
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5080
last-modified: Thu, 28 Mar 2024 20:25:50 GMT
server: UploadServer
etag: "d501c542732291fff75a0156b4700c01"
x-goog-generation: 1711657550379643
x-goog-hash: crc32c=k9Hglg==, md5=1QHFQnMikf/3WgFWtHAMAQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 5080
accept-ranges: bytes
content-type: text/javascript

GET
H3 200 onsite-v2_0e56ab6ba004ee080ce3deb3edae35e9.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 16 KB
5 KB 77ms
76ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_0e56ab6ba004ee080ce3deb3edae35e9.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f10699f59e4285b87af5097e4ba9e470ee29b4f3487fa767f2818bdbbdd6bb14

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 17 Apr 2024 14:42:04 GMT
content-encoding: br
age: 412085
x-guploader-uploadid: ABPtcPrkvSIejUlSx2yR3IXtFgNS59UcDEGbzhSnjZ_ke_2dkVkQd5uT0Iqtd_zfV3Qs6ATC5eslAp6LGg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5003
last-modified: Wed, 17 Apr 2024 14:41:55 GMT
server: UploadServer
etag: "7ff99b6f1cea743cef749de91009e764"
x-goog-generation: 1713364915763043
x-goog-hash: crc32c=qFvE1Q==, md5=f/mbbxzqdDzvdJ3pEAnnZA==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 5003
accept-ranges: bytes
content-type: text/javascript

GET
H/1.1 200
OK / Show response
data.cdnbasket.net/ 14 B
338 B 440ms
103ms XHR
application/json 34.96.126.215
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.cdnbasket.net/
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.126.215 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 215.126.96.34.bc.googleusercontent.com
Software: /
Resource Hash: b4fc8d22d940bdf3aa7fe9648494c3feac6a995bcec60831b8dd1c4c95719bd4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Mon, 22 Apr 2024 09:10:09 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
page.cdnbasket.net/ 14 B
338 B 438ms
104ms XHR
application/json 34.96.74.85
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://page.cdnbasket.net/
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.74.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 85.74.96.34.bc.googleusercontent.com
Software: /
Resource Hash: 1bf6f14d5949585a6da3ba974b355ae9c55a099b2dca8a3cb2695b1fe804eea0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Mon, 22 Apr 2024 09:10:09 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
view.cdnbasket.net/ 14 B
338 B 433ms
101ms XHR
application/json 34.117.93.237
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://view.cdnbasket.net/
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.93.237 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 237.93.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 33f9d826ec75c6446aa7da4c19c2cf446003c5d5e30e5927eec1aded7b413e9d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Mon, 22 Apr 2024 09:10:09 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK QMUd8HZfWdMaYW2B Show response
imgs.signifyd.com/ Frame C1E1 278 KB
47 KB 151ms
150ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/QMUd8HZfWdMaYW2B?b03d6a1871a1c200=kt3WuY4tZu46NQJ8Aa2tH4GaVoeOSfuyWUUc9_PCqOTNdvKNqIxvEeVwZ4KwRfRhXl9XPKNYukFeCYCQIGYbn8lZCIPaXHgql09YkhesP0c16Q4Iy4st4db8K7X_Dth3Mc_A8WbjIhsdyr0emPH7NX4nBaAHp3DAZEl2MVD1vcJE64fog7rzNrNalrAkLUGYeKcr6QrZ8VYBEvr-UckRjFJsnwQ&jb=3d3b242662736577355d6b666e6d77712e607965375563666e677f732f383831392668736875354360726d656d2468736a3d496a7a656f6d2f3030333a3e

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/c8ypq4i09dm039gm.js?ko9dm3gl90y3sn1o=w2txo5aa&4ua8kqct5i3zan7u=L2VuX0NBLzVlNWE2YjkzNWZmZmM1ZjY4MDg0NTY4MDVm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

d9cf980362b0a6a0e97292779756ddef441698775c3e41c6376adc32a0687705

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 22 Apr 2024 09:10:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
tmx-nonce: a2bf6449f2cf2358
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=99
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK JouDZVIxg0Ms2uv9
imgs.signifyd.com/ Frame C1E1 81 B
474 B 420ms
141ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/JouDZVIxg0Ms2uv9?267abaa84e805875=tWqLP0Rd7Kbawcz12jP0Ht5sKOw-9bQp7qZnhbJ15tphQLzPhIZ5Vtkg0XBX7O_QpJbF5bWu0hcEK_GYrfFpTBKEyssW-_HE7HiAEzKakse1BTMCMP_u9bOgEPvdTOVhcs5k71O0nqAKxb1poJa7UMtMA47j5woJM4XJbwFN6jIxq2Ec9Q

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Mon, 22 Apr 2024 09:10:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK jlQI-Yic6AKTt3nH
imgs.signifyd.com/ Frame C1E1 81 B
475 B 637ms
242ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/jlQI-Yic6AKTt3nH?930147efda86ece9=xB-rsVIRxVAbWM4Xkiq_ny1IOGIOILsBzPMcrd-QrrIjUHPlKK1ljzbzKGsFVGDbaFwA2UiQZn9pSLkhgd4A2o7fmsN9XWhHAUh1XYqgdeo8XHCrNjv7TZKJzPVIgjhQZkb8xOwuJCPFtdBUTGfSkHyOdcqqNMkUNCGdq54QjAaBu8ZaVw

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Mon, 22 Apr 2024 09:10:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 jquery-3.5.1.min.js Show response
assets.bounceexchange.com/assets/bounce/ 87 KB
31 KB 77ms
77ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 13 Apr 2024 04:44:01 GMT
content-encoding: br
age: 793568
x-guploader-uploadid: ABPtcProFU_4SiF0PwjnDPNqxyUgnbtrGPGsbJO7P-8ypGVUHXqcRCFC-EYk6E9aBxlTxgepyelO1fitrjo5CnI
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31571
last-modified: Mon, 12 Feb 2024 20:26:51 GMT
server: UploadServer
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary: Accept-Encoding
x-goog-generation: 1707769611664452
x-goog-hash: crc32c=W9o9Ng==, md5=3F5/GMjTasHT1HU6h8mNCg==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 89476
accept-ranges: none
content-type: text/javascript; charset=UTF-8

GET
H2 200 local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame 80DC 0
0 352ms
79ms Document
text/html 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: none
access-control-allow-origin: *
access-control-expose-headers: etag Content-Type
age: 2093118
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public,max-age=31536000
content-encoding: br
content-length: 938
content-type: text/html; charset=UTF-8
date: Fri, 29 Mar 2024 03:44:51 GMT
etag: W/"fc893948c3efc689b5b19d8a77958e23"
last-modified: Thu, 28 Mar 2024 20:25:37 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1711657537142702
x-goog-hash: crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2408
x-guploader-uploadid: ABPtcPr_XtiWf2OCyHo9FPqEzTTVccx7zIW_pBCWgfxxje24s-UgObBFRvX9EVRSzFCDRTtsuTE

GET
H/1.1 200
OK clear.png Show response
imgs.signifyd.com/fp/ Frame C1E1 81 B
536 B 590ms
215ms XHR
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/clear.png

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/QMUd8HZfWdMaYW2B?b03d6a1871a1c200=kt3WuY4tZu46NQJ8Aa2tH4GaVoeOSfuyWUUc9_PCqOTNdvKNqIxvEeVwZ4KwRfRhXl9XPKNYukFeCYCQIGYbn8lZCIPaXHgql09YkhesP0c16Q4Iy4st4db8K7X_Dth3Mc_A8WbjIhsdyr0emPH7NX4nBaAHp3DAZEl2MVD1vcJE64fog7rzNrNalrAkLUGYeKcr6QrZ8VYBEvr-UckRjFJsnwQ&jb=3d3b242662736577355d6b666e6d77712e607965375563666e677f732f383831392668736875354360726d656d2468736a3d496a7a656f6d2f3030333a3e

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: */*, w2txo5aa/a2bf6449f2cf2358l2vux0nblzvlnwe2yjkznwzmzmm1zjy4mdg0nty4mdvm
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 22 Apr 2024 09:10:09 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 22 Apr 2024 09:10:09 GMT
Server: Apache
Etag: 5cb9c66155da42e4b46192a249f47f1f
Content-Type: image/png
Access-Control-Allow-Origin: https://www.elfcosmetics.com
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Sat, 21 Apr 2029 09:10:09 GMT

GET
H/1.1 200
OK QBMiTW0VTuULG47J
imgs.signifyd.com/ Frame B6C3 0
0 529ms
141ms Document
text/html 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/QBMiTW0VTuULG47J?4a8909b33502e08d=lI9vawTuxEzI7ww3jVq2WyfmUqxD5GmrjdwwKm1wIjqiZe9D3NuPL-3UjfMRUgbwKXTyefWlb87ki1jltFQwxgKUfjSra1gFUQ72L3xArBdOzSg7Og1gz-Q5tFsKlI74AozpLORFoYUGrYXmLoExmHPzFij2xEpOaFObWgh-ER17FrGVqj-iEEmEMb0QwTMOqluCzoH3hBEaMFKWkRjIXy_pWs_xVg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Mon, 22 Apr 2024 09:10:09 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
No Content _HkVZ1v5CnHV3VUF Show response
imgs.signifyd.com/ Frame C1E1 0
388 B 333ms
246ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Mon, 22 Apr 2024 09:10:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK 8KKHML-_GFAf5OTr
h.online-metrix.net/ Frame A5F2 0
0 674ms
208ms Document
text/html 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/8KKHML-_GFAf5OTr?66ac57b4dd2e7949=XnZjNjOYNhSAedPkFWvNp46pFa4RbWEjfbqwrVYygomAW4SoiQbH-16ZTJa38xs3RF7al16o96hsAXGusv_jqzqatN2BfKNk8PL9qTN0XgtAY_HKA0B8Dab8DHCjSxlumkZsXegjnnIiMACudtcBuHzfyZhATNBK7RGqeAX7gGVOI5DtVE-cb9C2sITtoMwjWE7t6ueVQ4yONze-yYdu2xn0G7N-dYk

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Mon, 22 Apr 2024 09:10:09 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK L3CtcFyQV3hPNgRs
imgs.signifyd.com/ Frame C765 0
0 606ms
211ms Document
text/html 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/L3CtcFyQV3hPNgRs?33cdd05c66242ccb=AL5pEhTNxV2WbGtzR1-cUYBiAHe5_NZ42IKDH4H7c2O4FxMQwCA6Itsr1HJ2j7ot5o5E0UWEHG7YxZpJnLuRHM8H-WKcboRBTAUNpVZb_YjfimrqJEEyCClk3k-slktLiYyttA0j9jAmfbIbNAkhMs5395ix8BvSlR7h75ISTU_lZsIMrPocL5ZFwR5Syd2pwRZpKH8Nlk-i4BDg-wjlco5GrRJJFlQ

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Mon, 22 Apr 2024 09:10:09 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
204 _HkVZ1v5CnHV3VUF Show response
imgs.signifyd.com/ Frame C1E1 0
218 B 310ms
209ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/_HkVZ1v5CnHV3VUF?accd4b84e8a3744a=bdPMrobmoBbx7oGXGFbA2ovc0AQcmteJDs5yBfND3-23sSGEkkIfIASekJ_yccajDN1ephRZWcJHSsOTfajKzBT4-GlxnUi30IjNM7ahHXNWCWAPFVZf8FIlFVmKxkYTAVH7wxAtaKCq86kbPB_gXbLoV9h4U_on6CF5ow&ja=3a3231392e26693f253e3a382c783d34382c6c373b343a3872393a303a2c6966353134303a7839323830247b707b3f33387839322e6e727a37332c333e3a3a263b303a3826393e303a26393238302e313c30382c3932323824333430382c3b30383a2e3b3a2e33322e677e3738356c3d3b6c3b313e336d366a66303033623e366a6431303f6032616e3369362e676c35382473616c37383e2c6e6235627c7c70792f3b412d32442538467f777f2e67646e616d7365657e6b6b792c6b656f25304e6f645549432f3a4c6d64662769677365657669692d6b72616d6b66696e7126786c37372e7a6a356f3a30306c6c6b3f3f373b31396e3c65686f3039313367623e6131393a39326c2e6a6a3d3f363d30383f346a3d64373a3a3d6f6c68303f383e6a3c306f6c6b376d3637642c6a7b6f35576b666c6d75732d323a33392c687b683f436a7a65676f2f303a39383c2e6a79657d3d5f696c6465777b266273607d35416a72676d6f24666261353e3a266c6c6737322c6c677c7a3538267e706c3d496d6772636369253a46546966616d757e657824656b7660783f343238396e3b6930686d69383a653c696b353e30323838616c313d353638396466343d3832333c3b663e6f6361303c6e69333e636c6a6e3f3a333b3939393e612464783d60747c70712d3b4327324e2538447f7d75266f6e66616779676f7e6b697b246b676d2f384e65665f41412f324e6564662f6b67716f657c69692f6b786b65636c616e7b2c7a377a6e7f6f63665766666b7b682d3547666b6c7b6529706e7d6f6b6c5f7f696466677d71576767646b69557a666b7b6f7a2f3d4d666b667b6529706e756d69665f69646d6a6d5d63637a6f68637c2f374d6c636c716d2b7a667f65636655797d6969617c69656527354f66696c7b65237864776569665f796a6769697f6b7465273d4f6c6b66716f297a647d67636457726d616e70666171657a25374d6e636e736d217a6e7d6d6b6655746c61577a666b7367782d3f4d6e6166796d21786c7767636e57646d7663647e7027354d666b6e7b6f23786677676b6655797c6d5d7c616f7f6d722f3f4d66696c71652b7064756f696c57626374612d354f646966716d2c656c5d6b377d6f6865665f6f6a4f4c2f383831263027323a2847706d6e45442d3032455b2538323a24322d3832436a7a6567637f6f235f6f6a4f4c2f38384744534e2538304d532d32323926322732382845726d6445442f3030475b2f383a4d4e59442f3a3845592f3a30392e322538304b687a6f6f617d6f2b576d62416b7c5d676a416b74273a3a5d6f68454649444f4445556366737c616c636f6457617a7263717b2731422d323a47505e5d6a66676e66576763646763722d394a2d323a4f505457636e697a5f6b6f66747067642731422d323a47505e5d6b656e6f7057687f6c6c67785762696466556c646f6974273348253a304d5856576c677274605f696e6967722d39402530384f525e556466676b7c5762666f66642d33402538304d585c5f647a69655d646d707e6a2d39402d3832455a5c557a65667b6d67645767666c796d7457636e6167702d334a2530384d5a565f7b686b666d785d7c6f7a74777a6f556665662f3b482d3a304f525c5f7c657a747f726d5f6b6f6f787a677173616f645d6a7a766b2f3142273a3a4f525e5d7e6d727c7d726f556b6f657070657973616f665f706f7c6127334a2538324d5256577e6778767d786f556c6b667c6f7a576164637b6f7c726d7063632d334a2530384d5a565f7c6572767d786757676b72706778556966636778557c675f6f6e6f652d33402538304d585c5f715a4f4027334a253832474f51576f6e656f6d647e55636c6e6d72577d69647e2d334a25303045455b5f6e626d577a676c646d72556f617a6f697a2733402d383a454f51557b7e6966646b786c5f6c6570697c617c697e65712d3b402732384f4f51577e67707e777267576c66656b762f3b482d3a30454f5b5f7c657a747f726d5f6e6c6d697c5d6e6966656b702d39402d38324f475b557e6f72767f7a6f576061666c5766646f63742f334a253a304d4d5b5d766570747f706d556a6966645f6464656b7e556e63666f697a2539482d32384f475355766d727c657a5769707061715f6560626f617c2f3142273a3a5d4f484546576967646f78556a756e6667725566646f6974273b4a2730305f45484544556167677272677b796f6e55766f707e7d7a65556b7b746b2531422f3238574d42454457616d6d78726f717b6f66577e6778767d786f556f76692d394a2d323a5d4d424f4c5d63656d78726d73716d6c5d766570747f706d55677c693325314a2f383a5d47484f46576b6f677a7a657b73676455746d787c75706d577131746b2539402d38325f4f40474e576965677a706f7b796d6c5f7e6f70747d72675f79337c635773706f6a2731422d323a554d484544556665607d6d55786f6c6e6d786d7a5f63646e6f2d33402538305f454a474e576c6760756f5f796a696e677a792733402d383a5d4f404d44556c6d707e6257746d78767578652d334a2530385f474047445f6e70697d5d6a7f6466677a792f39482738385d4d4a474655646f7b655d63656e7c657074273b4a2730305f45484544556f7d6676695d6c786b7d2f31482d38385f45484d445f786f6e796d6f665f656f666d39342467645f623f303c643b693a3463303d3b683e3a6f696e303c36336b6c3469376035693638386a38636c3d3733362e776d6e7e374b667e676c273a3a4364692c2c7f6d647a3d43647c6564253030437261732d32324778676c47442538324d646561646726616b6e373b&jb=393732266471374f67706b64666325304e3f243a2f303a205d616664657d7b253a304c542f323831382e322d3b4027323857636c3e3e273b48273232703c3e232f303a497a7864655d6f6a4b617427324c353b372633342d3a322a4b4054474e2d38412d38326c6b636f2f383a456f6b61672125383a4b687a6f6f652f324e313a342c3826322c302d323a51696c637a632732443d393d243934

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 22 Apr 2024 09:10:09 GMT
Strict-Transport-Security: max-age=31536000
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK us3MUwzA8oUlFtut
w2txo5aaspapa23jnvm2mz7jguiadlbq35rsqpesa2bf6449f2cf2358sac.d.aa.online-metrix.net/ Frame C1E1 81 B
438 B 895ms
203ms Image
image/png 192.225.158.3
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w2txo5aaspapa23jnvm2mz7jguiadlbq35rsqpesa2bf6449f2cf2358sac.d.aa.online-metrix.net/us3MUwzA8oUlFtut?497390a720a3286c=4r0m3tyYB13oXRHVcjEYTaUziMpltwhw634XD4SZIyKhbMUAAgJwMFQiWhHdlpbC5mtcQh60SBPgXK4YcX-iKlzCNcp2njO6Vv0QqsK7paV8PzreQouZsSj9H-VEGQ_KrniRfRxpPIOQygrVczeHPHfG5bYJ2r4yLEP9oZjtiqLJB6s

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.158.3 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Mon, 22 Apr 2024 09:10:10 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 xB3Yl-n2CoqRel_2 Show response
imgs.signifyd.com/ Frame C1E1 0
218 B 356ms
145ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/xB3Yl-n2CoqRel_2?c23dfe5b41f6469e=l3cki_bHIuSpeH6Gs2PnEwVtBkt0w9UPW8kBd5Dmu-XyFMpO3aZ3nJp1J4pRJGct7n38zLy7HQhzRbu0elyS9ij-0QV9bMZHasaz8d8wAMqJdoSQdbnH2eNL_ENa8J6mVdgsUyJoUhC-6Z9FDjjMUa02Ly5wJFI8AoeNQ3WTQ6DAyg_ldu0aMtaVp7oScPOEV6UhZNCo9M-lGufkUNHT8nDrFUmrmQ&jac=1&je=3036242665656e6a3522312d384131273a49392f3841396a393b6a36686931326d643430323130626c613a6c3b6730396e646e323f6e603e686335306e393e3d3332326e3c393e34336e3e393b3237333b613e326a352b

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 22 Apr 2024 09:10:09 GMT
Strict-Transport-Security: max-age=31536000
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=96
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 204
204 l4lZDECqhQw-2_0O
imgs.signifyd.com/ Frame C1E1 0
400 B 250ms
249ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/l4lZDECqhQw-2_0O?f557a463d984b68c=gVs9kA3Trpi-zqdTxEruy1h9m6aSYHzOWAwcbnhgl29HUtFfDrc403aPe-7XuQWcW3Q7GMUB-4h-w6UZ147vUyWbIfxK6D3Pdr5rmTRbdT4lyvK3asvgPzp1gBZkV6FAhbs3svVg-UqRJDnk-u8UKzSldr8-bazkIsU0REhm9ABHqybtIi7_iP2lomRNNZSsA4LjNiHat907kXVVOuAZnTJ0QjgxQw&jf=3c3336267b696e5d7a6466357e66725d7a415b7c6b32484a794c5c73705872612e736b64556469746d3d333f393135373f303a3b2e796b6c557679726d377d6f68386f6b6e7b692679636c5f63657b3d39303d393b30333b383432373a6132343c32616d39663030383b3a3c3a3a3869323e3c38696f3b64383332313a3738333c3232383836616539353f30383e603b326466376b39686f68613a316f383f333c6e6d3530376132333930316c303a3b6a3063323a303f673c6e3239383665356d6b3c6c3b636f6a686a6d376e3339653e62606468383f656b6634696c31353639613e636969323e6f6764633f6b6f33696632693c3f3d643e6f31643d3363613d333b626e62247b61665d7361673731383e3638383030303039323d3f34393c6c6e6c38396869656d333b316f373a3731313b386a6030643e306f633c3a373e323b39343132693932363d30696b6d363d6839616a353b30383238376e65346d6c3163636a643b326a3c376a396331606a326e3b6c666c6a3a3a30633e6c3d386a3932613c353030696137393b3a6130303938646d3e353f393766247b636c783732

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Mon, 22 Apr 2024 09:10:10 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=95
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ts
t.paypal.com/ 42 B
258 B 173ms
171ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfo&cust=RAYSGCAAKRC7S&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&unsc=0&identifier_used=IP&e=im&t=1713777009543&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-cache-hits: 0, 0
date: Mon, 22 Apr 2024 09:10:10 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 4162f19904dd5
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-bur-kbur8200046-BUR, cache-yyz4547-YYZ
pragma: no-cache
correlation-id: 4162f19904dd5
traceparent: 00-00000000000000000004162f19904dd5-69f0476ea6bfe557-01
x-timer: S1713777010.983556,VS0,VE95
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Apr 2024 09:10:10 GMT

POST
H2 200 collect Show response
sgtm.elfcosmetics.com/g/ 940 B
1 KB 191ms
189ms XHR
text/plain 34.49.124.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je44h0v9125640115z8896608294za200&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=911738470.1713777001&ecid=741721254&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&sst.rnd=141723064.1713777001&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&sid=1713777004&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&_s=4&tfd=16196&richsstsse

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.124.49.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

870b5ed01284909cc7fbc57b01ed300d8946070401328199e50d3f5fc376df80

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 22 Apr 2024 09:10:09 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
server: Google Frontend
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering: no

GET
H/1.1 204
No Content _HkVZ1v5CnHV3VUF Show response
imgs.signifyd.com/ Frame C1E1 0
387 B 208ms
207ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Mon, 22 Apr 2024 09:10:10 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

/
www.google.ca/pagead/1p-conversion/698270988/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/698270988/?random=1072386027&fst=1713777009840&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h0v912564011...
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=364504026&fst=1713777009840&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4...
https://www.google.com/pagead/1p-conversion/698270988/?random=364504026&fst=1713777009840&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h0v9125640115z889660...
https://www.google.ca/pagead/1p-conversion/698270988/?random=364504026&fst=1713777009840&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h0v9125640115z8896608...

42 B
64 B

130ms
129ms

Image
image/gif

2607:f8b0:4004:c1b::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-conversion/698270988/?random=364504026&fst=1713777009840&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h0v9125640115z8896608294z99175401888za200&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=493848422.1713777001&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQI&pscrd=IhMI6-2u77zVhQMV-BPQBB2uBwh9MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQB7FLtq8_-jPrtN3ZtkLJCxvps88I1F_frS9F3NOYLiFoiCF5Tfovvg&eitems=ChAI8JWYsQYQ7pGyz5zS3aBmEh0AcPI6X3CUOwHRKRBzI4Q56iUezS76fDe9DSKIdg&random=2946790655&ipr=y

Protocol

Server

2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:10 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:10 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.ca/pagead/1p-conversion/698270988/?random=364504026&fst=1713777009840&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h0v9125640115z8896608294z99175401888za200&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=493848422.1713777001&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQI&pscrd=IhMI6-2u77zVhQMV-BPQBB2uBwh9MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQB7FLtq8_-jPrtN3ZtkLJCxvps88I1F_frS9F3NOYLiFoiCF5Tfovvg&eitems=ChAI8JWYsQYQ7pGyz5zS3aBmEh0AcPI6X3CUOwHRKRBzI4Q56iUezS76fDe9DSKIdg&random=2946790655&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 c Show response
ids.cdnwidget.com/ 441 B
779 B 549ms
183ms XHR
application/json 2600:1901:0:56e0::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=048133242&GCS2=MTcyLjE3LjAuNywxMC4xMy4wLjYwLDI2MDQ6YWFhOmJiYjpjY2M6OjEwM2E=&pe=false&wsid=6664&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Afalse%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A6664%2C%22loadID%22%3A%22volZmmQAkTMHJxL%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A9%2C%22IDStageStart%22%3A9%2C%22netComplete%22%3A143%2C%22obsReqview%22%3A446%2C%22obsReqpage%22%3A451%2C%22obsReqdata%22%3A452%2C%22IDStagePrefire%22%3A453%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A-7%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%224461377238860516364%22%2C%22visitid%22%3A%221713777009625635%22%7D
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:56e0:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 076683926007bf1b9209c78cd7df9d96d5cade2843731eb2ffe5b181af6e6cb9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:10 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 441

GET
H2 200 lookup Show response
pd.cdnwidget.com/ 49 B
205 B 417ms
147ms XHR
application/json 34.149.130.207
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://pd.cdnwidget.com/lookup?deviceID=2fRqtpICzLfD1UB1eZy6nqeBdzh&bxwid=6664&bxdid=4461377238860516364&visitID=1713777009625635&enableUID2=false
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.130.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 207.130.149.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: 771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:10 GMT
via: 1.1 google
server: istio-envoy
content-type: application/json
access-control-allow-origin: *
x-envoy-upstream-service-time: 28
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49

GET
H2 200 init1.js Show response
api.bounceexchange.com/bounce/ 108 KB
19 KB 469ms
136ms Script
text/javascript 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/init1.js?wklzs=1072&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHZ8BmQ8gBn3wpIDZNgAvEKAFgCYLMB3AUwBGOVMD4B9VABModWW0wAnPjhAAbOGgwE6FCgA98Xbkph8FShVGwBDVatQIA5mLgLVUABbBgABxwBSEgBBfw4AMVCwnmiAOj5VGCQQHABbPjQkHBiklMi+BDEAYRDw+JgAWiTU9NQkSoVUFIdbHEwAN1RhYDEkkABrVD4of0IAIVCOVR8JwJKOL18AjgBWYNDl8PXw6J44hKq0jKycrbD8opKNs4TK5MPa+sbm1SWOUMKJhRm1jjffkYAItgQP1BsMxhNJFJvnM2Gw6KRyBwSAAOFE6Zb4Oj0NgzDgfX4dSQwoiIygUACcdBW2OW7wmbRhI3Gv1UIEcjj4kgkCBhMBafHpvz4bTMYjZHK5PL5AqFHCQ1gU3QAjsAAJ4wihynBwARNbxSjBdQX-YL8l4mgmTdmc7kOCSSfJoGCDYmmoLmnCWiYKpUyi1y33dNq2OAmt5m2WEAFyySOMKoBQ4YAAGRA1jdEaCwAUYblHkVkgAkjH3RMODAAEo8NhwJAAFQA6tWAJoCFEUTmqFEANTaPABdAQ9bAeKtKhgwBLTN+Fcrqp8RcKTBTMAB+AAqqN8HwAFpqofKvijSRMDxjyGOJkQ36dAAKSg6IDgOEKL9AaS+7s93tvOAAyrqOBIA0AhmP6XqBtYSAeOIwCvLMpJkJQ1C0HS0aAu0io4AA2hKto8gAurAApYUmOEimK+FSg4xE-mRuFBmIqpqsR3AhuROp6iIojckaIh8HRpEcbh1F2gUUhOqgLpckJFoMThQZyV6ClMSG6iCSR8kiThPjWJyYjqj4mn0W0jowHhNo0RJjoIM6rrKXw7TmYpirBqGJmkb0AxwSC4qKpyWkqQIPhQNw6ShThABEQZRQANDF1iiI4IAKGq8UxbBSB9M+wAZR4IBpBlPgKCAkh1nlCVeoqMFRYRmA+PBVg5D49jWMg4gwKo+lWG0BZWAWCh2tIc41nWTatu2nbxL2-aDsOYCYBO3RSFAc4LkuK5rpu257geCBHieZ5AA
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: 09fcb5ca869fa058839fa9b9f9f7eacb5b131b00ef43f0c0f86508f9480f0b26

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:11 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 22 Apr 2024 09:10:11 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 30
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H2 202 graph
idr.cdnwidget.com/ 0
135 B 428ms
150ms Image
text/plain 34.149.130.207
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idr.cdnwidget.com/graph?cookieID=2fRw4ucTWRwYb80gel8VvwD6nTj&deviceID=2fRqtpICzLfD1UB1eZy6nqeBdzh&bxdid=4461377238860516364&bxvid=1713777009625635&bxwid=6664&gm=true&apikey=2^HIykD&loadID=volZmmQAkTMHJxL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.130.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 207.130.149.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 22 Apr 2024 09:10:11 GMT
via: 1.1 google
x-envoy-upstream-service-time: 0
server: istio-envoy
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 creatives-base-styles.a53944a2.min.css
assets.bounceexchange.com/tag/css/ 37 KB
6 KB 77ms
77ms Stylesheet
text/css 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/tag/css/creatives-base-styles.a53944a2.min.css
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Apr 2024 23:47:44 GMT
content-encoding: gzip
age: 1243347
x-guploader-uploadid: ABPtcPqGy9d2M-qBheuOAvcTK4qECHvzI2fHTftMVJHWDh-ykX2GkVJohEUpIxXJ28Rp4JmFwT8
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6053
last-modified: Tue, 13 Dec 2022 17:12:22 GMT
server: UploadServer
etag: "54f61bdcbfb6f81427c8a6803f48b02f"
vary: Accept-Encoding
x-goog-generation: 1670951542233151
x-goog-hash: crc32c=lLRhfg==, md5=VPYb3L+2+BQnyKaAP0iwLw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 6053
accept-ranges: bytes
content-type: text/css

GET
H2 200 visit
events.bouncex.net/track.gif/ 42 B
97 B 138ms
134ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoB1ETAEwIDuYNgDkAKmwCMzFpQDMAITbdMANgAs8pdWYAPDQEo2AQQAOp0gk4IARgGkoNBnIDsjOarbs7ACTF4AGRoAYTZSEABrBDYAcQQAYwiCIx1ggAskAgBbaLpJanUWItYdAGUUADMUJBAneld3VQAyUAgYJAQK5A6kHBbwKGgKPh40U3QEWCRSHDTISFNhanrjGno6NboBbcYEUgr4gjAcyBB4sEZDrM3aLAB9YNXluj2KgFpD44RT+I+arJ4KFIYH6bWgHTABFIsFOBEwuhwklUzGYoMGEKhMJAcIAnoidKjWoN4vBINlgNUQCgbJYwDhKC5tNRSAQ0BheHceDRqPIntQqsDcjzqKFqNQEMBkHcWWyEByuWLedyBYhuSFufFqpA7gBHSA4tVyPklYWi6hgWA2AHzOV3OFtIVKsUqx0i7ky9mczCc3hYU4VEByw18l1qt1izVISDB5VA1WK8PUSPainQx1G2OCsNm8YYO760zpkNxx0uAAiaJghwIEUD9MZ3N4IF4MbF6nUqkkrhc1DkAA4+8j6EiPJoE2bQC3FUbJC4uy4F8xJJJ1HIAJz0dvqsXAGMN8vb6i8NC0EBIMCQAIEFBTnlGyBIWC5M1paq8ACSZdbzoASgJ1LA8RiJwf4AJo2H2zAYKQfYAGrAAIZaqJgYgAFbZtykIVJAn7fvyP56qY77BEQAQVGWkgAKoKJICAAFo4shOoIAovBEGkGFisee5MuAAAKHSgAQ8DBKS2TIMGoaJuApSWmA8Q1DYEnTsYUlmpq8RpAg+ZLHexizvOi7Lswcj0AyX6JhUwDRipBndi4S6SIeKAEMGJRmqQpjfnMCxLCsNw3NsAi7PsnwnGcFxXDc9yPNF+wfEc4W-ApIAApgcacdQKC6by7ncsApi7rZh63k6R6ZUg36ZfE1nBnZC4Ocuh4QKVRpvE5iZoApwb0H2h7XCpeViqQtW2XO9mOYempZOMIBoJgOUZg2YoFPQqgFGOekMkywBFXpQ3MqNen1UZTkHomBTrb2Lg8fle25YeI02cd40NZN51mpdYr9rdO73UaB1PXVr2neZYPlk08DIBM2DQDYmRCMgODpJkOSQ4gqAYLDkrntimD4oUMhE+j0NYzAFgoJAFQEEgWQ4Co-BCFIqJQ5jfrQL6oDxN8OKFjgvpgBEZKmE0JIXuJSDQK+8lwjjkByjgqIYAQ0CHLA2BIDihy+sjxhNMrqvCRrWsEL6ci6yI+sICravG+lOTIyg6W8CgVsqx0aB4zgACKwRu+CCCe3C9sID7T5KfE-vxFAeKEBrCBAv7phHJAQLa6HPhyD4UdwqcmB+unOAiHrWSm6HqICLYDrNjgqh1+olY1ydjUruum4N5zZwIDX7adt2vYDkOI4aE0uYSoGAhN00iA6k+mDczXqLxOEfqnDkF4oDNiIgy39D1KLK-YCgpggDjEBwjgqdoHITSd9z-NNJAaRnhy4xRjidzi2zdxNmA1KWLwHALpH5EAIDgdQOhp7CSQPfSuNgmgw1wKzKB2EfQ4HwoRYipFyJURovRRimBmKsXYk0V8SB5SAPwv+QCwEwIQSgnsOCCEkIoVQkAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:11 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H2 200 pageview
events.bouncex.net/track.gif/ 42 B
165 B 107ms
104ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdBOgGYDGA9oQLYS4YHQk2696EAHYB9AMKVarNgFpufAUNWoYvGJJDpCAMlCRYCRB2SFcXXlBDaQAI3QRCmYgHYAQtSroXGCQACbSev5kClRsBoQQkVSy-tAQqNKBwRBhEVRUUf6xhgl51Ml5HI640gCOuACekRT+AAyJ5VSEyM66+NnSXJKEMLgl+c15RfHt-pmh4TIwIVKCbHAhTdFTY2X+lai4m4VxO0l7VdIO6Mg7EzEnM3mmENINwLdbD6VeACIm4NA4EhuFwANZwYYALwgmAAbAAOLz-MxAywgSSDIQGHD4IgFWj0RjwFjsNT8QTCUR2CQyeQSdiqHjkzQcbS6fSGZGAiwg8EvWxcDKOSCYbZc8zArhguCvervTCkYCc54SyxSvnSKEwgCsVAAjEixMBLLxgJgWkYjYhcBw2ObLXZjdYzRarWBgC6jLwuMt7fAIM5hqMlnDYbCACxGWBBkMGvWkLyJlp6vXh0gATm14cjy1gHAgIezsPjiaopHh8NhLW1ethpAj4qBsaM8RqN0k+ebHHQcEk+B07lwIFNmDjCaTKe12sNPZWIGAMCgaWGg0wQ7ApCMuaEMJCRlw2BgqDCoAO9U1tlQAOkIRghBcbhCopO+8hXEw4aoFsIXDQ+cw-rOEYAJ9pg1hpC2XBsNUIYxAASnUwAAJKyJCAAybA-HqACqPh6hAABa9SwpINQQD4ISQtgRjYI4ORPvB8DhsgHAACoAOpwfAACazjwi0kDoPCABqUDwD8JGsQAVkAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:11 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H2 200 id_sync
events.bouncex.net/track.gif/ 42 B
95 B 116ms
115ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2fRqtpICzLfD1UB1eZy6nqeBdzh&source=web&agent=cjs&deviceid=4461377238860516364&visitid=1713777011439544&websiteid=6664&pageviewid=undefined&sequenceid=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:11 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H3 200 6aa18944a3ad2c224d37dafb46afa35f.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 92 KB
92 KB 81ms
80ms Image
image/jpeg 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/6aa18944a3ad2c224d37dafb46afa35f.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 03:59:25 GMT
age: 969046
x-guploader-uploadid: ABPtcPqeaU8SQIxsKpm-FD0FvS_dTxMw0WgF6sTlHMopDmOlEqVAXJkcN5V33cJyQWbjDMIwxIoRSQ_PNQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93895
last-modified: Mon, 08 Apr 2024 16:27:35 GMT
server: UploadServer
etag: "6aa18944a3ad2c224d37dafb46afa35f"
x-goog-generation: 1712593655184176
x-goog-hash: crc32c=H/B1bQ==, md5=aqGJRKOtLCJNN9r7Rq+jXw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 93895
accept-ranges: bytes
content-type: image/jpeg

GET
H3 200 59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 18 KB
18 KB 94ms
93ms Image
image/png 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 13 Apr 2024 18:54:31 GMT
age: 742540
x-guploader-uploadid: ABPtcPrAnVmFqNvDQ15nmF1lBnlcMMyw5n9aoWrg0Q_WCUO7z6NNTF-WrAYuXdKLF54irRGqTP0QODEDfw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18352
last-modified: Tue, 25 Aug 2020 15:57:40 GMT
server: UploadServer
etag: "59a941c096f98029341d8c56b7b89113"
x-goog-generation: 1598371060392963
x-goog-hash: crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 18352
accept-ranges: bytes
content-type: image/png

GET
H3 200 16f45df19355361dc1c101036c0035b0.png
assets.bounceexchange.com/assets/uploads/clients/3258/creatives/ 2 KB
2 KB 90ms
89ms Image
image/png 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/3258/creatives/16f45df19355361dc1c101036c0035b0.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 04:05:16 GMT
age: 968695
x-guploader-uploadid: ABPtcPpnXcu0_LJq5vNrn0uc_6Ta6rJWhEfbIzp8xS2JgKu8Phd1RlW_px6CCyLtPprfWISSF4mXgtEIqw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2419
last-modified: Thu, 01 Apr 2021 03:01:32 GMT
server: UploadServer
etag: "16f45df19355361dc1c101036c0035b0"
x-goog-generation: 1617246092060079
x-goog-hash: crc32c=pklVBw==, md5=FvRd8ZNVNh3BwQEDbAA1sA==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 2419
accept-ranges: bytes
content-type: image/png

GET
H2 200 eligible
events.bouncex.net/track.gif/ 42 B
95 B 104ms
102ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7HIDMCtQAY5c9coCsZOAEd5ZUiD4A7TgH0IwKDjKieABwIQQFuzgBMAFgA2Hx9VUxZUZEwcBBYLSIAPMgIQTCscACsoMh4mYCj1MgB3TCQITkxvAKq-MkYoMu9FFTUFTTk-ZQBOXT8avMZI716A5oUQgA5xgPVdOQDlAJq3FMZMQsbTTEM4VMHgXyciCFTOTgg+KE4CV3klVQ0tKYDD46sCFwh6bHqmCxwrkDKCgMCCRHDAMiccQQVDAaxuVCcACe1kuTFQyUw1mA0AICCImH2hBI5E4AC8mDg-D4ClAmHgbN4fHgAEqGTguACSbDJABk8AAROQAVQAQnJMAAtJEBCyGTCi4Bk8RkcQEWG2fbMlmFPxwZBSADqOoAmghxuoUkRxgA1eiFAWyqTpIA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:11 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H2 200 pop
events.bouncex.net/track.gif/ 42 B
95 B 142ms
141ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/pop?wklz=A4e2C4EMGMBcEsBukEgHYF4EFsCmAnAMgHNcRxoQBXNWfAT0oBNcMBhAQRLPH12PjoMARTbdylWvDS5azVgDkuVAI4YAjIWiRswSPGJp4TDACYALADZTpgMwB2QgGdq+aKwBG1NO4AehSFJaDAArJ0JsEBYMAAZCAHdcDyd4WFxjDEss80JEeBSEE3V7dQd7exj1dXNbAE4AVnMcljz3DKbLUvK7AA4eyxj69UtbSxy9UjzceIzNJ1wVKlk2k1stABt4WVgcXCdYHWANErKKqp77Uw2t2khgJAIUoQPiNZb4dwwmQlgAC3h8EwAPp6fCwehA-YgfCBXBApj5SAeda4EwAM0g63mPwAXiAMOZTHEXGjYECMqY0QAlFSwYAASTYOIAMmiACLqACqACF1LgAFr0SxoFS4blMHG-Qi-SCA8kmSlU+LmKjQAAqAHUlQBNDw9GKkdY9ABqiHibOFapCQA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:11 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H2 200 eligible
events.bouncex.net/track.gif/ 42 B
95 B 139ms
139ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7HIDMCtQAY5c9coCsZOAEd5ZUiD4A7TgH0IwKDjKieABwIQQFuzgBMAFgA2Hx9lAA5TFlRkTBwEFgtogA8yAhBMKxwAKygyHiZgGPUyAHdMJAhOTG8Amr8yRigK70UVNQVNOT9lAE5dPzqCxmjvfoDWhRDQ0ID1XTkA5QC6tzTGTGLm00xDOHTh4Bw65CIIdM5OCD4oTgJXeSVVDS1Q7u6nE7OCFwh6bEamCw4G4gZQUBgQaI4YBkTjiCCoYDWNyoTgAT2s1yYqFSmGswGgBAQREwB0IJHInAAXkxDj4ilAmHgbN4fHgAEqGTguACSbEpABk8AAROQAVQAQnJMAAtVEBCyGTDi4CU8RkcQEBG2A6stnFPxwZBSADqeoAmghQuo0kRQgA1ejFIXyqSZIA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:11 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

POST
H3 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 32 B
49 B 121ms
121ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 7586f9164e6bc95d916e3828d687c85f77cf253b34a5908fffa5f6f17dfd0d72

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 22 Apr 2024 09:10:12 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32

GET
H/1.1 204
No Content _HkVZ1v5CnHV3VUF Show response
imgs.signifyd.com/ Frame C1E1 0
388 B 141ms
140ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Mon, 22 Apr 2024 09:10:13 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 204 log Show response
www.paypal.com/credit-presentment/ 0
1 KB 208ms
208ms XHR
text/plain 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/log?disableSetCookie=true&features=disable-set-cookie

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Mon, 22 Apr 2024 09:10:15 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS, MISS
paypal-debug-id: f8254369592ad
server-timing: "traceparent;desc="00-0000000000000000000f8254369592ad-4667ea84897565be-01"";content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-bur-kbur8200107-BUR, cache-yyz4529-YYZ, cache-yyz4529-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f8254369592ad-5386288fc97a8a63-01
x-timer: S1713777015.347323,VS0,VE132
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 0, 0, 0

OPTIONS
H2 204 log
www.paypal.com/credit-presentment/ Frame 0
0 478ms
208ms Preflight 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/log?disableSetCookie=true&features=disable-set-cookie

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: Server-Timing
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store, must-revalidate
date: Mon, 22 Apr 2024 09:10:15 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f825436238cc2
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: "traceparent;desc="00-0000000000000000000f825436238cc2-00a966c283a595c2-01"";content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f825436238cc2-4b6998fb8dead90a-01
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-served-by: cache-bur-kbur8200069-BUR, cache-yyz4531-YYZ, cache-yyz4531-YYZ
x-timer: S1713777015.137870,VS0,VE130

GET
H2 200 widget.js Show response
js.jebbit.com/companion/v1/ 44 KB
0 0ms
0ms Script
text/javascript 2600:9000:21a2:7800:a:7914:b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.jebbit.com/companion/v1/widget.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21a2:7800:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a938eea663af09f75118101cf9061107fbef7c4770d7d123c71e33c52c565139

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: R3KY_K4A_1J6MbzxdLc7TwnPZXsf4837
date: Sun, 21 Apr 2024 14:53:09 GMT
via: 1.1 0dbb84b34f6ac39ad26a6446ff2b18ec.cloudfront.net (CloudFront)
last-modified: Wed, 21 Feb 2024 21:57:20 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C1
age: 65818
x-amz-server-side-encryption: AES256
etag: "cc4e73d84c409b310a274ca12ee462bc"
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 45249
x-amz-cf-id: kwhyubWDqXeqQ72UdkfjH4-v4tfTP8cmrDfb46d3ezNBkmgwFDQPgw==

GET
H2 200 i.js Show response
tag.wknd.ai/6664/ 17 KB
43 B 80ms
79ms Script
text/plain 34.120.253.250
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.wknd.ai/6664/i.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 250.253.120.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: fa231056681e8d80c926f3a7c027699435f2dac18f21543b74fc144912bd88f4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:06 GMT
content-encoding: gzip
via: 1.1 google
age: 10
x-envoy-upstream-service-time: 0
x-region: us-central1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5537
server: istio-envoy
etag: eafeb909ea8ada
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=60
timing-allow-origin: *
link: <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect

POST
H2 204 events
c.contentsquare.net/v2/ 0
319 B 94ms
94ms Ping
text/plain 44.197.106.9
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c.contentsquare.net/v2/events?uu=4f6b7749-e081-af55-f966-f032f5e3dc66&sn=1&hd=1713777004&v=14.5.1&pid=1926&pn=1&str=2369&di=4002&dc=7417&fl=7438&sr=18&mdh=6759&hlm=true&ct=0
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.197.106.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-106-9.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:16 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

POST recording
k-aeu1.contentsquare.net/v2/ 0
0

GET
H3 200 collect Show response
sgtm.elfcosmetics.com/g/ 65 B
85 B 242ms
240ms XHR
text/plain 34.49.124.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je44h0v9125640115z8896608294za200&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=911738470.1713777001&ecid=741721254&ul=en-ca&sr=1600x1200&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&sst.rnd=141723064.1713777001&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=5&sid=1713777004&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&ep.vendor_id=facebook&ep.event_id=1713777989687_171377726135231&ep.email=&ep.phone=&_et=12048&tfd=23290&richsstsse

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.124.49.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:16 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
server: Google Frontend
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering: no

GET
H3 200 eligible
events.bouncex.net/track.gif/ 42 B
60 B 100ms
100ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7HIDMCtQAY5c9coCsZOAEd5ZUiD4A7TgH0IwKDjKieABwIQQFuzgBMAFl0ANn8-UxZUZEwcBBYLSIAPMgIQTCscACsoMh4mYCj1MgB3TCQITkxvQKrQxigy70UVNQVNOT9lAE5dP1C8xkjvHsCmhR9lAA5xwPVdOUDlQNC3FMZMQobTTEM4VIHgHH1kIghUzk4IPihOAld5JVUNOeqnY9OCFwh6bDqmCxxrkDKCgMCCRHDAMiccQQVDAaxuVCcACe1iuTFQyUw1mA0AICCImH2hBI5E4AC8mDg-D4ClAmHgbN4fHgAEqGTguACSbDJABk8AAROQAVQAQnJMAAtJGBCyGTCi4Bk8RkcQEWG2fbMlmFPxwZBSADqOoAmghxuoUkRxgA1eiFAWyqTpIA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:16 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 116ms
113ms Image
image/gif 2607:f8b0:4004:c1d::71
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=86093818&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dp=%2Fen_CA%2Felf-cosmetic-criminals&ul=en-ca&de=UTF-8&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=911738470.1713777001&tid=UA-432816-1&_gid=1337011146.1713777001&gtm=45He44h0n81WL3STMXv896608294za200&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=CA&gcs=G111&gcd=13v3v3v3u5&dma=0&npa=1&z=940266999

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 21 Apr 2024 19:28:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 49318
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

cnv
cnv.event.prod.bidr.io/log/
Redirect Chain

https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=c7078f10-6195-41f7-a22d-ce07feacc395&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=Ne...
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=5ce69275-65fe-4584-a1b2-9331fddac447.&ord=7102165727994152417

43 B
560 B

94ms
93ms

Image
image/gif

52.73.200.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=5ce69275-65fe-4584-a1b2-9331fddac447.&ord=7102165727994152417

Protocol

HTTP/1.1

Server

52.73.200.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-73-200-224.compute-1.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
Date: Mon, 22 Apr 2024 09:10:17 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 22 Apr 2024 09:10:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amzn-requestid: 1cef3383-c735-40ec-8605-e5af6a130efc
x-amzn-trace-id: Root=1-66262978-2a89af8a025875515235a785;Parent=1be42a88e1768f7c;Sampled=0;lineage=07bbc27a:0
content-type: application/json
location: https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=5ce69275-65fe-4584-a1b2-9331fddac447.&ord=7102165727994152417
access-control-allow-origin: *
x-amz-apigw-id: Wntq8FLBIAMENgA=
content-length: 2

GET
H2 200 /
www.facebook.com/tr/ 0
126 B 170ms
167ms Image
text/plain 2a03:2880:f103:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1713777016713&sw=1600&sh=1200&v=2.9.154&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4126&fbp=fb.1.1713777007649.814071667&ic=gtm&ler=empty&cdl=API_unavailable&it=1713777005892&coo=false&eid=1713777989687_171377726135231&tm=1&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=28, rtx=0, c=10, mss=1392, tbw=3117, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 22 Apr 2024 09:10:16 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
98 B 77ms
75ms Image
image/gif 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1713777016718&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=b28f05e0-fb4a-4cf9-9331-2d1a3689f404&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_c9439d84&dpm=&dpcc=&dprc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:17 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 px
secure.adnxs.com/ 43 B
1 KB 454ms
163ms Image
image/gif 68.67.160.26
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.26 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:17 GMT
an-x-request-uuid: 04e6056b-8b25-4e30-b282-3087cd9ef52e
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 166.0.205.46; 166.0.205.46; 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=959bddf6-595d-41c0-9feb-4401da7a5aa2&r=https%3A%2F%2Fmatch.adsrvr.org%2...

0
0

GET
H2 204 pageview
c.contentsquare.net/ 0
319 B 94ms
93ms Image
text/plain 44.197.106.9
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/pageview?ex=&pvt=a&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6761&ww=1600&wh=1200&sw=1600&sh=1200&uu=4f6b7749-e081-af55-f966-f032f5e3dc66&sn=1&hd=1713777016&v=14.5.1&pid=1926&pn=2&r=012736
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.197.106.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-106-9.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:17 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H2 200 display Show response
api.usehero.com/webplugin/ 129 B
1 KB 124ms
124ms XHR
application/json 34.232.82.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&state=untouched&outboundFeature=&visitorId=31029a8b-e600-41e7-8bde-432f8ff9bb81

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.232.82.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-232-82-191.compute-1.amazonaws.com

Software

Resource Hash

f728b2a3472bdb7b12fe2b3ad324f86306d5ebfd9a22970cdb9d75865437181f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies: none
surrogate-control: no-store
x-dns-prefetch-control: off
klarna-correlation-id: c1bd8180-a1c6-4c7b-98fa-0722a4d913df
cross-origin-resource-policy: same-origin
x-geo-longitude: -73.58870
pragma: no-cache
referrer-policy: same-origin
etag: W/"81-DUL/7m3RpQ4iaY5LE5GkpykgL0I"
x-frame-options: SAMEORIGIN
x-geo-zip: H3H
content-type: application/json; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?1
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude: 45.50750
x-accuracy: 20
expires: 0
date: Mon, 22 Apr 2024 09:10:16 GMT
strict-transport-security: max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp
x-time-zone: America/Toronto
x-envoy-upstream-service-time: 11
content-length: 129
x-xss-protection: 0
x-request-id: c1bd8180-a1c6-4c7b-98fa-0722a4d913df
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-country: CA
x-geo-city: Montreal

GET
H3 200 / Show response
ct.pinterest.com/user/ 35 B
398 B 99ms
98ms XHR
image/gif 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%2C%22pin_unauth%22%3A%22dWlkPVl6SmxNekUwTm1JdE9XWXlZaTAwWldZMExXSXlZMlF0T0RNeU1HSTJObVF4WWpJMA%22%7D&cb=1713777016898&dep=4%2CTAGS_RECEIVED&stc=true
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Protocol: H3
Security: QUIC, , AES_256_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 09:10:16 GMT
x-cdn: fastly
x-envoy-upstream-service-time: 1
alt-svc: h3=":443";ma=600
content-length: 35
x-pinterest-rid: 2920020261268674
pin-unauth: dWlkPU1UQmhNR0kyTldZdE5qYzRaQzAwTXpsaUxUaGlPVEl0TnpkaE9UZ3pNamMyT1dObA
pragma: no-cache
referrer-policy: origin
content-type: image/gif
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: 0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

activityi;dc_pre=CPyMy_K81YUDFcnHwgQd-g4GiQ;src=9231397;type=retarget;cat=globa0;ord=8979899249655;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined...
9231397.fls.doubleclick.net/ Frame 66C0
Redirect Chain

https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=8979899249655;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefin...
https://9231397.fls.doubleclick.net/activityi;dc_pre=CPyMy_K81YUDFcnHwgQd-g4GiQ;src=9231397;type=retarget;cat=globa0;ord=8979899249655;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-c...

0
0

219ms
218ms

Document
text/html

142.251.16.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9231397.fls.doubleclick.net/activityi;dc_pre=CPyMy_K81YUDFcnHwgQd-g4GiQ;src=9231397;type=retarget;cat=globa0;ord=8979899249655;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.149 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f149.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 472
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Apr 2024 09:10:17 GMT
expires: Mon, 22 Apr 2024 09:10:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Apr 2024 09:10:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9231397.fls.doubleclick.net/activityi;dc_pre=CPyMy_K81YUDFcnHwgQd-g4GiQ;src=9231397;type=retarget;cat=globa0;ord=8979899249655;npa=1;auiddc=493848422.1713777001;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

activityi;dc_pre=CNXEzvK81YUDFZCJfwQdTjEO9g;src=10742279;type=elf8j0;cat=glo_flap;ord=3607896815072;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-cr...
10742279.fls.doubleclick.net/ Frame A10C
Redirect Chain

https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=3607896815072;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic...
https://10742279.fls.doubleclick.net/activityi;dc_pre=CNXEzvK81YUDFZCJfwQdTjEO9g;src=10742279;type=elf8j0;cat=glo_flap;ord=3607896815072;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfco...

0
0

161ms
160ms

Document
text/html

142.251.16.148

General

Check archive.org

Show headers Download Go to

Full URL

https://10742279.fls.doubleclick.net/activityi;dc_pre=CNXEzvK81YUDFZCJfwQdTjEO9g;src=10742279;type=elf8j0;cat=glo_flap;ord=3607896815072;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.148 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 406
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Apr 2024 09:10:17 GMT
expires: Mon, 22 Apr 2024 09:10:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Apr 2024 09:10:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10742279.fls.doubleclick.net/activityi;dc_pre=CNXEzvK81YUDFZCJfwQdTjEO9g;src=10742279;type=elf8j0;cat=glo_flap;ord=3607896815072;npa=1;auiddc=493848422.1713777001;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 /
ct.pinterest.com/v3/ 35 B
0 99ms
99ms Fetch
image/gif 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%2C%22pin_unauth%22%3A%22dWlkPVl6SmxNekUwTm1JdE9XWXlZaTAwWldZMExXSXlZMlF0T0RNeU1HSTJObVF4WWpJMA%22%7D&cb=1713777016960&dep=4%2CTAGS_RECEIVED&stc=true&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%226192ffb7%22%2C%22is_eu%22%3Afalse%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22124%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22124%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22124.0.6367.60%22%2C%22ecm_enabled%22%3Afalse%7D
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Protocol: H3
Security: QUIC, , AES_256_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 09:10:17 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: https://www.elfcosmetics.com
pinterest-version: 0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
alt-svc: h3=":443";ma=600
content-length: 35
x-pinterest-rid: 1771816396174790
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 widget.css
js.jebbit.com/companion/v1/ 15 KB
0 1ms
1ms Stylesheet
text/css 2600:9000:21a2:7800:a:7914:b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.jebbit.com/companion/v1/widget.css
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21a2:7800:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: rlLQSdBm9ZTNXvLaketZ1ik.75AdGtXG
date: Mon, 22 Apr 2024 07:53:12 GMT
via: 1.1 0dbb84b34f6ac39ad26a6446ff2b18ec.cloudfront.net (CloudFront)
last-modified: Wed, 21 Feb 2024 21:57:20 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C1
age: 4616
x-amz-server-side-encryption: AES256
etag: "de1b72e797664b9b2c2139e5ccb24844"
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 15521
x-amz-cf-id: qpOi66OrF3a8xdaj-uh2j61U3Zj3zyFdy3z8LGxpPVSNvX0Yn1MSQw==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/

Domain: k-aeu1.contentsquare.net
URL: https://k-aeu1.contentsquare.net/v2/recording?rt=5&v=14.5.1&pid=1926&pn=1&sn=1&uu=4f6b7749-e081-af55-f966-f032f5e3dc66&hlm=true&ct=0

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=959bddf6-595d-41c0-9feb-4401da7a5aa2&r=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dpubmatic

Verdicts & Comments Add Verdict or Comment

218 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

97 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 6HD9OjbeRKE
.youtube.com/	1970-01-21 00:22:08	Name: VISITOR_INFO1_LIVE Value: G-Q6c8eHbQ0
.youtube.com/	1970-01-21 00:22:08	Name: VISITOR_PRIVACY_METADATA Value: CgJDQRIEGgAgQw%3D%3D
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: initAuthComplete Value: true
.elfcosmetics.com/	1970-01-21 05:38:56	Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57 Value: %7B%22g%22%3A%22910c8729-1c9a-e1a2-02ed-6d1e6b21f8ea%22%2C%22e%22%3A1713778799819%2C%22c%22%3A1713776999819%2C%22l%22%3A1713776999819%7D
.elfcosmetics.com/	1970-01-21 05:38:56	Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57 Value: %7B%22g%22%3A%226149aa11-8170-2716-9389-0ce722d7a860%22%2C%22c%22%3A1713776999822%2C%22l%22%3A1713776999822%7D
.elfcosmetics.com/	1969-12-31 23:59:59	Name: pxcts Value: 18d981b8-0088-11ef-9978-6bfac715a754
.elfcosmetics.com/	1970-01-21 04:48:33	Name: _pxvid Value: 18d978bd-0088-11ef-9978-3015f424f67b
.elfcosmetics.com/	1970-01-20 20:46:09	Name: _dyjsession Value: sy9gmbmfb06wkiz68bwjyu2efbc6t1fh
.elfcosmetics.com/	1969-12-31 23:59:59	Name: dy_fs_page Value: www.elfcosmetics.com%2Fen_ca%2Felf-cosmetic-criminals
.elfcosmetics.com/	1970-01-20 20:46:09	Name: _dy_csc_ses Value: sy9gmbmfb06wkiz68bwjyu2efbc6t1fh
.elfcosmetics.com/	1970-01-20 20:46:09	Name: _dy_c_exps Value:
.elfcosmetics.com/	1970-01-20 22:12:33	Name: _gcl_au Value: 1.1.493848422.1713777001
.elfcosmetics.com/	1970-01-20 20:04:23	Name: _gid Value: GA1.2.1337011146.1713777001
.elfcosmetics.com/	1970-01-20 20:02:57	Name: _gat_UA-432816-1 Value: 1
.dynamicyield.com/	1970-01-21 04:48:33	Name: DYID Value: 734086977198369129
.elfcosmetics.com/	1970-01-20 20:46:09	Name: _dycnst Value: dg
.elfcosmetics.com/	1970-01-20 20:02:57	Name: _px3 Value: 39243075ed5c3af0cbf860e15c989f149969f3fc1b001863409917b0de4887ed:vyOqrblh8O6ZFUXLgMM3KcI/uTDbDfWcKYCFqh5P0SsIj3tcyxFEQSHcGp12OntusLq3nBbmy0xsr1CzjQgfWg==:1000:sudsxnseAPxvPZrPX0/3iawcmPJrBvrSzbulCDB78FgIraeI36vOEO3M4bv4GINwKnxEf9gZZMNVYDOA6W8Ft8YNUPB/mCq1sakWKtKjji1VwNF/EBdEYL+t9Rg6fZ+v2i6ywg69AWiYt8YZYZS+mEEQD3XZuGj/OoirgJfEu5G0Ygm8oHVai2JaKrj57eygfkyOEnrvb2P2Tt6nh4D8ZH3L3Vpu6+Npwd6pwHzjJ70=
.elfcosmetics.com/	1970-01-20 20:46:09	Name: _dyid Value: 734086977198369129
.elfcosmetics.com/	1970-01-20 20:46:09	Name: _dycst Value: dk.w.c.ws.fst.
.elfcosmetics.com/	1970-01-20 20:46:09	Name: _dy_geo Value: CA.NA.CA_QC.CA_QC_Montreal
.elfcosmetics.com/	1970-01-20 20:46:09	Name: _dy_df_geo Value: Canada..Montreal
.elfcosmetics.com/	1970-01-20 20:46:09	Name: _dy_toffset Value: 0
.elfcosmetics.com/	1970-01-21 04:48:33	Name: _dy_soct Value: 647796.1248068.1713777001.sy9gmbmfb06wkiz68bwjyu2efbc6t1fh836603.1652212.1713777001837245.1654610.1713777001*861617.1750272.1713777001
www.elfcosmetics.com/	1970-01-20 20:13:01	Name: FPC Value: c7078f10-6195-41f7-a22d-ce07feacc395
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: scapi Value: prd:3b1c6452-fa2f-4292-8909-8fdf924f6167:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MzFkYTk4OS01NGU2LTQwYjUtYTI5OC0wZDQxYjc1ZjdiMWUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjNiMWM2NDUyLWZhMmYtNDI5Mi04OTA5LThmZGY5MjRmNjE2NyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTM3NzY5NzEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFiazBnVndYd1lscmdSeEtjV3hHWVlrSElXOjpjaGlkOiAiLCJleHAiOjE3MTM3Nzg4MDEsImlhdCI6MTcxMzc3NzAwMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNTEwNDMzNjI0MjcwODQwMyJ9.AKK1mZNSf8EO6vvokrPO4-W2Pw5V0lY5ffV0bMXibJlZHldOJwNyplRNJODuD9YOwA9uH5daISXh-AitSsr0fA
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: dwsid Value: hHVoK8y1-UlVSftL5ng3y8y0srjTbtKD3AQ0J6xe89xkxm0vEuXSQyDDZDky_0udjYKPHtiyh3PNratyqpKb0g==
www.elfcosmetics.com/	1970-01-21 00:22:09	Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92 Value: abk0gVwXwYlrgRxKcWxGYYkHIW
.elfcosmetics.com/	1970-01-21 04:48:33	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Apr+22+2024+02%3A10%3A02+GMT-0700+(Pacific+Daylight+Saving+Time)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=c02c33f4-c63a-461c-bae9-f60a6def2793&interactionCount=0&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1%2C5%3A1
.adsrvr.org/	1970-01-21 04:48:33	Name: TDID Value: 959bddf6-595d-41c0-9feb-4401da7a5aa2
.adnxs.com/	1970-01-20 22:12:33	Name: XANDR_PANID Value: J3yc_dN7pzQeBdbSpIm3UZDWs7vOvufa4xDDj5dL4YFaJjl7FhUd3hJJDTKFHW29_DLj8wsUuPT58cn9e_v19jf0G-m9GUvwVZe4HpC744Y.
.adnxs.com/	1970-01-21 05:38:57	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 22:12:33	Name: uuid2 Value: 4303390990826304848
.adnxs.com/	1970-01-20 22:12:33	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2E>>q/L7Y!]tbP6j2F-XstGt!@De2$npxh
.pointmediatracker.com/	1970-01-21 04:48:33	Name: c Value: b76ce508-cc67-4442-ba7a-43631ed90a9a
.doubleclick.net/	1970-01-21 05:38:57	Name: IDE Value: AHWqTUl4UdQxjH4yRpx-4Cd9yctVLkt6UC3ndTH6gBBHT4c8gGt0wg30_Ty-OpI6yQY
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.currency Value: CAD
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: sid Value: 0EVWYfMfi3t5_uyXu4AesJiEjPLsxKCx8LM
www.elfcosmetics.com/	1970-01-21 04:48:53	Name: _dyid_server Value: 734086977198369129
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.InternationalUser Value: true
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.location Value: CA
www.elfcosmetics.com/	1970-01-20 20:04:23	Name: currentLocale Value: en_CA
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.sessionid Value: abk0gVwXwYlrgRxKcWxGYYkHIW
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.LanguageIsoCode Value: en_CA
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: __cq_dnt Value: 1
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: dw_dnt Value: 1
.bidr.io/	1970-01-21 05:31:30	Name: bito Value: AAE-FU7MTFMAABNCJ6M08A
.bidr.io/	1970-01-21 05:31:30	Name: bitoIsSecure Value: ok
.elfcosmetics.com/	1970-01-20 20:46:09	Name: rmStore Value: dmid:9097
.elfcosmetics.com/	1970-01-21 05:38:57	Name: _ga_ZLYXLXNDL8 Value: GS1.1.1713777004.1.0.1713777004.60.0.0
.elfcosmetics.com/	1970-01-21 05:38:57	Name: _ga Value: GA1.1.911738470.1713777001
.rubiconproject.com/	1970-01-21 04:48:33	Name: khaos Value: LVAQKVOR-7-AD0J
.rubiconproject.com/	1970-01-21 04:48:33	Name: audit Value: 1\|XuP7A+G059rSiDG7DmOp8v8tmvuDoY6L/Wlyc/LAbg+byR+hvQt5L5e6KPsPgFxEAMJiIZdFpImM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLtuIAal/PE/ljE3IZvlvyBmIk1tYCYzYeVnSnnoWKJyAog3JR+qvuVjvqAH+LZKodtbOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.elfcosmetics.com/	1970-01-21 05:38:57	Name: _ga_5D80LRC85N Value: GS1.1.1713777004.1.1.1713777004.0.0.741721254
.adsrvr.org/	1970-01-21 04:48:33	Name: TDCPM Value: CAESFQoGZ29vZ2xlEgsI_Jus9sCt8TwQBRIWCgdydWJpY29uEgsI4Lqs9sCt8TwQBRIXCghhcHBuZXh1cxILCJyAlv_ArfE8EAUSFQoGY2FzYWxlEgsImqKW_8Ct8TwQBRgFIAMoATILCOS_q53XrfE8EAVCDyINCAESCQoFdGllcjIQAVoHM2Z0Zm5oM2ABcgZjYXNhbGU.
.elfcosmetics.com/	1970-01-21 05:32:21	Name: _cs_c Value: 0
.elfcosmetics.com/	1970-01-21 05:32:21	Name: _cs_id Value: 4f6b7749-e081-af55-f966-f032f5e3dc66.1713777004.1.1713777004.1713777004.1558384338.1747941004994.1
.elfcosmetics.com/	1970-01-21 05:38:57	Name: FPID Value: FPID2.2.cO0gCheWVWQDwjU9oh1ARG%2FJkfdpbPCrFojglcdz7nc%3D.1713777001
.elfcosmetics.com/	1970-01-20 20:02:58	Name: FPGSID Value: 1.1713777005.1713777005.G-5D80LRC85N.Z3__V3GKuTHl8MHP9iyO7A
.casalemedia.com/	1970-01-21 04:48:33	Name: CMID Value: ZiYpbdHM6KgAAFpnAMtPoAAA
.casalemedia.com/	1970-01-20 22:12:33	Name: CMPS Value: 3416
.casalemedia.com/	1970-01-20 22:12:33	Name: CMPRO Value: 3416
.elfcosmetics.com/	1970-01-20 22:12:33	Name: _rdt_uuid Value: 1713777005780.b28f05e0-fb4a-4cf9-9331-2d1a3689f404
.paypal.com/	1970-01-20 20:03:28	Name: LANG Value: en_US%3BUS
.paypal.com/	1969-12-31 23:59:59	Name: x-pp-s Value: eyJ0IjoiMTcxMzc3NzAwNTcxMiIsImwiOiIwIiwibSI6IjAifQ
.paypal.com/	1970-01-20 20:07:16	Name: tsrce Value: crcpresentmentnodeweb
www.paypal.com/	1969-12-31 23:59:59	Name: nsid Value: s%3ALvzeDW_pIku_WyiZWmRkGctkP_e1ZVqK.GY210aFUINUWwrxgHtf3%2BGb0dHxwMrq4gu9v7znQ4GI
.paypal.com/	1970-01-20 20:02:58	Name: l7_az Value: dcg16.slc
.paypal.com/	1970-01-21 05:38:57	Name: ts Value: vreXpYrS%3D1808385005%26vteXpYrS%3D1713778805%26vr%3D0511d47218f0ad1078b63228fd875ffb%26vt%3D0511d47218f0ad1078b63228fd875ffa%26vtyp%3Dnew
.paypal.com/	1970-01-21 05:38:57	Name: ts_c Value: vr%3D0511d47218f0ad1078b63228fd875ffb%26vt%3D0511d47218f0ad1078b63228fd875ffa
.doubleclick.net/	1970-01-21 00:22:09	Name: receive-cookie-deprecation Value: 1
.elfcosmetics.com/	1970-01-21 04:48:33	Name: hero-session-efcf9631-4c6b-4874-9f76-51f71464249a Value: author=client&expires=1745313005904&visitor=31029a8b-e600-41e7-8bde-432f8ff9bb81
.elfcosmetics.com/	1970-01-20 20:02:58	Name: _cs_s Value: 1.5.0.1713778806188
.elfcosmetics.com/	1970-01-20 20:04:23	Name: _uetsid Value: 1c907450008811efbf683de83abe2e27
.elfcosmetics.com/	1970-01-21 05:24:33	Name: _uetvid Value: 1c90bc50008811ef8a3cd5daf14b1a69
.tiktok.com/	1970-01-21 05:24:33	Name: _ttp Value: 2fRw4Q0uPfaxM4CigDn4PyL62wn
.undertone.com/	1970-01-21 04:48:33	Name: UTID Value: fe7e4758866c4067b05a2953ddbe58d0
.undertone.com/	1970-01-21 04:48:33	Name: UTID_ENC Value: f2ec4gecce12p0lmh12qjirww
.linksynergy.com/	1970-01-21 04:48:33	Name: rmuid Value: c29fa750-4ab4-484e-9504-cef589a92c48
.elfcosmetics.com/	1970-01-20 22:12:33	Name: _fbp Value: fb.1.1713777007649.814071667
.bing.com/	1970-01-21 05:24:33	Name: MUID Value: 1284CA413AB5670605C0DE283B9F6607
.bat.bing.com/	1970-01-20 20:13:01	Name: MR Value: 0
.pinterest.com/	1970-01-21 04:48:33	Name: ar_debug Value: 1
.elfcosmetics.com/	1970-01-21 04:48:33	Name: _pin_unauth Value: dWlkPVl6SmxNekUwTm1JdE9XWXlZaTAwWldZMExXSXlZMlF0T0RNeU1HSTJObVF4WWpJMA
.ct.pinterest.com/	1970-01-21 04:48:33	Name: _pinterest_ct_ua Value: "TWc9PSZrdGlHVVR5Z1lId05wOXNnQi9KanpCNzFYc1BYQUpXM05LY21NSU5VRURpei8wakFLeU9IZzg2NGNLUnhlQVVjcEpLTGtnNURIV2l4dnVkOG9GcTU1SWF4WXIwNUg4bGlPWmFES3NqcXE0WT0mekRicEhXelgvS0YvVEcrcVh3cUVJUFI5dGhzPQ=="
.elfcosmetics.com/	1970-01-21 05:24:33	Name: _tt_enable_cookie Value: 1
.elfcosmetics.com/	1970-01-21 05:24:33	Name: _ttp Value: Y4g7yJ4WCQp6IszSmZg0oGyC-g0
.rlcdn.com/	1970-01-21 04:48:33	Name: rlas3 Value: E78wLHuzu2U37rZTIf3ehJFVgF6N6a92P8RRmbcPWEg=
.rlcdn.com/	1970-01-20 21:29:21	Name: pxrc Value: CPDSmLEGEgUI6AcQABIGCOTrARAA
.linksynergy.com/	1970-01-21 04:48:33	Name: icts Value: 2024-04-22T09:10:08Z
imgs.signifyd.com/	1970-01-21 05:38:57	Name: thx_guid Value: 357286130fc0f26e260069df092c1c24
.elfcosmetics.com/	1970-01-20 20:04:09	Name: FPLC Value: T31%2FZwA7jFz26b4yURYzY0tzUwBUNNrYCXV9qr3logA5HulE6EYHUbAbcuxIMAVtGPxN166evayueVghcNDSbqsKWOzY0OyLN3Mvnli%2BM82yIc1ymL1zwuEv%2BV5J4g%3D%3D
.elfcosmetics.com/	1970-01-21 05:38:57	Name: _scid Value: f33a7b6a-3b54-4493-a736-5f4e8be0b1f6
.cdnwidget.com/	1970-01-21 05:31:45	Name: __3idcontext Value: {"cookieID":"2fRw4ucTWRwYb80gel8VvwD6nTj","deviceID":"2fRqtpICzLfD1UB1eZy6nqeBdzh","iv":"","v":""}
.elfcosmetics.com/	1970-01-21 05:31:45	Name: __idcontext Value: eyJjb29raWVJRCI6IjJmUnc0dWNUV1J3WWI4MGdlbDhWdndENm5UaiIsImRldmljZUlEIjoiMmZScXRwSUN6TGZEMVVCMWVaeTZucWVCZHpoIiwiaXYiOiIiLCJ2IjoiIn0%3D
.bounceexchange.com/	1970-01-20 20:02:58	Name: bounceClientVisit6664c Value: %7B%22vid%22%3A1713777011439544%2C%22did%22%3A%224461377238860516364%22%7D
www.elfcosmetics.com/	1970-01-20 20:02:58	Name: bounceClientVisit6664v Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0ApmAGYDGA9igLYUICWtKZDTRFAdgH0AwjgJVqAWgbNWHaQCc2TNvwCGYFCAA0IBTBA6QbFIIDm9QSgooUbevxjUN13SfMQrNuw6cuKAL5AA

227 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Access to image at 'https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_ Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/1638306756445368?v=2.9.154&r=stable&domain=www.elfcosmetics.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 111) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
alb.reddit.com
analytics.google.com
analytics.tiktok.com
api.bounceexchange.com
api.cquotient.com
api.ipify.org
api.usehero.com
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
cdn.usehero.com
cm.g.doubleclick.net
cnv.event.prod.bidr.io
code.jquery.com
collector-pxxt4gy2ig.px-cloud.net
connect.facebook.net
cosmeticscriminal.ca
ct.pinterest.com
data.cdnbasket.net
dsum-sec.casalemedia.com
elfcosmetics.a.bigcontent.io
events.bouncex.net
external-api.jebbit.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
ib.adnxs.com
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
js.cnnx.link
js.jebbit.com
k-aeu1.contentsquare.net
match.adsrvr.org
page.cdnbasket.net
pd.cdnwidget.com
pixel.pointmediatracker.com
pixel.rubiconproject.com
qoe-1.yottaa.net
s.pinimg.com
sdk.iad-05.braze.com
secure.adnxs.com
sgtm.elfcosmetics.com
simage2.pubmatic.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tags.rd.linksynergy.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aaspapa23jnvm2mz7jguiadlbq35rsqpesa2bf6449f2cf2358sac.d.aa.online-metrix.net
www.elfcosmetics.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
www.youtube.com
cdn-fsly.yottaa.net
k-aeu1.contentsquare.net
simage2.pubmatic.com
104.18.36.155
142.251.16.148
142.251.16.149
15.197.193.217
151.101.0.84
151.101.129.21
151.101.193.140
151.101.65.35
151.101.66.133
165.254.198.211
165.254.56.168
172.253.122.155
172.253.122.156
172.67.74.152
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
2001:4860:4802:38::181
204.2.50.19
23.212.249.197
23.47.22.7
2600:1408:c400:383::1931
2600:1901:0:56e0::
2600:9000:21a2:6c00:11:85b0:d600:93a1
2600:9000:21a2:7800:a:7914:b00:93a1
2600:9000:269f:7400:15:ad21:c740:93a1
2600:9000:269f:e600:13:d6f4:3240:93a1
2600:9000:26a0:2a00:a:b89d:a6c0:93a1
2606:4700:4400::6812:205a
2606:4700:4400::6812:2089
2606:4700:4400::6812:26d1
2606:4700:4400::ac40:91b7
2606:4700:4400::ac40:965f
2606:4700::6813:b234
2607:f8b0:4004:c17::be
2607:f8b0:4004:c19::61
2607:f8b0:4004:c19::9c
2607:f8b0:4004:c1b::5e
2607:f8b0:4004:c1b::9a
2607:f8b0:4004:c1d::63
2607:f8b0:4004:c1d::71
2620:1ec:c11::237
2a03:2880:f003:c0e:face:b00c:0:3
2a03:2880:f103:83:face:b00c:0:25de
2a04:4e42:400::649
2a04:4e42::396
3.161.213.65
3.162.3.47
3.162.3.87
34.102.147.248
34.111.8.32
34.117.93.237
34.120.253.250
34.149.130.207
34.225.38.119
34.232.82.191
34.249.47.228
34.49.124.132
34.96.126.215
34.96.74.85
34.98.67.3
34.98.72.95
35.190.10.96
35.244.154.8
44.197.106.9
44.209.94.203
52.73.200.224
54.237.131.176
68.67.160.26
8.43.72.98
009342098f06d5ae7b2186f1076fab177d05b5a481ffe1190535fe501c1cae68
0107f7c7bd2635c376a31fd288f1f01146dbe07a6814f6de62956feb4c276b6f
018f00241e2ed29200198289fed411722bca5d8f91cd2dd6168c8d6741cefd69
01e9582655224c83e6c075f44b7eecb135e108b6ad2150bf6f78a0a77c4ad5e0
03f75fe69f0db79ae7b1f31af46cf0eb412c23d8d0a19cb8b1cf16a35fcf7ca1
076683926007bf1b9209c78cd7df9d96d5cade2843731eb2ffe5b181af6e6cb9
09fcb5ca869fa058839fa9b9f9f7eacb5b131b00ef43f0c0f86508f9480f0b26
0b2f3284731451436ae24019f5bced6829fc4f1c005ba21e4694a6dbc6e98f8c
0ce9fb17074b954a06fc54f99d41dd29e2b613c7d843577775dafdf870cc00ac
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a
19cc1cced30687035cb740cbbf86a4c2d7c5085ca95e3fdef76d7e28d35af57d
1bf6f14d5949585a6da3ba974b355ae9c55a099b2dca8a3cb2695b1fe804eea0
1c2cdad2aa4655d406e0c845b39c86f4c646e0f250dbddf0a1057ad6177553d9
1d959f985f144d73bf7e483dc5b5027417eb785966a53fb8b1378979c43d6f90
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
227ae61dd515aedc028b23d5d57498bf67cbb18668f87aafa04de256ba1b5d94
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697
29dc36d07a779a9ec991dffd8404ee1cf0fb61875a7bcb9c1277d730aeffdaab
2a34c585b687cf0ffbe166649496eb072159e73bebe56216ee0c2fcd386149f4
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
329a5e6b08a931ac1df4877349d5fb131ee553dd231dad91850a0422d7d89dd8
33f9d826ec75c6446aa7da4c19c2cf446003c5d5e30e5927eec1aded7b413e9d
377e5d1ccadd71e93ad1eccf2a768fffd06365f859665580ef73cef261c262f1
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
3a0cb24163d51976d5904bac47f896454a8bdbd333ebccc00ca9805645b165c4
41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed
42997132bd0142564014ac4a809356dc0ceb9b7a90eede2b5b48019f1700cc58
45a5d600f2b5443a9cb77612666c44b4426ddc140b38d899a0fe8a2ac6303170
48eac18ec8b1c06a5b11f38fbf38abf0d52f42b46f0c17a6250872645845dd82
498ea43ee2b31ee61f58f43b798dfaec6eb59b63fefdfaa7c01bba897ba57a33
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
55baa715ccc8c2512bceb1c949c1d0927944ca327e7edd2d5fc312d2a41986e4
59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df
5bd6b502fae9a1f0f71f9ce361cdf0d01ccc35b86e98ee06fa144bd670339569
5f863668aeca72e75de7250d4c5c8722394cd8188bf70edfefdc51e1cb3b862d
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fcc27d86413eb4682a9c5392e8938f5c90ac54c3938360d5ac1db40e8bf6474
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
62e7cb03e8f65ceb4f43a5a56a3b9c3950158fae3fea85699e3f4c68672f4c2f
65c9e34fa469e61be320cd10500f8592a33b307af08aa332df3c8cfe88cf8d7d
66707b7434e14fc523f2fc692e4a190958a02598dd3d9c45ec0f65f90091727b
68f6710cb2cc63e278cd3be6a0593c700b3ac346e36c1d636c5c13374dc20e91
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6982e83b9ea7682534a77808bc53b3e516bc5d26dc406de1a2ea81c2fdf63a33
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
6cbda453a5f8a1d851d55c0fe673b992cdf39e211ab31b1b4f6c290731b4a362
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544
736ec1fceccf675f5082662be789e53be1c78d00c8ca683a976d769ee581a790
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
7586f9164e6bc95d916e3828d687c85f77cf253b34a5908fffa5f6f17dfd0d72
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85461719c1f6479769151df8cad3514d6819310afbe893ec9fc124501c5b1697
85b38e7085ac3e5d7b57603c31d75140522fa3a4a70c0a944ad7337b80451e1a
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
870b5ed01284909cc7fbc57b01ed300d8946070401328199e50d3f5fc376df80
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d
8add184e36bdf719545387283b61f9fb297b6333aef824170bea1f32d5943615
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77
9f2461f7629a9751a8ce13d4fa6465bd4dade527356dedaa1e07be6712694ec4
a0e1f68cb48f0896e7940cc0a70c1ff76155cd44ed8aef2f4406c8f9da7979b6
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a54234f412b9bfdc07fcbd75a6e3e22c0f89f89f861ea0e6e6a96c7048834c41
a7c9377b659a6085ae7692459706c2e40f936ee3110ada12b818d3ab3c4ed68b
a869fe8cddaf23f1ee50724c35748cefb30c697095b2cf4a231033cb8f43b4ab
a938eea663af09f75118101cf9061107fbef7c4770d7d123c71e33c52c565139
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2e0bde8a120edcd0e126c139ff4c62dc420e43a86bb9e22c92044fdda3fc3ef
b3ae86d8fbcc84609de7b5bfe595b16a556a015462d9c74be57e2da19df9a63a
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b4fa8c9378d9dbd823f033e64101ab85cdfec1e0adf456c68b50ceabb6452591
b4fc8d22d940bdf3aa7fe9648494c3feac6a995bcec60831b8dd1c4c95719bd4
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bcb200189a4d9d85fdd5d2b7baed695287012a6727a98245613633d80d32b1b9
c259a0900a6ec6c80a27247e1c5de5429f99ade9d54de534aab83dd73e6d4fad
c35e6b899389cf76f7b026a545a741757f12c0ac3aa16b799129288c73bb1f29
c6b243117e6ff2250376ec7c2bac7d8ae7379a0f447d05b4df06c8de2eb1f338
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca727c9d9c5d3ffa9fc01a2c57d612263a5ef4138da8d9b8e76e354835882466
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
ced90899f2c35db79eddfbcefad19b3131b471e291767c77cfddfa445d8b68a7
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d46c6843838f08abb96e1309d5f48505a57781b1bfc928294709696acfae8b18
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d7003226e2fea50e6765c46fe1bdacfe3a16adedd6c7a2530fef876c2356cf9f
d9cf980362b0a6a0e97292779756ddef441698775c3e41c6376adc32a0687705
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de4c69e340960eb3472db636f541e7f04b6482965dda55ac281535efe8e03ea7
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
e126a64544d4259873e83d18a5d93e51bc233860d0a5e7412f1bef9adbb6315c
e2e032414af88512367db0555f566e941050b9618167bb97dc795e7635f1fd71
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e6c79e72683ebef227c5767d4a239deac31faa1188dcbc23942813397e8298f2
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10699f59e4285b87af5097e4ba9e470ee29b4f3487fa767f2818bdbbdd6bb14
f4792525e21308c736bdd2d13fe0fc7da8c35c67fab2403c4d02088de729c60d
f728b2a3472bdb7b12fe2b3ad324f86306d5ebfd9a22970cdb9d75865437181f
f7946dea8d21c37f3206bb7a0d16d78ce2dba8ae76144eba2c5ba27ada695e38
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f7f7d48fa4ef27a882d9690c581637c5f56c8f0870e7d375a333c6604b54c432
fa231056681e8d80c926f3a7c027699435f2dac18f21543b74fc144912bd88f4
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616
ff4e16e0f34624fec4fa1d76b55e5f86bbd348dd117ea2acdfa1f0b86b059ee8

www.elfcosmetics.com Open in urlscan Pro 165.254.56.168 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

213 Requests

93 %HTTPS

37 %IPv6

52 Domains

78 Subdomains

65 IPs

3 Countries

9931 kBTransfer

19310 kBSize

97 Cookies

15 Outgoing links

Page URL History

Redirected requests

213 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.elfcosmetics.com Open in urlscan Pro
165.254.56.168 Public Scan

Screenshot
Live screenshot

Full Image

213
Requests

93 %
HTTPS

37 %
IPv6

52
Domains

78
Subdomains

65
IPs

3
Countries

9931 kB
Transfer

19310 kB
Size

97
Cookies

213 HTTP transactions
3 data transactions