www.elfcosmetics.com Open in urlscan Pro
140.174.12.225 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.cosmeticcriminals.ca/
Effective URL:
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Submission: On July 04 via api (July 4th 2024, 2:55:43 pm UTC) from US — Scanned from CA

Summary HTTP 194 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 60 IPs in 3 countries across 48 domains to perform 194 HTTP transactions. The main IP is 140.174.12.225, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 103291.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.

This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	204.141.88.73 204.141.88.73	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1 1	165.254.198.211 165.254.198.211	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1 15	140.174.12.225 140.174.12.225	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
2 10	2600:1408:ec0... 2600:1408:ec00:12::1730:6845	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2606:4700:440... 2606:4700:4400::6812:26d1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4004:c09::be	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
3	2607:f8b0:400... 2607:f8b0:4004:c08::be	15169 (GOOGLE) (GOOGLE)
3	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
7	2606:4700:440... 2606:4700:4400::ac40:965f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2606:4700::68... 2606:4700::6813:b134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2607:f8b0:400... 2607:f8b0:4004:c1f::61	15169 (GOOGLE) (GOOGLE)
3	2600:9000:219... 2600:9000:2191:4e00:a:b89d:a6c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	104.26.13.205 104.26.13.205	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	2607:f8b0:400... 2607:f8b0:4004:c21::69	15169 (GOOGLE) (GOOGLE)
1 2	2607:f8b0:400... 2607:f8b0:400d:c0d::9d	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:250... 2600:9000:2508:ee00:15:ad21:c740:93a1	16509 (AMAZON-02) (AMAZON-02)
2	54.197.150.242 54.197.150.242	14618 (AMAZON-AES) (AMAZON-AES)
3	2606:4700:440... 2606:4700:4400::ac40:91b7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	18.165.83.78 18.165.83.78	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:247... 2600:9000:2479:f000:11:85b0:d600:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	23.20.145.69 23.20.145.69	14618 (AMAZON-AES) (AMAZON-AES)
1	13.249.39.52 13.249.39.52	16509 (AMAZON-02) (AMAZON-02)
3 4	68.67.160.26 68.67.160.26	29990 (ASN-APPNEX) (ASN-APPNEX)
4 4	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 1	69.173.146.5 69.173.146.5	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	74.125.192.154 74.125.192.154	15169 (GOOGLE) (GOOGLE)
1 2	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	204.2.131.138 204.2.131.138	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1	34.102.147.248 34.102.147.248	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	151.101.129.21 151.101.129.21	54113 (FASTLY) (FASTLY)
1	23.9.177.190 23.9.177.190	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.85.132.57 52.85.132.57	16509 (AMAZON-02) (AMAZON-02)
2	108.138.64.116 108.138.64.116	16509 (AMAZON-02) (AMAZON-02)
2	2a04:4e42:77::84 2a04:4e42:77::84	54113 (FASTLY) (FASTLY)
2	2a03:2880:f00... 2a03:2880:f003:c0e:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
3	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
14	23.205.107.69 23.205.107.69	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2600:9000:20e... 2600:9000:20e2:2e00:a:7914:b00:93a1	16509 (AMAZON-02) (AMAZON-02)
1	34.120.253.250 34.120.253.250	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2607:f8b0:400... 2607:f8b0:4004:c1d::8a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c1b::9c	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4004:c19::5e	15169 (GOOGLE) (GOOGLE)
5	192.229.210.155 192.229.210.155	15133 (EDGECAST) (EDGECAST)
4	34.49.124.132 34.49.124.132	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	34.98.67.3 34.98.67.3	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	34.198.143.176 34.198.143.176	14618 (AMAZON-AES) (AMAZON-AES)
1 1	172.217.222.154 172.217.222.154	15169 (GOOGLE) (GOOGLE)
2	172.253.115.149 172.253.115.149	15169 (GOOGLE) (GOOGLE)
2 4	173.194.68.148 173.194.68.148	15169 (GOOGLE) (GOOGLE)
1	46.51.207.194 46.51.207.194	16509 (AMAZON-02) (AMAZON-02)
2	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
1	34.237.117.238 34.237.117.238	14618 (AMAZON-AES) (AMAZON-AES)
14	192.225.157.157 192.225.157.157	30286 (THM) (THM)
2 2	35.244.154.8 35.244.154.8	15169 (GOOGLE) (GOOGLE)
11	34.98.72.95 34.98.72.95	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6	23.220.128.196 23.220.128.196	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a03:2880:f10... 2a03:2880:f103:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	35.201.66.85 35.201.66.85	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.107.212.52 34.107.212.52	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.117.235.44 34.117.235.44	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	192.225.158.1 192.225.158.1	30286 (THM) (THM)
1	192.225.158.3 192.225.158.3	30286 (THM) (THM)
1	2600:1901:0:5... 2600:1901:0:56e0::	15169 (GOOGLE) (GOOGLE)
2	34.149.130.207 34.149.130.207	15169 (GOOGLE) (GOOGLE)
7	34.111.8.32 34.111.8.32	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
194	60

1 204.141.88.73 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

www.cosmeticcriminals.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 165.254.198.211 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

www.cosmeticcriminals.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 140.174.12.225 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

www.elfcosmetics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:1408:ec00:12::1730:6845 (Ashburn, United States) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)

cdn.media.amplience.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:26d1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.static.amplience.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c09::be (Washington, United States)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c08::be (Washington, United States)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.194.133 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn-fsly.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:4400::ac40:965f (United States)

ASN13335 (CLOUDFLARENET, US)

sdk.iad-05.braze.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6813:b134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4004:c1f::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2191:4e00:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.13.205 (None, )

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c21::69 (Washington, United States) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:400d:c0d::9d (Morganton, United States) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2508:ee00:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)

st.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.197.150.242 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-150-242.compute-1.amazonaws.com

api.cquotient.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:91b7 (United States)

ASN13335 (CLOUDFLARENET, US)

elfcosmetics.a.bigcontent.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.165.83.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-83-78.iad55.r.cloudfront.net

async-px.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2479:f000:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.cnnx.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.20.145.69 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-20-145-69.compute-1.amazonaws.com

pixel.pointmediatracker.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.249.39.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-39-52.iad89.r.cloudfront.net

cdn.blisspointmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.160.26 (Colonia, United States) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.223.40.198 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.146.5 (United States) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.192.154 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: qn-in-f154.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.36.155 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.2.131.138 (United States)

ASN393259 (YOTTAA-AS-1, US)

qoe-1.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com

tag.rmp.rakuten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.129.21 (San Francisco, United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.9.177.190 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-9-177-190.deploy.static.akamaitechnologies.com

static.ordergroove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.132.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-132-57.iad50.r.cloudfront.net

t.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.64.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-64-116.iad12.r.cloudfront.net

cdn-scripts.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:77::84 (United States)

ASN54113 (FASTLY, US)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f003:c0e:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 23.205.107.69 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-205-107-69.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20e2:2e00:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.jebbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com

tag.wknd.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1d::8a (Washington, United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1b::9c (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c19::5e (Washington, United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.229.210.155 (United States)

ASN15133 (EDGECAST, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.49.124.132 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 132.124.49.34.bc.googleusercontent.com

sgtm.elfcosmetics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com

ut.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.198.143.176 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-198-143-176.compute-1.amazonaws.com

c.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.222.154 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: qi-in-f154.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.115.149 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f149.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 173.194.68.148 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: qr-in-f148.1e100.net

9231397.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
10742279.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.51.207.194 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-46-51-207-194.eu-west-1.compute.amazonaws.com

srm.ba.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.237.117.238 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-117-238.compute-1.amazonaws.com

external-api.jebbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 192.225.157.157 (United States)

ASN30286 (THM, US)

imgs.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.154.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.220.128.196 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-220-128-196.deploy.static.akamaitechnologies.com

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f103:83:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.66.85 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 85.66.201.35.bc.googleusercontent.com

data.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.212.52 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 52.212.107.34.bc.googleusercontent.com

page.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.235.44 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 44.235.117.34.bc.googleusercontent.com

view.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.225.158.1 (United States)

ASN30286 (THM, US)

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.225.158.3 (United States)

ASN30286 (THM, US)

w2txo5aazlqikf67q2i3mrtkt3ywitpyut4avlfs9c349399d350e841sac.d.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:56e0:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

ids.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.130.207 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 207.130.149.34.bc.googleusercontent.com

pd.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
idr.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com

api.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
events.bouncex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	elfcosmetics.com 1 redirects www.elfcosmetics.com — Cisco Umbrella Rank: 103291 sgtm.elfcosmetics.com — Cisco Umbrella Rank: 250639	307 KB
16	signifyd.com cdn-scripts.signifyd.com — Cisco Umbrella Rank: 8738 imgs.signifyd.com — Cisco Umbrella Rank: 7238	74 KB
14	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 787	247 KB
12	bounceexchange.com assets.bounceexchange.com — Cisco Umbrella Rank: 2825 api.bounceexchange.com — Cisco Umbrella Rank: 3129	305 KB
12	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 378	170 KB
12	amplience.net 2 redirects cdn.media.amplience.net — Cisco Umbrella Rank: 15878 cdn.static.amplience.net — Cisco Umbrella Rank: 46119	6 MB
10	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 70 cm.g.doubleclick.net — Cisco Umbrella Rank: 274 stats.g.doubleclick.net — Cisco Umbrella Rank: 136 ad.doubleclick.net — Cisco Umbrella Rank: 164 9231397.fls.doubleclick.net — Cisco Umbrella Rank: 314306 10742279.fls.doubleclick.net — Cisco Umbrella Rank: 312768	3 KB
10	dynamicyield.com cdn.dynamicyield.com — Cisco Umbrella Rank: 9513 st.dynamicyield.com — Cisco Umbrella Rank: 8959 async-px.dynamicyield.com — Cisco Umbrella Rank: 9234	264 KB
7	paypal.com www.paypal.com — Cisco Umbrella Rank: 3110 t.paypal.com — Cisco Umbrella Rank: 3894	126 KB
7	braze.com sdk.iad-05.braze.com — Cisco Umbrella Rank: 2837	1 KB
6	bouncex.net events.bouncex.net — Cisco Umbrella Rank: 2613	584 B
6	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 913	5 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 81	496 KB
5	youtube.com www.youtube.com — Cisco Umbrella Rank: 96	13 KB
4	contentsquare.net t.contentsquare.net — Cisco Umbrella Rank: 3715 c.contentsquare.net — Cisco Umbrella Rank: 4692 srm.ba.contentsquare.net — Cisco Umbrella Rank: 21163	81 KB
4	adsrvr.org 4 redirects insight.adsrvr.org — Cisco Umbrella Rank: 1062 match.adsrvr.org — Cisco Umbrella Rank: 405	2 KB
4	adnxs.com 3 redirects secure.adnxs.com — Cisco Umbrella Rank: 527 ib.adnxs.com — Cisco Umbrella Rank: 279	4 KB
4	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 5 analytics.google.com — Cisco Umbrella Rank: 174	95 B
4	yottaa.net cdn-fsly.yottaa.net — Cisco Umbrella Rank: 26578 Failed qoe-1.yottaa.net — Cisco Umbrella Rank: 12022	1 MB
3	cdnwidget.com ids.cdnwidget.com — Cisco Umbrella Rank: 4517 pd.cdnwidget.com — Cisco Umbrella Rank: 4397 idr.cdnwidget.com — Cisco Umbrella Rank: 9295	1 KB
3	cdnbasket.net data.cdnbasket.net — Cisco Umbrella Rank: 6004 page.cdnbasket.net — Cisco Umbrella Rank: 6019 view.cdnbasket.net — Cisco Umbrella Rank: 6008	1014 B
3	google.ca www.google.ca — Cisco Umbrella Rank: 8928	190 B
3	jebbit.com js.jebbit.com — Cisco Umbrella Rank: 60847 external-api.jebbit.com — Cisco Umbrella Rank: 61619	61 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 361	14 KB
3	bigcontent.io elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 230074	8 KB
2	online-metrix.net h.online-metrix.net — Cisco Umbrella Rank: 2940 h64.online-metrix.net Failed w2txo5aazlqikf67q2i3mrtkt3ywitpyut4avlfs9c349399d350e841sac.d.aa.online-metrix.net	438 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 114	4 KB
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2807	16 KB
2	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 495	841 B
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 2076 alb.reddit.com — Cisco Umbrella Rank: 1406	763 B
2	linksynergy.com ut.rd.linksynergy.com — Cisco Umbrella Rank: 9655 tags.rd.linksynergy.com — Cisco Umbrella Rank: 5952	701 B
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1200	13 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 204	74 KB
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 1130	25 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 682	2 KB
2	cquotient.com api.cquotient.com — Cisco Umbrella Rank: 41751	520 B
2	ipify.org api.ipify.org — Cisco Umbrella Rank: 2418	228 B
2	cosmeticcriminals.ca 2 redirects www.cosmeticcriminals.ca	856 B
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 133	23 B
1	wknd.ai tag.wknd.ai — Cisco Umbrella Rank: 4085	6 KB
1	ordergroove.com static.ordergroove.com — Cisco Umbrella Rank: 33195	43 KB
1	rakuten.com tag.rmp.rakuten.com — Cisco Umbrella Rank: 8585	15 KB
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 432	2 KB
1	blisspointmedia.com cdn.blisspointmedia.com — Cisco Umbrella Rank: 9872	1 KB
1	pointmediatracker.com 1 redirects pixel.pointmediatracker.com — Cisco Umbrella Rank: 10148	429 B
1	cnnx.link js.cnnx.link — Cisco Umbrella Rank: 10517	1 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 653	306 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 816	24 KB
194	48

	Domain	Requested by
15	www.elfcosmetics.com	1 redirects www.elfcosmetics.com cdn-fsly.yottaa.net
14	imgs.signifyd.com	www.elfcosmetics.com imgs.signifyd.com
14	analytics.tiktok.com	www.elfcosmetics.com analytics.tiktok.com
12	cdn.cookielaw.org	cdn-fsly.yottaa.net cdn.cookielaw.org www.elfcosmetics.com
11	assets.bounceexchange.com	www.elfcosmetics.com
10	cdn.media.amplience.net	2 redirects www.elfcosmetics.com
7	sdk.iad-05.braze.com	cdn-fsly.yottaa.net
6	events.bouncex.net
6	ct.pinterest.com	t.contentsquare.net www.elfcosmetics.com
6	async-px.dynamicyield.com	cdn.dynamicyield.com
5	www.paypal.com	www.elfcosmetics.com www.paypal.com
5	www.googletagmanager.com	www.elfcosmetics.com
5	www.youtube.com	www.elfcosmetics.com
4	sgtm.elfcosmetics.com	www.googletagmanager.com t.contentsquare.net
3	www.google.ca
3	bat.bing.com	www.elfcosmetics.com
3	match.adsrvr.org	3 redirects
3	elfcosmetics.a.bigcontent.io	www.elfcosmetics.com
3	cdn.dynamicyield.com	www.elfcosmetics.com
3	cdn-fsly.yottaa.net	www.elfcosmetics.com
2	www.facebook.com
2	www.paypalobjects.com	www.elfcosmetics.com
2	idsync.rlcdn.com	2 redirects
2	t.paypal.com
2	10742279.fls.doubleclick.net	1 redirects www.elfcosmetics.com
2	9231397.fls.doubleclick.net	1 redirects www.elfcosmetics.com
2	ad.doubleclick.net
2	c.contentsquare.net
2	analytics.google.com	www.googletagmanager.com
2	js.jebbit.com	www.elfcosmetics.com
2	www.redditstatic.com	www.elfcosmetics.com t.contentsquare.net
2	connect.facebook.net	www.elfcosmetics.com
2	s.pinimg.com	www.elfcosmetics.com
2	cdn-scripts.signifyd.com	www.elfcosmetics.com
2	dsum-sec.casalemedia.com	1 redirects
2	ib.adnxs.com	2 redirects
2	secure.adnxs.com	1 redirects
2	api.cquotient.com	cdn-fsly.yottaa.net
2	googleads.g.doubleclick.net	1 redirects www.elfcosmetics.com
2	www.google.com	2 redirects
2	api.ipify.org	cdn-fsly.yottaa.net
2	cdn.static.amplience.net	www.elfcosmetics.com
2	www.cosmeticcriminals.ca	2 redirects
1	idr.cdnwidget.com
1	api.bounceexchange.com	www.elfcosmetics.com
1	pd.cdnwidget.com	t.contentsquare.net
1	ids.cdnwidget.com	t.contentsquare.net
1	w2txo5aazlqikf67q2i3mrtkt3ywitpyut4avlfs9c349399d350e841sac.d.aa.online-metrix.net
1	h.online-metrix.net	imgs.signifyd.com
1	view.cdnbasket.net	t.contentsquare.net
1	page.cdnbasket.net	t.contentsquare.net
1	data.cdnbasket.net	t.contentsquare.net
1	tags.rd.linksynergy.com
1	external-api.jebbit.com	t.contentsquare.net
1	alb.reddit.com
1	pixel-config.reddit.com	t.contentsquare.net
1	srm.ba.contentsquare.net	t.contentsquare.net
1	www.googleadservices.com	1 redirects
1	ut.rd.linksynergy.com	www.elfcosmetics.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	tag.wknd.ai	www.elfcosmetics.com
1	t.contentsquare.net	www.elfcosmetics.com
1	static.ordergroove.com	www.elfcosmetics.com
1	tag.rmp.rakuten.com	www.elfcosmetics.com
1	qoe-1.yottaa.net	www.elfcosmetics.com
1	cm.g.doubleclick.net	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	insight.adsrvr.org	1 redirects
1	cdn.blisspointmedia.com
1	pixel.pointmediatracker.com	1 redirects
1	js.cnnx.link	www.googletagmanager.com
1	st.dynamicyield.com	www.elfcosmetics.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	code.jquery.com	www.elfcosmetics.com
0	h64.online-metrix.net Failed	imgs.signifyd.com
194	75

This site contains links to these domains. Also see Links.

Domain
cdn.dynamicyield.com
st.dynamicyield.com
rcom.dynamicyield.com
www.tiktok.com
www.instagram.com
www.pinterest.com
www.facebook.com
www.youtube.com
twitter.com
www.snapchat.com
www.linkedin.com
www.elfbeauty.com
preferences.elfcosmetics.com
www.onetrust.com

Subject Issuer	Validity	Valid
*.elfcosmetics.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-25` - `2024-10-25`	a year	crt.sh
dm.amplience.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-20` - `2024-08-14`	a year	crt.sh
*.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
*.yottaa.net GlobalSign RSA OV SSL CA 2018	`2023-09-13` - `2024-10-14`	a year	crt.sh
sdk.iad-05.braze.com WE1	`2024-06-17` - `2024-09-15`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
*.google-analytics.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.dynamicyield.com Amazon RSA 2048 M02	`2023-09-03` - `2024-10-01`	a year	crt.sh
ipify.org GTS CA 1P5	`2024-05-19` - `2024-08-17`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
*.cquotient.com Amazon RSA 2048 M02	`2024-03-05` - `2025-04-02`	a year	crt.sh
*.bigcontent.io GeoTrust TLS RSA CA G1	`2024-04-02` - `2025-05-03`	a year	crt.sh
js.cnnx.link Amazon RSA 2048 M02	`2024-06-09` - `2025-07-08`	a year	crt.sh
tag.rmp.rakuten.com WR3	`2024-05-29` - `2024-08-27`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2024-02-08` - `2025-02-08`	a year	crt.sh
*.ordergroove.com Go Daddy Secure Certificate Authority - G2	`2023-08-04` - `2024-08-17`	a year	crt.sh
t.contentsquare.net Amazon RSA 2048 M01	`2023-09-13` - `2024-10-11`	a year	crt.sh
cdn-scripts.signifyd.com Amazon RSA 2048 M02	`2024-06-02` - `2025-06-30`	a year	crt.sh
*.pinterest.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-31` - `2024-08-07`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-04-12` - `2024-07-11`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-23` - `2024-11-18`	6 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
*.tiktok.com RapidSSL ECC CA 2018	`2023-07-14` - `2024-08-13`	a year	crt.sh
*.jebbit.com Amazon RSA 2048 M02	`2024-04-23` - `2025-05-21`	a year	crt.sh
tag.wknd.ai R3	`2024-05-18` - `2024-08-16`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.google.ca WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
sgtm.elfcosmetics.com WR3	`2024-05-14` - `2024-08-13`	3 months	crt.sh
*.rd.linksynergy.com ZeroSSL RSA Domain Secure Site CA	`2024-01-23` - `2025-01-22`	a year	crt.sh
dep.bf.contentsquare.net Amazon RSA 2048 M03	`2024-02-18` - `2025-03-19`	a year	crt.sh
*.doubleclick.net WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
srm.ba.contentsquare.net Amazon RSA 2048 M02	`2023-11-07` - `2024-12-06`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-05-30` - `2024-11-26`	6 months	crt.sh
imgs.signifyd.com Go Daddy Secure Certificate Authority - G2	`2023-10-20` - `2024-11-20`	a year	crt.sh
assets.bounceexchange.com WR3	`2024-05-18` - `2024-08-16`	3 months	crt.sh
data.cdnbasket.net WR3	`2024-07-02` - `2024-09-30`	3 months	crt.sh
page.cdnbasket.net GTS CA 1D4	`2024-05-11` - `2024-08-09`	3 months	crt.sh
view.cdnbasket.net GTS CA 1D4	`2024-05-15` - `2024-08-13`	3 months	crt.sh
online-metrix.net Viking Cloud Organization Validation CA, Level 1	`2024-03-20` - `2024-10-21`	7 months	crt.sh
*.aa.online-metrix.net Viking Cloud Organization Validation CA, Level 1	`2024-03-20` - `2024-10-21`	7 months	crt.sh
ids.cdnwidget.com R3	`2024-05-11` - `2024-08-09`	3 months	crt.sh
pd.cdnwidget.com R3	`2024-05-11` - `2024-08-09`	3 months	crt.sh
*.wunderkind.co R3	`2024-06-03` - `2024-09-01`	3 months	crt.sh
idr.cdnwidget.com R3	`2024-05-11` - `2024-08-09`	3 months	crt.sh

This page contains 13 frames:

Primary Page: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Frame ID: EF68DA06D05490A8F1CE2A317873C0C2
Requests: 168 HTTP requests in this frame

Frame: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Frame ID: F6EC972D722BDF9C43F81D9187E62CB2
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: 26442A7A909BED67190B52FAE265508A
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.64.8&integrationType=SDK
Frame ID: AD498E1FCC14FCB2FCEF36AC9A9B2271
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=COntoJ3SjYcDFS7c_QUdpxAEBw;src=9231397;type=retarget;cat=globa0;ord=9435449244224;npa=1;auiddc=1284689265.1720104930;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1750319717;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 5B050C371E176DDD2477721596572728
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CNWntp3SjYcDFUnh_QUdB2cBmw;src=10742279;type=elf8j0;cat=glo_flap;ord=3746348894507;npa=1;auiddc=1284689265.1720104930;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1361191857;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 9A3DFFFBA605DD79FB71F8421D2539A0
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 18B0C7D63F9E5E7812653569CA98A0B2
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 25F94C692F461B94D3282FBD9207849A
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/AU_Uit479tK1ZfYw?953c1bb3024134a8=WvCdyDuZuPvf9SdTRbjtZOCqaY9PWB_EogMxBGyIjYgygNCmqv91I84MptKagIQOn7gevOxTt4qLfLuKTY7TwfBclbIPh0Ow-fRbUdCCcaPBalDW8b7-1CDqspRlhgpPpAHkpK7YYE-9_fV3sBZhMtenoAhrhY_eLxTrSzSJtqX_CC9sda5YFQQb8YiQE4jVg8XNaTQE6BAGVct7AgkM0rve4a8&jb=3d3b2426627365773555696c6e6d77712c607967355763666e6575792d3238333b2c6a7b6a773f4b6272676d6d2468736a3d496a7a6d6d672f303033383c
Frame ID: CEE0E17931C696A827498FD3573A5DF4
Requests: 13 HTTP requests in this frame

Frame: https://imgs.signifyd.com/Fs7ULrPiCErVaDnp?3abe4b16a748f8d7=xWcJFHUVJyLyFHOeXLQvXcrBnMHWoud1z-q8LbcQesb0yx-Kt5_kWr4hwDvJN2pMjT3hPjeTlzDKJvY4kW7MUY3Mf4HBM4-2oPzH8FYYQmKQ9mYnLAupv4dCKbTiPBV5ZhBdUuAaJtQMFVtzQt9BQLbVgCfMUjp37okS-7PJKFdRGyaNyL3uOwP5UD0CgOYSQwLGhyjwReCkUW302dKj9LhDswpzSg
Frame ID: 815179E34AC5A32494A73B30356F47AE
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/4nSBvCL5cm_R1-mU?ead727207879df63=dJuH0pLdqutYgJI0nQKKwBHBpXqPDYLl1GHVvbAf1ruUgqMkr__vIIIr_vbEgFYliH2yK5fL4G68pO4QTOfnvhtDfqIdjIuPFggXFPVDxYMJ8cfm8fNNqFDrBtfvJjsuObtf5c1hrEg9v-TEo_bePqY5ri28BKRoBw2YmUoYRqWhY34tFB6mklvRmu6IXau5tLykHUwyH6TWsbTTuyTFkCL3WdIu8bM
Frame ID: 22D43E1D06692B8E11CEC8A006CC746F
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/48BZaQhtx9NKBYhA?b382c544a730578f=KhIerGQYcyGZH4dkYrjNC7fNaTl1p_bNBEJ7Rn9Tb3rSvVe1pcQGS0CBuYda_WRKWUB2PQGSkU_sgyMVGv569rh_yOw9j7KR_SVbywt-aDmtgXT93v5-26ZQmE_q8tFM-4sp4u9syyWqoF_YjoP53ra3sBfLdFntPKbWH2JwgBxAPsd6L3uWGkgq59z4eHWX7yCWl58MkxHQKw0U666DWKPHYJ6fVw0
Frame ID: 7D24DB853AD5D4A7DD0CBBD0B25CA4FA
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: 0C31784208FEC68C31B94D885568CE87
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cosmetic Criminals | e.l.f. Cosmetics

Page URL History Show full URLs

http://www.cosmeticcriminals.ca/ HTTP 307
https://www.cosmeticcriminals.ca/ HTTP 301
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals HTTP 307
http://www.cosmeticcriminals.ca/ HTTP 301
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Dynamic Yield (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

cdn\.dynamicyield\.\w+/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Rakuten (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

tag\.rmp\.rakuten\.com

basket.js (JavaScript Libraries) Expand

Overall confidence: 10%
Detected patterns

basket.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

194
Requests

94 %
HTTPS

37 %
IPv6

48
Domains

75
Subdomains

60
IPs

3
Countries

9826 kB
Transfer

20027 kB
Size

91
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://cdn.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://st.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://rcom.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@elfyeah/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/eyeslipsfacedotcom

Search URL Search Domain Scan URL

URL: https://twitter.com/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.snapchat.com/add/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/e-l-f-beauty

Search URL Search Domain Scan URL

URL: https://www.elfbeauty.com/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.elfbeauty.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://preferences.elfcosmetics.com/privacy
Title: Privacy Rights Request Form

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.cosmeticcriminals.ca/ HTTP 307
https://www.cosmeticcriminals.ca/ HTTP 301
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals HTTP 307
http://www.cosmeticcriminals.ca/ HTTP 301
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4

Request Chain 15

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4

Request Chain 29

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=n7rLjsCD62DqDwA-QOzoqLQ8VVRWijyCFWKwIV5hTuI HTTP 303
https://www.elfcosmetics.com/callback?usid=7947c963-e43f-4b7b-a2fe-ddb57140a896&code=1dPTl-rbhPRh37i4sCWo65NQz1QyVSB5oVfGLjf4-F4

Request Chain 31

https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&tag_exp=0&rnd=1403218045.1720104930&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4730n81WL3STMXv896608294za200&auid=1284689265.1720104930 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&tag_exp=0&rnd=1403218045.1720104930&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4730n81WL3STMXv896608294za200&auid=1284689265.1720104930

Request Chain 73

https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=d5118d3c-9316-4191-bfb1-3a53012b343c&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=55699269 HTTP 302
https://cdn.blisspointmedia.com/assets/img/pixel.gif

Request Chain 74

https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2

Request Chain 75

https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=57e233ba-1074-4376-84b0-175016266ad5 HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3D57e233ba-1074-4376-84b0-175016266ad5 HTTP 302
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=7849415851456316905&ttd_tdid=57e233ba-1074-4376-84b0-175016266ad5 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=57e233ba-1074-4376-84b0-175016266ad5&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=NTdlMjMzYmEtMTA3NC00Mzc2LTg0YjAtMTc1MDE2MjY2YWQ1&gdpr=0&gdpr_consent=&ttd_tdid=57e233ba-1074-4376-84b0-175016266ad5 HTTP 302
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=57e233ba-1074-4376-84b0-175016266ad5&google_gid=CAESENw7NI_91e73DbVMmEslCgE&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=57e233ba-1074-4376-84b0-175016266ad5&expiration=1722696935&gdpr=0&gdpr_consent= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=57e233ba-1074-4376-84b0-175016266ad5&expiration=1722696935&gdpr=0&gdpr_consent=&C=1

Request Chain 115

https://www.googleadservices.com/pagead/conversion/698270988/?random=1671494939&fst=1720104934713&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4730h2v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&data=event%3Dpageview%3Bpage_type%3Dcontent%3Bpage_environment%3Dproduction%3Bpage_language%3DEN%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1284689265.1720104930&bttype=purchase&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=252828290&fst=1720104934713&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4730h2v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&data=event%3Dpageview%3Bpage_type%3Dcontent%3Bpage_environment%3Dproduction%3Bpage_language%3DEN%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1284689265.1720104930&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECSixub3QtbmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&eitems=ChAI8JCZtAYQ18Kno9mBmY9aEh0A3F09_CfaWK_YVr6iuBoTjX5jSM4iEszJOoBv8g&pscrd=IhMI6Y_3ndKNhwMVJ2lHAR0W4gXfMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v HTTP 302
https://www.google.com/pagead/1p-conversion/698270988/?random=252828290&fst=1720104934713&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4730h2v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&data=event%3Dpageview%3Bpage_type%3Dcontent%3Bpage_environment%3Dproduction%3Bpage_language%3DEN%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1284689265.1720104930&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECSixub3QtbmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI6Y_3ndKNhwMVJ2lHAR0W4gXfMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQDaQooLOysde8UbRMJrz4PocanyEayfmFfpuLLE9X1ciYjBPoJPCX3x&eitems=ChAI8JCZtAYQ18Kno9mBmY9aEh0A3F09_HbMBP9WYcr6QCOORW3mYy8BsC64CyTicQ&random=1762932364 HTTP 302
https://www.google.ca/pagead/1p-conversion/698270988/?random=252828290&fst=1720104934713&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4730h2v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&data=event%3Dpageview%3Bpage_type%3Dcontent%3Bpage_environment%3Dproduction%3Bpage_language%3DEN%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1284689265.1720104930&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECSixub3QtbmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI6Y_3ndKNhwMVJ2lHAR0W4gXfMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQDaQooLOysde8UbRMJrz4PocanyEayfmFfpuLLE9X1ciYjBPoJPCX3x&eitems=ChAI8JCZtAYQ18Kno9mBmY9aEh0A3F09_HbMBP9WYcr6QCOORW3mYy8BsC64CyTicQ&random=1762932364&ipr=y

Request Chain 117

https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=9435449244224;npa=1;auiddc=1284689265.1720104930;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1750319717;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
https://9231397.fls.doubleclick.net/activityi;dc_pre=COntoJ3SjYcDFS7c_QUdpxAEBw;src=9231397;type=retarget;cat=globa0;ord=9435449244224;npa=1;auiddc=1284689265.1720104930;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1750319717;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals

Request Chain 120

https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=3746348894507;npa=1;auiddc=1284689265.1720104930;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1361191857;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
https://10742279.fls.doubleclick.net/activityi;dc_pre=CNWntp3SjYcDFUnh_QUdB2cBmw;src=10742279;type=elf8j0;cat=glo_flap;ord=3746348894507;npa=1;auiddc=1284689265.1720104930;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1361191857;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals

Request Chain 134

https://idsync.rlcdn.com/458359.gif?partner_uid=1e03c785-5aa3-4bd5-8620-8a16c03596d0 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJDFlMDNjNzg1LTVhYTMtNGJkNS04NjIwLThhMTZjMDM1OTZkMBAAGg0I6e-atAYSBQjoBxAAQgBKAA HTTP 307
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=a94446532a4610c09020673893a2625313111b173a94ef33af9ec202d99007806ac34734d8e453ee

194 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request elf-cosmetic-criminals Show response
www.elfcosmetics.com/en_CA/
Redirect Chain

http://www.cosmeticcriminals.ca/
https://www.cosmeticcriminals.ca/
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
http://www.cosmeticcriminals.ca/
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

1 MB
249 KB

277ms
274ms

Document
text/html

140.174.12.225
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.12.225 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

7142dfd1bdffb1daa451306e67777a326654893f43463bfafd701cb49c6bca4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

age: 0
alt-svc: h3=":443"; ma=86400
cache-control: public, must-revalidate, s-maxage=900
content-encoding: gzip
content-length: 253635
content-type: text/html; charset=utf-8
date: Thu, 04 Jul 2024 14:55:23 GMT
etag: W/"eb652-8giR4ZnSpP3Z7FJaojyhM8OlaOs"
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 506b5e1d907583941705cce32a26ed72.cloudfront.net (CloudFront)
x-amz-apigw-id: aZGqDH06iYcEMRg=
x-amz-cf-id: JARDl2dhZ8COY72xYdyFh8U0JFNj_gqYd7NZthTL01i2Yc5TAbQQYQ==
x-amz-cf-pop: ATL58-P9
x-amzn-remapped-connection: close
x-amzn-remapped-content-length: 964178
x-amzn-remapped-date: Thu, 04 Jul 2024 14:55:23 GMT
x-amzn-requestid: c6248b27-b955-4751-9ee0-879a478abd05
x-amzn-trace-id: Root=1-6686b7d9-4406fd2f55e8e0b520699b0c;Parent=47b948746efca510;Sampled=0;lineage=2b75b0e9:0
x-cache: Hit from cloudfront
x-yottaa-metrics: 33218cae0c6e/[80,31,-] 33D18cae0ce1/[-,130.755]
x-yottaa-optimizations: ob/1000000100001000 si/33D18cae0ce1-1720102377-1611781383 tts/1719340523228 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os: 200

Redirect headers

Age: 0
Connection: keep-alive
Content-Length: 1197
Content-Type: text/html; charset=utf-8
Date: Thu, 04 Jul 2024 14:55:23 GMT
Location: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Vary: User-Agent
X-Yottaa-FW: fb/100000 tid/658f1d64d931403bb4ae3723 rid/658f270fd931403bb4ae60d5 stid/5ad7b08e2bb0ac0c5ba3d38c
X-Yottaa-Metrics: 32D1a5fec6d3/[-,0.222]
X-Yottaa-Optimizations: ob/0 si/32D1a5fec6d3-1720102378-3159480501 tts/1720104923583 ti/0 ai/658f1d64d931403bb4ae3723

GET /
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/ 0
0

GET
H2 200 PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 630 KB
630 KB 786ms
224ms Image
image/jpeg 2600:1408:ec00:12::1730:6845
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:ec00:12::1730:6845 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:24 GMT
x-content-type-options: nosniff
x-amp-srv: A
cache-tag: SYD3s6dZE,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-req-id: V5bixew7Sj
content-length: 644728
x-xss-protection: 1; mode=block
x-amp-source-height: 1249
server: Unknown
x-frame-options: DENY
x-amp-source-width: 3199
access-control-allow-origin: *
content-type: image/jpeg
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
x-amp-published: Wed, 20 Dec 2023 20:47:39 GMT

GET
H2 200 PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 205 KB
205 KB 1178ms
617ms Image
image/png 2600:1408:ec00:12::1730:6845
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:ec00:12::1730:6845 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:24 GMT
x-content-type-options: nosniff
x-amp-srv: A
cache-tag: _R3cYz5Nh,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-req-id: ZG8upNM2Z5
content-length: 209440
x-xss-protection: 1; mode=block
x-amp-source-height: 340
server: Unknown
x-frame-options: DENY
x-amp-source-width: 800
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
x-amp-published: Wed, 20 Dec 2023 20:47:39 GMT

GET
H2

206

8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4

1 MB
1 MB

1340ms
635ms

Media
video/mp4

2606:4700:4400::6812:26d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Server: 2606:4700:4400::6812:26d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 04 Jul 2024 14:55:26 GMT
x-amz-version-id: null
cf-cache-status: MISS
x-amz-request-id: 2NRMJ808KRWAD9ST
Content-Range: bytes 0-1060947/1060948
Content-Length: 1060948
x-amz-id-2: v3x0q4+aFy8ioB0yVPmgq9wJ07Om6V5+ErCCzW6cpyUK9Dgchr1R8fZMksYpOgR/AfykPSHn+L0=
last-modified: Fri, 22 Dec 2023 15:50:27 GMT
server: cloudflare
etag: "dd3676819bd88a250c875a11e38c307d"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: video/mp4
cf-ray: 89dff4c958f4ac24-YYZ

Redirect headers

date: Thu, 04 Jul 2024 14:55:24 GMT
x-content-type-options: nosniff
server: Unknown
x-frame-options: DENY
x-amp-srv: A
cache-tag: cwqJ5_ux1,l4p5bDg2e,bgWw7nQ29
access-control-allow-origin: *
location: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
content-type: text/html; charset=UTF-8
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
content-length: 0
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d

Request headers

Referer
Origin: https://www.elfcosmetics.com
Accept-Language: en-CA,en;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac

Request headers

Referer
Origin: https://www.elfcosmetics.com
Accept-Language: en-CA,en;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H2 200 bxGKZ6lfJ7A
www.youtube.com/embed/ Frame F6EC 0
0 704ms
284ms Document
text/html 2607:f8b0:4004:c09::be
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::be Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-security-policy-report-only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-bXNzDpuVfFTixYHKFYGKuw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Thu, 04 Jul 2024 14:55:24 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 rZPCKoUReO0
www.youtube.com/embed/ Frame 2644 0
0 825ms
407ms Document
text/html 2607:f8b0:4004:c09::be
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::be Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Thu, 04 Jul 2024 14:55:24 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 2 MB
2 MB 2888ms
2887ms Image
image/png 2600:1408:ec00:12::1730:6845
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:ec00:12::1730:6845 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:25 GMT
x-content-type-options: nosniff
x-amp-srv: A
cache-tag: SzvYIW4ZR,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-req-id: gXeZEX68L-
content-length: 2085695
x-xss-protection: 1; mode=block
x-amp-source-height: 1484
server: Unknown
x-frame-options: DENY
x-amp-source-width: 3080
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
x-amp-published: Wed, 03 Jan 2024 21:02:28 GMT

GET
H2 200 PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 330 KB
331 KB 2805ms
2804ms Image
image/jpeg 2600:1408:ec00:12::1730:6845
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:ec00:12::1730:6845 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:26 GMT
x-content-type-options: nosniff
x-amp-srv: A
cache-tag: GBo1upS8Q,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-req-id: E1KwxdNlRN
content-length: 338113
x-xss-protection: 1; mode=block
x-amp-source-height: 1062
server: Unknown
x-frame-options: DENY
x-amp-source-width: 2806
access-control-allow-origin: *
content-type: image/jpeg
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
x-amp-published: Wed, 27 Dec 2023 17:21:33 GMT

GET
H2 200 PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 180 KB
180 KB 2028ms
2025ms Image
image/jpeg 2600:1408:ec00:12::1730:6845
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:ec00:12::1730:6845 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:27 GMT
x-content-type-options: nosniff
x-amp-srv: A
cache-tag: jWGhw7SzR,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-req-id: XCaCdssz1N
content-length: 184181
x-xss-protection: 1; mode=block
x-amp-source-height: 1108
server: Unknown
x-frame-options: DENY
x-amp-source-width: 1952
access-control-allow-origin: *
content-type: image/jpeg
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
x-amp-published: Fri, 29 Dec 2023 07:51:47 GMT

GET
H2 200 PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 614 KB
614 KB 2104ms
2102ms Image
image/png 2600:1408:ec00:12::1730:6845
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:ec00:12::1730:6845 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:27 GMT
x-content-type-options: nosniff
x-amp-srv: A
cache-tag: nmP4-b1_3,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-req-id: x4kpyNmBMy
content-length: 628288
x-xss-protection: 1; mode=block
x-amp-source-height: 525
server: Unknown
x-frame-options: DENY
x-amp-source-width: 3200
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
x-amp-published: Thu, 28 Dec 2023 16:15:28 GMT

GET
H2 200 jquery-3.7.1.slim.min.js Show response
code.jquery.com/ 69 KB
24 KB 590ms
161ms Script
application/javascript 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:24 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 11520798
x-cache: HIT, HIT
content-length: 24036
x-served-by: cache-lga21942-LGA, cache-yyz4536-YYZ
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1720104925.659174,VS0,VE0
etag: W/"28feccc0-11278"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 1313, 5341

GET
H2 200 player_api Show response
www.youtube.com/ 993 B
2 KB 832ms
237ms Script
text/javascript 2607:f8b0:4004:c08::be
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/player_api

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::be Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

96e567e55058088bf057ebeb964b202435a2c745a55f49df106fe22f2a9a8e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
content-security-policy-report-only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-1N2lVUzv7rp_InGRLF8oGQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Thu, 04 Jul 2024 14:55:25 GMT

GET
H2

206

c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4

1 MB
1 MB

623ms
622ms

Media
video/mp4

2606:4700:4400::6812:26d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Server: 2606:4700:4400::6812:26d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 04 Jul 2024 14:55:30 GMT
x-amz-version-id: null
cf-cache-status: MISS
x-amz-request-id: GY239QWKT9R9RYWJ
Content-Range: bytes 0-1262366/1262367
Content-Length: 1262367
x-amz-id-2: b4GABz6Ro0YYpOQ5ovcfjPhs8yephpIQT4NDfubeorVFUqj1v5KuXaiZiv15OvT1aSE0Z89+l1g=
last-modified: Fri, 22 Dec 2023 17:43:50 GMT
server: cloudflare
etag: "91a2cbc7ca143aac79d0312d84bb77fb"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: video/mp4
cf-ray: 89dff4e3cd91ac24-YYZ

Redirect headers

date: Thu, 04 Jul 2024 14:55:27 GMT
x-content-type-options: nosniff
server: Unknown
x-frame-options: DENY
x-amp-srv: A
cache-tag: MXIqwDdh-,l4p5bDg2e,fH6Lo3_5e
access-control-allow-origin: *
location: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
content-type: text/html; charset=UTF-8
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 200 vendor.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/ 2 MB
627 KB 435ms
144ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 476b949e750bc9bc1e1179523a977db991107d95f9e6ddf9c05212ca6a2b8fb9

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:28 GMT
via: 1.1 bfad77da64cd65a36fcbbe44acb655e8.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
x-amz-cf-pop: SFO53-P2
age: 675957
x-yottaa-optimizations: ob/1100 si/2511cc02853d-1716292639-1238600260 tts/1719340523228 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 788634
content-length: 641173
x-amz-meta-bundle: 11486
x-served-by: cache-yyz4543-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1720104928.130497,VS0,VE0
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 2521cc02851c/[15,-,1719428970300] 2511cc02853d/[-,142.739]
accept-ranges: bytes
x-amz-cf-id: brcXzANeCK6q0NiifdgLKLEfrtqi6Lb_GeyCy3vvfHGFF-iGVoF_pw==
x-cache-hits: 2

GET
H2 200 main.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/ 2 MB
496 KB 377ms
86ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/main.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b592ffae3e4db32ca59f44351815755d85f43b1b03b5f6b75adf0c727ac702c1

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:28 GMT
via: 1.1 aca99b28083d8a34e20c40dbd89ecfce.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
x-amz-cf-pop: SFO53-P2
age: 675957
x-yottaa-optimizations: ob/1100 si/2511cc02853d-1716292639-1238600259 tts/1719340523228 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 788634
content-length: 506592
x-amz-meta-bundle: 11486
x-served-by: cache-yyz4543-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1720104928.130478,VS0,VE0
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 2521cc028529/[12,-,1719428970307] 2511cc02853d/[-,103.375]
accept-ranges: bytes
x-amz-cf-id: GJpn6N1fCtoQyhqR-o4Gz13LULnCV0bp9gh16c04Of46mNRyWhMoYg==
x-cache-hits: 2

GET
H2 200 pages-product-list-product-list-page.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/ 42 KB
12 KB 535ms
244ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/pages-product-list-product-list-page.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad3ed177f053d775094fa0ad440fd4f6baf970be9af3b38b62e734dd4ab99ecd

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:28 GMT
via: 1.1 bfad77da64cd65a36fcbbe44acb655e8.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
x-amz-cf-pop: SFO53-P2
age: 675957
x-yottaa-optimizations: ob/1000 si/2511cc028a74-1716292641-527269470 tts/1719340523228 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Miss from cloudfront, HIT
x-amz-meta-deploy: 788634
content-length: 12021
x-amz-meta-bundle: 11486
x-served-by: cache-yyz4543-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1720104928.130494,VS0,VE1
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 2521cc028527/[139,137,-] 2511cc028a74/[-,142.806]
accept-ranges: bytes
x-amz-cf-id: EI_jt8cv9-26UcNKBltI6zU8KOFzf46wH3_Hwu2zsSPT8HVYLAceJw==
x-cache-hits: 0

GET
H2 200 PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 630 KB
0 0ms
0ms Image
image/jpeg 2600:1408:ec00:12::1730:6845
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:ec00:12::1730:6845 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:24 GMT
x-content-type-options: nosniff
x-amp-srv: A
cache-tag: SYD3s6dZE,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-req-id: V5bixew7Sj
content-length: 644728
x-xss-protection: 1; mode=block
x-amp-source-height: 1249
server: Unknown
x-frame-options: DENY
x-amp-source-width: 3199
access-control-allow-origin: *
content-type: image/jpeg
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
x-amp-published: Wed, 20 Dec 2023 20:47:39 GMT

GET
H2 200 PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 205 KB
0 0ms
0ms Image
image/png 2600:1408:ec00:12::1730:6845
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:ec00:12::1730:6845 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:24 GMT
x-content-type-options: nosniff
x-amp-srv: A
cache-tag: _R3cYz5Nh,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-req-id: ZG8upNM2Z5
content-length: 209440
x-xss-protection: 1; mode=block
x-amp-source-height: 340
server: Unknown
x-frame-options: DENY
x-amp-source-width: 800
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=1800, s-maxage=86400
accept-ranges: bytes
x-amp-published: Wed, 20 Dec 2023 20:47:39 GMT

OPTIONS
H2 200 /
sdk.iad-05.braze.com/api/v3/data/ Frame 0
0 670ms
272ms Preflight 2606:4700:4400::ac40:965f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:965f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 89dff4e48f99ab8d-YYZ
content-encoding: gzip
date: Thu, 04 Jul 2024 14:55:30 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 494ms
125ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/main.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fdfea52427fb822bebdd32b325768e73b40637bd203c100827d4dece88e431c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jul 2024 14:55:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: YmFgVUTeB0lXZXM9YgX19A==
age: 85936
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jul 2024 02:35:21 GMT
server: cloudflare
etag: 0x8DC9B08C8F3A89E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: ef937a97-f01e-00b3-2817-cd690d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89dff4e38d45aadc-YYZ

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 510 KB
133 KB 619ms
182ms Script
application/javascript 2607:f8b0:4004:c1f::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4a0fd64f5bf04a55736226ee214b8eb928383198b27f8ce9a925e36e755f0f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 135449
x-xss-protection: 0
last-modified: Thu, 04 Jul 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 04 Jul 2024 14:55:30 GMT

GET
H2 200 api_dynamic.js Show response
cdn.dynamicyield.com/api/8772046/ 611 KB
71 KB 683ms
176ms Script
application/javascript 2600:9000:2191:4e00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2191:4e00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 5b02d048d7281aed5caad6a0bca1e80747216689205e6ce945d72a98235ee976

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:16 GMT
content-encoding: gzip
via: 1.1 fba666ceffdeb316c8edf476d8994bd4.cloudfront.net (CloudFront)
last-modified: Thu, 04 Jul 2024 14:51:25 GMT
server: DYCDN
age: 15
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
etag: W/"96d52b3f86e78e651605d78cb170efa2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=30
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: SoifCkLNrRsSe85uvkpx1Q67fi80KJJiT_WEpt8oPclNV0d9WM-TFA==

GET
H2 200 api_static.js Show response
cdn.dynamicyield.com/api/8772046/ 389 KB
115 KB 119ms
118ms Script
application/javascript 2600:9000:2191:4e00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2191:4e00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: e5388572b3a18177d029f93dde3a77067783ddbe1bb2b89a078eebd61229b3bb

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 10:25:22 GMT
content-encoding: gzip
via: 1.1 fba666ceffdeb316c8edf476d8994bd4.cloudfront.net (CloudFront)
last-modified: Wed, 03 Jul 2024 17:58:19 GMT
server: DYCDN
age: 16209
x-amz-cf-pop: IAD89-C1
etag: W/"5e3675ee67a1e673bae2ccb224a5f46e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: p-9OYmt3BHlSsAWp-k_gtHFGCfleavICKAUMncd2ZAsfhFkYTbe6Ow==

GET
H2 200 / Show response
api.ipify.org/ 21 B
155 B 463ms
173ms XHR
application/json 104.26.13.205
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4fb59b2144a6681bc2c4db4a280a72e4449a3fc051b411f0656ebbf074723d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:29 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: application/json
access-control-allow-origin: *
cf-ray: 89dff4e3290aaaa7-YYZ
content-length: 21

GET
H2 200 / Show response
api.ipify.org/ 21 B
73 B 568ms
103ms XHR
application/json 104.26.13.205
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4fb59b2144a6681bc2c4db4a280a72e4449a3fc051b411f0656ebbf074723d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:29 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: application/json
access-control-allow-origin: *
cf-ray: 89dff4e449f5aaa7-YYZ
content-length: 21

POST
H2 201 / Show response
sdk.iad-05.braze.com/api/v3/data/ 612 B
646 B 529ms
528ms XHR
application/json 2606:4700:4400::ac40:965f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:965f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11cf11bff7a54cf595f54c5211fd0089934416de1bc7d951f532f967c0ff0d2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest: true
X-Braze-DataRequest: true
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/json
X-Braze-Last-Req-Ms-Ago: 7200000
Referer: https://www.elfcosmetics.com/
X-Requested-With: XMLHttpRequest
Accept-Language: en-CA,en;q=0.9;q=0.9
X-Braze-Req-Attempt: 1
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:30 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: 790240d6-4123-4bdb-837f-59764200fc21
x-runtime: 0.320607
server: cloudflare
etag: W/"11cf11bff7a54cf595f54c5211fd0089"
vary: Origin,Accept-Encoding
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1720104933
access-control-max-age: 7200
x-ratelimit-limit: 500.0
cf-ray: 89dff4e64929ab8d-YYZ
x-ratelimit-remaining: 498.0

GET
H2

200

callback
www.elfcosmetics.com/
Redirect Chain

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
https://www.elfcosmetics.com/callback?usid=7947c963-e43f-4b7b-a2fe-ddb57140a896&code=1dPTl-rbhPRh37i4sCWo65NQz1QyVSB5oVfGLjf4-F4

0
0

355ms
354ms

Fetch
application/json

140.174.12.225
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/callback?usid=7947c963-e43f-4b7b-a2fe-ddb57140a896&code=1dPTl-rbhPRh37i4sCWo65NQz1QyVSB5oVfGLjf4-F4

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Server

140.174.12.225 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 04 Jul 2024 14:55:30 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 ba1e517a4f7e2b0408d16a73e8b5ca62.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 0
x-amz-cf-pop: ATL58-P9
age: 0
x-amzn-remapped-connection: close
x-amzn-requestid: 3d67f673-2641-4509-8b20-58bc6d3f352f
x-yottaa-optimizations: ob/1000 si/33D18cae0ce1-1720102377-1611781398 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
x-amz-apigw-id: aZGreGaeCYcEWGw=
content-length: 0
alt-svc: h3=":443"; ma=86400
x-yottaa-forcecache: true
x-amzn-trace-id: Root=1-6686b7e2-15f327b6232eca8e7aa77846;Parent=48f5fe2e58e4bfa1;Sampled=0;lineage=2b75b0e9:0
content-type: application/json
cache-control: public, max-age=604800
x-yottaa-os: 200
x-yottaa-metrics: 33218cae0c7b/[206,204,-] 33D18cae0ce1/[-,208.349]
x-amzn-remapped-date: Thu, 04 Jul 2024 14:55:30 GMT
x-amz-cf-id: KFwDf6a2nICt4ebXOVq4YBu28LpzXmTC1PxiD37_q__MVptYyI9BhQ==

Redirect headers

date: Thu, 04 Jul 2024 14:55:30 GMT
x-correlation-id: 89dff4e75ef782b1
via: 1.1 86150a7b1da76d1a806dc0cdda8debc4.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: ATL58-P9
age: 0
x-yottaa-optimizations: ob/0 si/33D18cae0ce1-1720102377-1611781397 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
x-ratelimit-1m-remaining: 23294, 1966844
x-ratelimit-1m-reset: 29519, 29518
x-ratelimit-1m-limit: 24000, 2000000
vary: Accept-Encoding
location: https://www.elfcosmetics.com/callback?usid=7947c963-e43f-4b7b-a2fe-ddb57140a896&code=1dPTl-rbhPRh37i4sCWo65NQz1QyVSB5oVfGLjf4-F4
cache-control: no-store
x-yottaa-os: 303
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=n7rLjsCD62DqDwA-QOzoqLQ8VVRWijyCFWKwIV5hTuI
x-yottaa-metrics: 33218cae0c7a/[94,93,-] 33D18cae0ce1/[-,95.937]
cf-ray: 89dff4e75ef782b1-IAD
x-amz-cf-id: cJp2ZJloUAq-4NHF-kNqvbkhD4LNHYUwLmgFo0oPB-KTsv5AEcEYdg==

GET
H2 200 6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json Show response
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 6 KB
2 KB 479ms
130ms XHR
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55baa715ccc8c2512bceb1c949c1d0927944ca327e7edd2d5fc312d2a41986e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jul 2024 14:55:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 12133
content-md5: j7e7fSdncC8T3SCV/IpUig==
content-length: 1740
x-ms-lease-status: unlocked
last-modified: Mon, 08 Apr 2024 18:41:03 GMT
server: cloudflare
etag: 0x8DC57FB71838BE4
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: c3fb1654-801e-0031-68e4-89d890000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89dff4e69f1ca234-YYZ
expires: Fri, 05 Jul 2024 14:55:30 GMT

GET
H3

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&tag_exp=0&rnd=1403218045.1720104930&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4730n81...
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&tag_exp=0&rnd=1403218045.1720104930&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gt...

42 B
65 B

554ms
132ms

Ping
image/gif

2607:f8b0:400d:c0d::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&tag_exp=0&rnd=1403218045.1720104930&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4730n81WL3STMXv896608294za200&auid=1284689265.1720104930

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Server

2607:f8b0:400d:c0d::9d Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&tag_exp=0&rnd=1403218045.1720104930&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He4730n81WL3STMXv896608294za200&auid=1284689265.1720104930
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 67 B
306 B 566ms
184ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66707b7434e14fc523f2fc692e4a190958a02598dd3d9c45ec0f65f90091727b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
accept: application/json
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 89dff4ea386aac2a-YYZ
access-control-allow-headers: Content-Type

GET
H2 200 st Show response
st.dynamicyield.com/ 151 KB
13 KB 571ms
141ms Script
text/javascript 2600:9000:2508:ee00:15:ad21:c740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=apx5287cq2xiyjh9ds3exyjveo4fgioc&ref=&scriptVersion=2.38.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-CA%22%2C%22data%22%3A%5B%5D%7D
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2508:ee00:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 339579bfab70179b8bd12de8f6f0456bb2c6586bda1e0ca819714278270b8f1a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:31 GMT
content-encoding: gzip
via: 1.1 31341771a4bfa40d7b1f61883ffb56c6.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control: no-cache
x-amz-cf-id: ooZ6-eZCWfe9rqB5yaqZtoRkkVMwoQFVLXwxoKKvBpMDxKKI8g0AvQ==
expires: Thu, 04 Jul 2024 14:55:30 GMT

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 0
0 173ms
172ms Preflight 2606:4700:4400::ac40:965f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:965f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 89dff4e9ed12ab8d-YYZ
content-encoding: gzip
date: Thu, 04 Jul 2024 14:55:30 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 85 B
251 B 263ms
263ms XHR
application/json 2606:4700:4400::ac40:965f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:965f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa4e04ca2c61874e10fcc4bc47e9eab239ff6d339f8f4d946e9555d7b2f6904a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-Braze-Req-Tokens-Remaining: 29
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest: true
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/json
X-Braze-Last-Req-Ms-Ago: 7200000
BRAZE-SYNC-RETRY-COUNT: 0
X-Requested-With: XMLHttpRequest
Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
X-Braze-Req-Attempt: 1
X-Braze-ContentCardsRequest: true
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:31 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: ee57e397-f1d8-4ebf-ae12-56f58b13924e
x-runtime: 0.062706
server: cloudflare
etag: W/"aa4e04ca2c61874e10fcc4bc47e9eab2"
vary: Origin,Accept-Encoding
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1720104933
access-control-max-age: 7200
x-ratelimit-limit: 500.0
cf-ray: 89dff4eb0e32ab8d-YYZ
x-ratelimit-remaining: 495.0

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/feature_flags/ 20 B
175 B 232ms
230ms XHR
application/json 2606:4700:4400::ac40:965f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/feature_flags/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:965f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-Braze-Req-Tokens-Remaining: 28
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest: true
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/json
X-Braze-Last-Req-Ms-Ago: 7200000
Referer: https://www.elfcosmetics.com/
X-Requested-With: XMLHttpRequest
X-Braze-FeatureFlagsRequest: true
Accept-Language: en-CA,en;q=0.9;q=0.9
X-Braze-Req-Attempt: 1
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:31 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: c68c201d-597c-4015-95b2-77ae21741957
x-runtime: 0.053878
server: cloudflare
etag: W/"e92f434a50c76d6e52d0d3cc91cdf185"
vary: Origin,Accept-Encoding
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1720104933
access-control-max-age: 7200
x-ratelimit-limit: 500.0
cf-ray: 89dff4eb5e9fab8d-YYZ
x-ratelimit-remaining: 495.0

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/feature_flags/ Frame 0
0 223ms
223ms Preflight 2606:4700:4400::ac40:965f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/feature_flags/sync

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:965f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 89dff4e9fd20ab8d-YYZ
content-encoding: gzip
date: Thu, 04 Jul 2024 14:55:30 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

POST
H2 200 token Show response
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 2 KB
2 KB 239ms
237ms Fetch
application/json 140.174.12.225
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.12.225 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

c5f7a24bdd33816544f990e2b155d94405e705f61cf05698ca96f525ebfe9782

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:31 GMT
content-encoding: gzip
x-correlation-id: 89dff4eafdc40590
cf-cache-status: DYNAMIC
via: 1.1 d4ca515662341661b756e3448d612214.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: ATL58-P9
age: 0
x-yottaa-optimizations: ob/1000 si/33D18cae0ce1-1720102377-1611781399 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
pragma: no-cache
x-ratelimit-1m-remaining: 23268, 1966199
x-ratelimit-1m-reset: 28924, 28923
vary: Accept-Encoding, User-Agent
x-ratelimit-1m-limit: 24000, 2000000
content-type: application/json
cache-control: no-store
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics: 33218cae0c7c/[126,125,-] 33D18cae0ce1/[-,126.872]
cf-ray: 89dff4eafdc40590-IAD
x-amz-cf-id: 2P0kulu8gDSWEiFknkSjGWIZGerqlEOim3Il8xS10DVkQe0TC41-YQ==

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/ 404 KB
98 KB 107ms
107ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jul 2024 14:55:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: XJk1ZZTljtwHFT3qcIJg+w==
age: 19933
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 99599
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:36 GMT
server: cloudflare
etag: 0x8DB82A15D413626
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: ab8cd6f5-901e-005f-7d08-7c8dbf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89dff4f0ec22aadc-YYZ

POST
H2 204 sessions Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 0
1 KB 223ms
219ms XHR
text/plain 140.174.12.225
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 140.174.12.225 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwODJiMWNmZC03ZDA5LTQwZDctYjc2OC03OTUzZjQyOGIyMjUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjc5NDdjOTYzLWU0M2YtNGI3Yi1hMmZlLWRkYjU3MTQwYTg5NiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjAxMDQ5MDEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibFhJWWwwazNsSGtSeHJvWHhHWVl3SEJHOjpjaGlkOiAiLCJleHAiOjE3MjAxMDY3MzEsImlhdCI6MTcyMDEwNDkzMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNDg5ODUxMTQzNDIyOTMwOCJ9.9A0_zNjzVDae1nMQXEKRNBG4OfCei7IgtMcWRIptOxeuRGb2aHSdFUNdYVc9hgaINfKJFCD4-PnYTdsvq5uKHQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:31 GMT
via: 1.1 fb1853bb8175d79c872ba2b16171e374.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: ATL58-P9
age: 0
x-yottaa-optimizations: ob/0 si/33D18cae0ce1-1720102377-1611781400 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
pragma: no-cache
allow: OPTIONS,POST
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 33218cae0c7d/[108,107,-] 33D18cae0ce1/[-,109.164]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges: bytes
cf-ray: 89dff4ec7caa6fc1-IAD
x-dw-request-base-id: fJT1iuO3hmYBAAB_
x-amz-cf-id: X5EOJXf8lIB6cdyAj_COjN8SIS1wph6XJOaz7KvooVCinR01iXcQdA==
x-yottaa-os: 204
expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H2 200 shoppercontext Show response
www.elfcosmetics.com/api/v1/ 135 B
886 B 702ms
701ms XHR
application/json 140.174.12.225
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.12.225 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

d7003226e2fea50e6765c46fe1bdacfe3a16adedd6c7a2530fef876c2356cf9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwODJiMWNmZC03ZDA5LTQwZDctYjc2OC03OTUzZjQyOGIyMjUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjc5NDdjOTYzLWU0M2YtNGI3Yi1hMmZlLWRkYjU3MTQwYTg5NiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjAxMDQ5MDEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibFhJWWwwazNsSGtSeHJvWHhHWVl3SEJHOjpjaGlkOiAiLCJleHAiOjE3MjAxMDY3MzEsImlhdCI6MTcyMDEwNDkzMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNDg5ODUxMTQzNDIyOTMwOCJ9.9A0_zNjzVDae1nMQXEKRNBG4OfCei7IgtMcWRIptOxeuRGb2aHSdFUNdYVc9hgaINfKJFCD4-PnYTdsvq5uKHQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:31 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 392ae56b81ecdd89977a6262a9d12eb2.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 135
content-encoding: gzip
x-amz-cf-pop: ATL58-P9
age: 0
x-amzn-remapped-connection: close
x-amzn-requestid: 0693a00f-cde5-4eb3-8f09-f8375b049c6c
x-yottaa-optimizations: ob/1000 si/33D18cae0ce1-1720102377-1611781401 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
x-amz-apigw-id: aZGrkG6eiYcEP2A=
content-length: 119
alt-svc: h3=":443"; ma=86400
etag: W/"87-WFt3zDSdrvttkMP6rAK367Qj/Rw"
x-amzn-trace-id: Root=1-6686b7e3-4970677042b2f8c379a9ba32;Parent=48d313aad08e81d6;Sampled=0;lineage=2b75b0e9:0
content-type: application/json; charset=utf-8
x-yottaa-os: 200
x-yottaa-metrics: 33218cae0c7e/[587,586,-] 33D18cae0ce1/[-,588.593]
x-amzn-remapped-date: Thu, 04 Jul 2024 14:55:31 GMT
x-amz-cf-id: Pocr8hvxKjPyzjfzcqwj8YR-_ITZM4CI9fquY_vUQ-R4LP9s8FrppQ==

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 85 B
200 B 236ms
235ms XHR
application/json 2606:4700:4400::ac40:965f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:965f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa4e04ca2c61874e10fcc4bc47e9eab239ff6d339f8f4d946e9555d7b2f6904a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-Braze-Req-Tokens-Remaining: 27
X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest: true
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/json
X-Braze-Last-Req-Ms-Ago: 365
BRAZE-SYNC-RETRY-COUNT: 0
X-Requested-With: XMLHttpRequest
Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
X-Braze-Req-Attempt: 1
X-Braze-ContentCardsRequest: true
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:31 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: 65e377ad-9a26-44f6-b3ed-2e560a623d74
x-runtime: 0.057840
server: cloudflare
etag: W/"aa4e04ca2c61874e10fcc4bc47e9eab2"
vary: Origin,Accept-Encoding
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
x-ratelimit-reset: 1720104933
access-control-max-age: 7200
x-ratelimit-limit: 500.0
cf-ray: 89dff4ec3faaab8d-YYZ
x-ratelimit-remaining: 493.0

GET
H2 200 geo-ip Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 189 B
900 B 289ms
287ms XHR
application/json 140.174.12.225
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=166.0.205.98

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.12.225 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

85461719c1f6479769151df8cad3514d6819310afbe893ec9fc124501c5b1697

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:31 GMT
sfdc_customization: HOOK
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
via: 1.1 4d4cefe36d361e28de9fc0829672a94a.cloudfront.net (CloudFront)
x-amz-cf-pop: ATL58-P9
x-yottaa-optimizations: ob/1000 si/33D18cae0ce1-1720102377-1611781402 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
age: 0
alt-svc: h3=":443"; ma=86400
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=166.0.205.98
x-yottaa-metrics: 33218cae0c7f/[174,172,-] 33D18cae0ce1/[-,174.858]
cf-ray: 89dff4ed1ce939a9-IAD
x-dw-request-base-id: cD1TUOO3hmYBAAB_
x-amz-cf-id: 1W8_X91aMhFvuMHEBAY9fpk01wH4y85IrquqTrjeHoQ0pyXzS7C6nw==

GET
H2 200 geo-ip Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 189 B
901 B 693ms
401ms XHR
application/json 140.174.12.225
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=166.0.205.98

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.12.225 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

85461719c1f6479769151df8cad3514d6819310afbe893ec9fc124501c5b1697

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:31 GMT
sfdc_customization: HOOK
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
via: 1.1 359c06bb510d50ef596da72c73b15d14.cloudfront.net (CloudFront)
x-amz-cf-pop: ATL58-P9
x-yottaa-optimizations: ob/1000 si/33D18cae0ce1-1720102377-1611781404 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
age: 0
alt-svc: h3=":443"; ma=86400
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=166.0.205.98
x-yottaa-metrics: 33218cae0c81/[207,205,-] 33D18cae0ce1/[-,208.562]
cf-ray: 89dff4ef5d450649-IAD
x-dw-request-base-id: cD1YUOO3hmYBAAB_
x-amz-cf-id: 0I2PY7UjktvDeen2SMbu8-P4UCVZXRjmXihoA3XPIEtkXYv2SoAvkw==

GET
H2 200 baskets Show response
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/ablXIYl0k3lHkRxroXxGYYwHBG/ 11 B
875 B 308ms
306ms Fetch
application/json 140.174.12.225
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/ablXIYl0k3lHkRxroXxGYYwHBG/baskets?siteId=elf-us

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.12.225 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwODJiMWNmZC03ZDA5LTQwZDctYjc2OC03OTUzZjQyOGIyMjUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjc5NDdjOTYzLWU0M2YtNGI3Yi1hMmZlLWRkYjU3MTQwYTg5NiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjAxMDQ5MDEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibFhJWWwwazNsSGtSeHJvWHhHWVl3SEJHOjpjaGlkOiAiLCJleHAiOjE3MjAxMDY3MzEsImlhdCI6MTcyMDEwNDkzMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNDg5ODUxMTQzNDIyOTMwOCJ9.9A0_zNjzVDae1nMQXEKRNBG4OfCei7IgtMcWRIptOxeuRGb2aHSdFUNdYVc9hgaINfKJFCD4-PnYTdsvq5uKHQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:31 GMT
sfdc_customization: HOOK
dnt: 0
cf-cache-status: DYNAMIC
x-correlation-id: 89dff4ed98103913
x-content-type-options: nosniff
via: 1.1 6893a7827ca9ecde25800b077828fa86.cloudfront.net (CloudFront)
x-amz-cf-pop: ATL58-P9
x-yottaa-optimizations: ob/1000 si/33D18cae0ce1-1720102377-1611781403 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding: gzip
x-cache: Miss from cloudfront
age: 0
alt-svc: h3=":443"; ma=86400
content-length: 37
allow: GET,HEAD,OPTIONS
x-ratelimit-remaining: 999
content-type: application/json;charset=UTF-8
vary: Accept-Encoding
sfdc_load: 3
cache-control: max-age=0,no-cache,no-store
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/ablXIYl0k3lHkRxroXxGYYwHBG/baskets?siteId=elf-us
x-ratelimit-limit: 99999
accept-ranges: bytes
cf-ray: 89dff4ed98103913-IAD
x-amz-cf-id: BW7Eh1yZ9KLH-VBTt8Rp1rFCbvoMMDCDmsLp3srWta9ss1mgiJceAw==
x-yottaa-metrics: 33218cae0c80/[119,117,-] 33D18cae0ce1/[-,120.172]

POST
H2 200 viewPage Show response
api.cquotient.com/v3/activities/bbxc-elf-us/ 98 B
520 B 126ms
125ms Fetch
application/json 54.197.150.242
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/main.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.150.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-150-242.compute-1.amazonaws.com

Software

envoy /

Resource Hash

317fad9272eb8c8523c19252324762276f446d449614e657f3d48e1bab58fdc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
x-cq-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.elfcosmetics.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:31 GMT
strict-transport-security: max-age=15552000; includeSubdomains
server: envoy
etag: W/"62-4vkfLD5I0+Q+C73TZAbb8Xnxgno"
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 5
content-length: 98

OPTIONS
H2 200 viewPage
api.cquotient.com/v3/activities/bbxc-elf-us/ Frame 0
0 563ms
162ms Preflight 54.197.150.242
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.150.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-150-242.compute-1.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-cq-client-id
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization, content-type, x-cq-tenant, x-cq-client-id
access-control-allow-methods: POST
access-control-allow-origin: https://www.elfcosmetics.com
content-length: 0
date: Thu, 04 Jul 2024 14:55:31 GMT
server: envoy
strict-transport-security: max-age=15552000; includeSubdomains
x-envoy-upstream-service-time: 1

POST
H2 200 baskets Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 3 KB
2 KB 257ms
256ms XHR
application/json 140.174.12.225
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.12.225 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

3df324704169fcca10e0d90d3722d926aa56cf417a57eae7e17ea2dab9680b67

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwODJiMWNmZC03ZDA5LTQwZDctYjc2OC03OTUzZjQyOGIyMjUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjc5NDdjOTYzLWU0M2YtNGI3Yi1hMmZlLWRkYjU3MTQwYTg5NiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjAxMDQ5MDEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibFhJWWwwazNsSGtSeHJvWHhHWVl3SEJHOjpjaGlkOiAiLCJleHAiOjE3MjAxMDY3MzEsImlhdCI6MTcyMDEwNDkzMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNDg5ODUxMTQzNDIyOTMwOCJ9.9A0_zNjzVDae1nMQXEKRNBG4OfCei7IgtMcWRIptOxeuRGb2aHSdFUNdYVc9hgaINfKJFCD4-PnYTdsvq5uKHQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:31 GMT
sfdc_customization: HOOK
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 4d4cefe36d361e28de9fc0829672a94a.cloudfront.net (CloudFront)
x-amz-cf-pop: ATL58-P9
age: 0
x-yottaa-optimizations: ob/1000 si/33D18cae0ce1-1720102377-1611781405 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding: gzip
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 1104
pragma: no-cache
etag: 7f69a329420daf20939e518b669f656be9b90dd98d1d5278218ba436d2e460c6
allow: OPTIONS,POST
content-type: application/json;charset=UTF-8
x-dw-resource-state: 7f69a329420daf20939e518b669f656be9b90dd98d1d5278218ba436d2e460c6
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 33218cae0c82/[149,147,-] 33D18cae0ce1/[-,150.716]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges: bytes
cf-ray: 89dff4ef9d237f56-IAD
x-dw-request-base-id: fJQYi-O3hmYBAAB_
x-amz-cf-id: 7C2q-URtIOXv2goz0tgSJWiPuop-HP_EWcb8AzhCnTYCrMHfOKW9xw==
x-yottaa-os: 200
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 dy-coll-min.js Show response
cdn.dynamicyield.com/scripts/2.38.0/ 196 KB
65 KB 115ms
115ms Script
text/javascript 2600:9000:2191:4e00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/scripts/2.38.0/dy-coll-min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2191:4e00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 2e02a7004e780ce2e43c1a5b2775767815f53c8f97413a6bb3bdd072ea221a6b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 08:39:31 GMT
content-encoding: gzip
via: 1.1 fba666ceffdeb316c8edf476d8994bd4.cloudfront.net (CloudFront)
last-modified: Sun, 23 Jun 2024 07:13:26 GMT
server: DYCDN
age: 886562
x-amz-cf-pop: IAD89-C1
etag: W/"8c37df3146fca3a2b5be4ffc535c94b6"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=31536000
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: b5jyfkEdaQnzRIrqyK7lQ3OIDsUIZ-R4GJ6Yc--y_hqu1mUP2WDcqQ==

GET
H2 200 NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 5 KB
6 KB 581ms
109ms Image
image/png 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:32 GMT
x-amz-version-id: null
cf-cache-status: HIT
age: 9294
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 5378
last-modified: Thu, 04 Jul 2024 12:20:38 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 89dff4f49ca836be-YYZ
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 2 KB
1 KB 586ms
115ms Image
image/svg+xml 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:32 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
age: 55329
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 03 Jul 2024 23:33:23 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 89dff4f49ca636be-YYZ
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 icon-noun-drop-1235517%201
elfcosmetics.a.bigcontent.io/v1/static/ 2 KB
936 B 585ms
114ms Image
image/svg+xml 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%203x
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f366287eaa5627dc7ee48d1fcb79d20bceae8238ee2f1dd772f059685fe9c799

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:32 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
age: 40859
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 04 Jul 2024 03:34:33 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 89dff4f49ca936be-YYZ
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 300240 Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/products/ 50 KB
6 KB 385ms
384ms XHR
application/json 140.174.12.225
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/products/300240?siteId=elf-us&locale=en-CA&currency=CAD&expand=availability%2Cbundled_products%2Clinks%2Cpromotions%2Coptions%2Cimages%2Cprices%2Cvariations%2Cset_products%2Crecommendations&all_images=true&perPricebook=true

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.12.225 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

a97e79a09f4d99ea7a5806ce9264c2715d8d227fda3d59321e5d0370d032034d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
c_x-pwa-request: true
cache-control: no-cache
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:32 GMT
sfdc_customization: HOOK
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: gzip
via: 1.1 fb1853bb8175d79c872ba2b16171e374.cloudfront.net (CloudFront)
x-amz-cf-pop: ATL58-P9
x-yottaa-optimizations: ob/1000 si/33D18cae0ce1-1720102377-1611781406 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
age: 0
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 04 Jul 2024 14:55:32 GMT
allow: GET,HEAD,OPTIONS
vary: accept-encoding
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/products/300240?siteId=elf-us&locale=en-CA&currency=CAD&expand=availability%2Cbundled_products%2Clinks%2Cpromotions%2Coptions%2Cimages%2Cprices%2Cvariations%2Cset_products%2Crecommendations&all_images=true&perPricebook=true
x-yottaa-metrics: 33218cae0c83/[274,273,-] 33D18cae0ce1/[-,275.651]
cf-ray: 89dff4f22ce107e0-IAD
x-dw-request-base-id: cD1fUOS3hmYBAAB_
x-amz-cf-id: 4P_a_iuAPsahdbT1vGDp_Me4R41QSZhmM_Gbh3wraERZ89TQnSZgRg==

GET
H2 200 PWA-UpdateSession Show response
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/ 56 B
1 KB 333ms
332ms XHR
application/json 140.174.12.225
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 140.174.12.225 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce

Request headers

c_x-pwa-request: true
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:32 GMT
content-encoding: gzip
via: 1.1 86150a7b1da76d1a806dc0cdda8debc4.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: ATL58-P9
age: 0
x-yottaa-optimizations: ob/1000 si/33D18cae0ce1-1720102377-1611781407 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
pragma: no-cache
content-type: application/json
cache-control: no-cache, no-store, must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
x-yottaa-metrics: 33218cae0c84/[200,198,-] 33D18cae0ce1/[-,200.804]
cf-ray: 89dff4f22cbf5a52-IAD
x-dw-request-base-id: fJQti-S3hmYBAAB_
x-amz-cf-id: BUMzvFOqxBU6BcHrc_wU8vwe-sNBg1WP5Qjgwrc1bJrmfr2YjAAc6g==
expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H2 200 uia Show response
async-px.dynamicyield.com/ 0
382 B 468ms
148ms XHR
text/plain 18.165.83.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/uia?cnst=1&_=1720104932190
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.38.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.165.83.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-83-78.iad55.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:32 GMT
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD55-P3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: mnirdvupcjcvSvvi607K3yN1hzimEIFGXeJKK0vktwQSJrD5901Z0A==
expires: 0

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/018ebeca-ecda-7202-9bf3-a2ff4acebe55/ 158 KB
34 KB 131ms
131ms Fetch
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/018ebeca-ecda-7202-9bf3-a2ff4acebe55/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

009342098f06d5ae7b2186f1076fab177d05b5a481ffe1190535fe501c1cae68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jul 2024 14:55:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 12094
content-md5: 5rS6k6LfUu8toMASIT8lMw==
content-length: 34672
x-ms-lease-status: unlocked
last-modified: Mon, 08 Apr 2024 18:41:17 GMT
server: cloudflare
etag: 0x8DC57FB7A1265A4
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: abd0a229-b01e-0083-53e4-8927e1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89dff4f27903a234-YYZ
expires: Fri, 05 Jul 2024 14:55:32 GMT

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 378ms
113ms Fetch 18.165.83.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=551005&uid=-301740932795549725&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=3814929b9f78e30ab9f367f761f594c8&expSes=42899&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-1735765575809118424&cgtgDecisionId=-1735765576982111112&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1720104931245&rri=1298711
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.38.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.165.83.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-83-78.iad55.r.cloudfront.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:32 GMT
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD55-P3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: f3j0rl3IjH7nH4-7uZZ0ZPoOhy1ZUoePJXa3CsNEPRAQo8x3AApB_A==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 376ms
112ms Fetch 18.165.83.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=982650&uid=-301740932795549725&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=3814929b9f78e30ab9f367f761f594c8&expSes=42899&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-1735765576452291464&cgtgDecisionId=-1735765577906715609&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1720104931246&rri=5726754
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.38.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.165.83.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-83-78.iad55.r.cloudfront.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:32 GMT
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD55-P3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: _xXXv4_boOpKsk3dLjUW3SsmJ-f_3OkWFNoCMWAcFHqUI9EiubvgRw==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 378ms
114ms Fetch 18.165.83.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=510894&uid=-301740932795549725&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=3814929b9f78e30ab9f367f761f594c8&expSes=42899&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-1735765576545969636&cgtgDecisionId=-1735765575747513675&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1720104931247&rri=8832424
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.38.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.165.83.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-83-78.iad55.r.cloudfront.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:32 GMT
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD55-P3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: wiIk2d8_fa5XTJfZ7yREIbuw9-vX_fStr9u9xUYbCKnF9vCpEoBssg==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 377ms
113ms Fetch 18.165.83.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=658428&uid=-301740932795549725&sec=8772046&t=ri&e=1575901&p=1&ve=12991774&va=%5B28207095%5D&ses=3814929b9f78e30ab9f367f761f594c8&expSes=42899&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-1735765575213117800&cgtgDecisionId=-1735765578063968708&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1720104931248&rri=6676728
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.38.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.165.83.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-83-78.iad55.r.cloudfront.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:32 GMT
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD55-P3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: y38c1A33bC_pZ-8arzXq9PLtvSfvGNN97fzvpy2oGWzG0s8uqm1Pvw==
expires: 0

POST
H2 200 batch
async-px.dynamicyield.com/ 0
385 B 481ms
186ms Ping
text/plain 18.165.83.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/batch?cnst=1&_=1720104932289_27574
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.38.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.165.83.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-83-78.iad55.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:33 GMT
via: 1.1 65cdd88e2e6e21b095c2caf59292000c.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD55-P3
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: 98Xbsvl9gkjzQEvWZu4g8PFbmFs9dDPgZVIY8BZbiYmB8Wtq9VtpcQ==
expires: 0

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 13 KB
3 KB 121ms
120ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jul 2024 14:55:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 5mNZducabMgxSDzBo+ZI8w==
age: 66139
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3017
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:30 GMT
server: cloudflare
etag: 0x8DB82A159AF8EA6
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 0c718e4e-201e-0081-6f27-129959000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89dff4f3ba05a234-YYZ

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/ 61 KB
13 KB 113ms
112ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jul 2024 14:55:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: sXFDxCJwbPEMIT/8f5Prwg==
age: 75092
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12544
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:33 GMT
server: cloudflare
etag: 0x8DB82A15AFF8646
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 99943331-001e-00a9-52a5-21f8f1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89dff4f3ba07a234-YYZ

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 5 KB
2 KB 122ms
122ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jul 2024 14:55:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: v0pzgeeelPwcAOki15i3HA==
age: 75092
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1766
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:32 GMT
server: cloudflare
etag: 0x8DB82A15AB9FB83
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: cd67b2fb-901e-0094-1c03-248eea000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89dff4f3ba09a234-YYZ

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 21 KB
4 KB 123ms
123ms Fetch
text/css 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jul 2024 14:55:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: oWkBTLgDDXvrUsd93y/Zxg==
age: 70030
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:41 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: b54dfe3f-901e-004f-6264-2348d7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89dff4f3ba0ba234-YYZ

PATCH
H2 200 e0ed062a03e71da2777f3db439 Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/ 3 KB
2 KB 244ms
244ms XHR
application/json 140.174.12.225
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/e0ed062a03e71da2777f3db439

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.12.225 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

c8ce8e7f48ba031fd5432cadf59198b1ebaa88f4fbb033ccb633ce94f6a175ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwODJiMWNmZC03ZDA5LTQwZDctYjc2OC03OTUzZjQyOGIyMjUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjc5NDdjOTYzLWU0M2YtNGI3Yi1hMmZlLWRkYjU3MTQwYTg5NiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjAxMDQ5MDEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibFhJWWwwazNsSGtSeHJvWHhHWVl3SEJHOjpjaGlkOiAiLCJleHAiOjE3MjAxMDY3MzEsImlhdCI6MTcyMDEwNDkzMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNDg5ODUxMTQzNDIyOTMwOCJ9.9A0_zNjzVDae1nMQXEKRNBG4OfCei7IgtMcWRIptOxeuRGb2aHSdFUNdYVc9hgaINfKJFCD4-PnYTdsvq5uKHQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform: "Win32"

Response headers

x-yottaa-profileid: 5a0c9b7632f01c35d4210220
date: Thu, 04 Jul 2024 14:55:32 GMT
sfdc_customization: HOOK
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 fb1853bb8175d79c872ba2b16171e374.cloudfront.net (CloudFront)
x-amz-cf-pop: ATL58-P9
age: 0
x-yottaa-optimizations: ob/1000 si/33D18cae0ce1-1720102377-1611781408 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding: gzip
x-dw-version-status: obsolete
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 997
etag: 79bad07641194ada09b87f9ff985e3067ca5eb29ba8ce58a5713b919a34f08bd
allow: DELETE,GET,HEAD,OPTIONS,PATCH
content-type: application/json;charset=UTF-8
x-dw-resource-state: 79bad07641194ada09b87f9ff985e3067ca5eb29ba8ce58a5713b919a34f08bd
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-os: 200
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets/e0ed062a03e71da2777f3db439
accept-ranges: bytes
cf-ray: 89dff4f44ae5c574-IAD
x-dw-request-base-id: fJQ_i-S3hmYBAAB_
x-amz-cf-id: i74ekcIObsSfAS5lPGqugQusjdHlBlUIHa0Pfh9ayiCtyc1grsX5dQ==
x-yottaa-metrics: 33218cae0c85/[104,103,-] 33D18cae0ce1/[-,105.548]

GET
H2 200 promotions Show response
www.elfcosmetics.com/mobify/proxy/api/pricing/shopper-promotions/v1/organizations/f_ecom_bbxc_prd/ 1 KB
1 KB 393ms
392ms Fetch
application/json 140.174.12.225
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/pricing/shopper-promotions/v1/organizations/f_ecom_bbxc_prd/promotions?siteId=elf-us&ids=chooseyourgwp-CA-2%2C2024-04-fs-%2450-Canada&locale=en-CA

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

140.174.12.225 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

de4c69e340960eb3472db636f541e7f04b6482965dda55ac281535efe8e03ea7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwODJiMWNmZC03ZDA5LTQwZDctYjc2OC03OTUzZjQyOGIyMjUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjc5NDdjOTYzLWU0M2YtNGI3Yi1hMmZlLWRkYjU3MTQwYTg5NiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjAxMDQ5MDEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibFhJWWwwazNsSGtSeHJvWHhHWVl3SEJHOjpjaGlkOiAiLCJleHAiOjE3MjAxMDY3MzEsImlhdCI6MTcyMDEwNDkzMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNDg5ODUxMTQzNDIyOTMwOCJ9.9A0_zNjzVDae1nMQXEKRNBG4OfCei7IgtMcWRIptOxeuRGb2aHSdFUNdYVc9hgaINfKJFCD4-PnYTdsvq5uKHQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
c_x-pwa-request: true
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:32 GMT
content-encoding: gzip
dnt: 0
cf-cache-status: DYNAMIC
x-correlation-id: 89dff4f48a96c5ab
x-content-type-options: nosniff
via: 1.1 12226b9ff01df10d4b735797b17a2a72.cloudfront.net (CloudFront)
x-amz-cf-pop: ATL58-P9
x-yottaa-optimizations: ob/1000 si/33D18cae0ce1-1720102377-1611781409 tts/1719340523228 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
age: 0
alt-svc: h3=":443"; ma=86400
allow: GET,HEAD,OPTIONS
vary: accept-encoding
content-type: application/json;charset=UTF-8
x-ratelimit-remaining: 999
sfdc_load: 1
cache-control: private,max-age=23
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/pricing/shopper-promotions/v1/organizations/f_ecom_bbxc_prd/promotions?siteId=elf-us&ids=chooseyourgwp-CA-2%2C2024-04-fs-%2450-Canada&locale=en-CA
x-ratelimit-limit: 99999
accept-ranges: bytes
cf-ray: 89dff4f48a96c5ab-IAD
x-amz-cf-id: EGwbdyx1mU7hgFma19tnIfNtd8wUtWdyMXo1zZazjlWwRyKBW-YQ1w==
x-yottaa-metrics: 33218cae0c86/[257,255,-] 33D18cae0ce1/[-,257.775]

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
624 B 103ms
103ms Image
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jul 2024 14:55:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 75728
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jul 2024 02:35:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 1410e3f2-a01e-0045-70f8-cc4e1b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89dff4f4d8efaadc-YYZ

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
514 B 104ms
103ms Fetch
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jul 2024 14:55:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 3217
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jul 2024 16:07:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 12c61579-b01e-0073-551a-cee349000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89dff4f4fae4a234-YYZ

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 148ms
148ms Image
image/png 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jul 2024 14:55:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 100
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jul 2024 16:07:24 GMT
server: cloudflare
etag: 0x8DC9B7A3A3C19A0
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 38c16a5e-f01e-005d-29b2-cd638e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89dff4f5ea00aadc-YYZ

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 147ms
147ms Image
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 04 Jul 2024 14:55:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 86082
x-ms-lease-status: unlocked
last-modified: Mon, 01 Jul 2024 16:42:00 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: e76637f2-501e-00d8-42e9-cb345b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89dff4f5ea01aadc-YYZ

GET
H2 200 cnxtag-min.js Show response
js.cnnx.link/roi/ 2 KB
1 KB 603ms
142ms Script
text/javascript 2600:9000:2479:f000:11:85b0:d600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2479:f000:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f7e9c4d6427d6379534a8324d46af322f1a7b3aebe482a1e5bdaf2e069714568

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:47:45 GMT
via: 1.1 google, 1.1 44b13d2e12ad74e58c5a56d9c368da6c.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: IAD61-P3
age: 467
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
cache-control: max-age=600
x-amz-cf-id: f1hyFtwsO66W1G0ZbyISiULfhr_YP_I3_030KnoxEThQ5WksXlOTzw==

GET
H2

200

pixel.gif
cdn.blisspointmedia.com/assets/img/
Redirect Chain

https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=d5118d3c-9316-4191-bfb1-3a53012b343c&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=un...
https://cdn.blisspointmedia.com/assets/img/pixel.gif

807 B
1 KB

523ms
171ms

Image
image/gif

13.249.39.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.blisspointmedia.com/assets/img/pixel.gif
Protocol: H2
Server: 13.249.39.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-39-52.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: null
date: Thu, 04 Jul 2024 06:17:05 GMT
via: 1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
last-modified: Mon, 08 Apr 2019 16:24:44 GMT
server: AmazonS3
x-amz-cf-pop: IAD89-C1
age: 31129
etag: "18b3e43abad26bdac6f4cea944777b62"
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 807
x-amz-cf-id: w5o-9HZiAJldM2Rl2YF3gDbcN4rncCOCB006FNlmrGAMVP-y6viLWQ==

Redirect headers

date: Thu, 04 Jul 2024 14:55:33 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amzn-requestid: c0d59729-8f0d-499b-94ba-6dd0236140d4
x-amzn-trace-id: Root=1-6686b7e5-3e300c9127a0cbb1780dcc7a;Parent=0bb841c1cc5dab2c;Sampled=0;lineage=07bbc27a:0
content-type: application/json
location: https://cdn.blisspointmedia.com/assets/img/pixel.gif
access-control-allow-origin: *
x-amz-apigw-id: aZGr7GE0oAMEKTA=
content-length: 2

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2

43 B
1 KB

178ms
178ms

Image
image/gif

68.67.160.26
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2

Protocol

Server

68.67.160.26 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:33 GMT
an-x-request-uuid: 939fdec9-850c-411b-88a0-fd09358de677
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 166.0.205.98; 166.0.205.98; 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:33 GMT
an-x-request-uuid: a05eba25-b984-4a24-80a3-377cf8260137
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
cache-control: no-store, no-cache, private
x-proxy-origin: 166.0.205.98; 166.0.205.98; 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=57e233ba-1074-4376-84b0-175016266ad5
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3D57e233ba-1074-4376-84b0-175016266ad5
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=7849415851456316905&ttd_tdid=57e233ba-1074-4376-84b0-175016266ad5
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=57e233ba-1074-4376-84b0-175016266ad5&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=NTdlMjMzYmEtMTA3NC00Mzc2LTg0YjAtMTc1MDE2MjY2YWQ1&gdpr=0&gdpr_consent=&ttd_tdid=57e233ba-1074-4376-84b0-17501...
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=57e233ba-1074-4376-84b0-175016266ad5&google_gid=CAESENw7NI_91e73DbVMmEslCgE&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=57e233ba-1074-4376-84b0-175016266ad5&expiration=1722696935&gdpr=0&gdpr_consent=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=57e233ba-1074-4376-84b0-175016266ad5&expiration=1722696935&gdpr=0&gdpr_consent=&C=1

43 B
734 B

120ms
120ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=57e233ba-1074-4376-84b0-175016266ad5&expiration=1722696935&gdpr=0&gdpr_consent=&C=1
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:35 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wdzWGG1aSLTDED97j762kcHTm0W0ca5TvEJ1jce7DP9H%2FuQpSNJPXIxQOyf0Drp6ndFo3CmJGYyMY%2F4wr%2Bhhnjr8RYyCcrYdkOH6TKntVQzTrigpdzQJpLAAnSmtUwsU2%2FssPLFbaYqzHw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 89dff508be03abf7-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:35 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y%2Fhh5OtF8s%2Bww8YS7KtPDYlYevoKBap2pu6dssIhLdguOE56cLU1VmaHvTGHZq2tVBA8wbSXiUiXOh04IGrKyRqF8jdgsH7xlNWoQj0y8si9PusHz214yHqc1Mi1J9tSdBErwP4aG9txmA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=39&external_user_id=57e233ba-1074-4376-84b0-175016266ad5&expiration=1722696935&gdpr=0&gdpr_consent=&C=1
cache-control: no-cache
cf-ray: 89dff5080d3aabf7-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 200 favicon.ico
www.elfcosmetics.com/ 34 KB
34 KB 147ms
147ms Other
image/x-icon 140.174.12.225
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 140.174.12.225 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:33 GMT
via: 1.1 86150a7b1da76d1a806dc0cdda8debc4.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 34494
x-amz-cf-pop: ATL58-P9
age: 149, 149
x-amzn-remapped-connection: close
x-amzn-requestid: a20befd2-e57b-4cb5-a8cf-dedcaeb80bd0
x-yottaa-optimizations: ob/100 si/33D18cae0ce1-1720102377-1611781410 tts/1719340523228 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront
x-amz-apigw-id: aPGxoGuiiYcEemA=
content-length: 34494
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jul 2024 14:05:28 GMT
x-amzn-trace-id: Root=1-6682b80a-535b1d3c61e69b7542e9d31d;Parent=3a0b7e4006106051;Sampled=0;lineage=2b75b0e9:0
etag: W/"86be-1906e9d6840"
vary: Accept-Encoding
content-type: image/x-icon
cache-control: max-age=600, s-maxage=600
x-yottaa-metrics: 33218cae0c87/[3,-,1720104537643] 33D18cae0ce1/[-,4.906]
accept-ranges: bytes
x-amzn-remapped-date: Mon, 01 Jul 2024 14:07:06 GMT
x-amz-cf-id: NpxqqQE8zQQJu0dW3vNP1KrsgXM8x_2fBplIKvljTPf7jWdw-AIoXw==

POST
H2 200 event
qoe-1.yottaa.net/log-nt/ 3 B
192 B 481ms
159ms Ping
text/json 204.2.131.138
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://qoe-1.yottaa.net/log-nt/event
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.2.131.138 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 04 Jul 2024 14:55:38 GMT
access-control-expose-headers: X-Results-Data-Source
access-control-allow-credentials: true
cache-control: no-cache
timing-allow-origin: *
content-type: text/json

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/5352eb4f/www-widgetapi.vflset/ 31 KB
10 KB 134ms
132ms Script
text/javascript 2607:f8b0:4004:c08::be
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/5352eb4f/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::be Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7a4d3c6bbb813b80afb47a45e75320ff14b02e65ad1ca740d62bcbfb646f2ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:54:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10362
x-xss-protection: 0
last-modified: Tue, 02 Jul 2024 04:25:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 04 Jul 2025 14:54:14 GMT

GET
H2 200 110221.ct.js Show response
tag.rmp.rakuten.com/ 47 KB
15 KB 419ms
102ms Script
text/javascript 34.102.147.248
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.rmp.rakuten.com/110221.ct.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

248.147.102.34.bc.googleusercontent.com

Software

Resource Hash

0b2f3284731451436ae24019f5bced6829fc4f1c005ba21e4694a6dbc6e98f8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:33 GMT
content-encoding: gzip
via: 1.1 google
strict-transport-security: max-age=31536000
last-modified: Thu, 04 Jul 2024 14:55:33 GMT
x-cache: hit
x-samesite: secure
content-type: text/javascript
cache-control: max-age=86400
x-dyn: 0
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 js Show response
www.paypal.com/sdk/ 424 KB
119 KB 395ms
82ms Script
application/javascript 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3cc45dd8d967dbc18fd1f2f7c87b8f693de5c1aeb0bddda66ca1c221d05a24eb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-yJyjZN0EBhyHDWr80gNNgzSi+dYim1iQIjFU9IexJETbtpp5' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-yJyjZN0EBhyHDWr80gNNgzSi+dYim1iQIjFU9IexJETbtpp5' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-yJyjZN0EBhyHDWr80gNNgzSi+dYim1iQIjFU9IexJETbtpp5' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-yJyjZN0EBhyHDWr80gNNgzSi+dYim1iQIjFU9IexJETbtpp5' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
disable-set-cookie: true
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Thu, 04 Jul 2024 14:55:33 GMT
age: 2097
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, HIT, MISS
p3p: true
paypal-debug-id: f885809289ae8
server-timing: "traceparent;desc="00-0000000000000000000f885809289ae8-6234116717f1bf7a-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 119474
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200163-BUR, cache-yyz4577-YYZ, cache-yyz4577-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f885809289ae8-799e7bf39bcf5a2b-01
x-timer: S1720104934.595557,VS0,VE4
etag: W/"1d2b2-+xWZRDiWSjNy7DUX7ACIcSQzSoo"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 0, 2, 0

GET
H/1.1 200
OK main.js Show response
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 146 KB
43 KB 787ms
159ms Script
application/javascript 23.9.177.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.9.177.190 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-9-177-190.deploy.static.akamaitechnologies.com

Software

nginx / Express

Resource Hash

7ed847ca93d491c3e5ddf82fffc2f7b1602422d2826657e70585fc8eacbc490b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=15768000
Content-Encoding: gzip
Date: Thu, 04 Jul 2024 14:55:33 GMT
Server: nginx
X-Powered-By: Express
ETag: W/"7e5dee4f68a1a0ed3367e9ee8b1fc4801665ab14-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: must-revalidate, max-age=900
Connection: keep-alive
Content-Length: 43354
Expires: Thu, 04 Jul 2024 15:10:33 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 328 KB
107 KB 146ms
144ms Script
application/javascript 2607:f8b0:4004:c1f::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a396f6a0b9a01f096a49c3f06461a724e7a5ac86baf67ff8034435b4dd5dbe8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 109498
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 04 Jul 2024 14:55:33 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 993 B
591 B 142ms
141ms Script
text/javascript 2607:f8b0:4004:c08::be
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::be Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

96e567e55058088bf057ebeb964b202435a2c745a55f49df106fe22f2a9a8e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:33 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: text/javascript; charset=utf-8
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Thu, 04 Jul 2024 14:55:33 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 312 KB
103 KB 138ms
137ms Script
application/javascript 2607:f8b0:4004:c1f::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

27875e1026e8742710642e8ab8400f3ca7472d692fa6a89267fe3b271e26fa77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 105199
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 04 Jul 2024 14:55:33 GMT

GET
H2 200 1a8bfa042c9c5.js Show response
t.contentsquare.net/uxa/ 336 KB
80 KB 583ms
131ms Script
application/javascript 52.85.132.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.132.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-132-57.iad50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d841b6859d2469f63df65c0a91d70da822367d82810d4d08900d79b21bdddc19

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 07:44:13 GMT
content-encoding: br
via: 1.1 e88b34dd0e6a8e6f16f12ba472ae0c12.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD50-C2
age: 0
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 81626
last-modified: Thu, 04 Jul 2024 07:44:07 GMT
server: AmazonS3
etag: "833f870d397c05130b52ad5dd9f75837"
vary: Origin
content-type: application/javascript;charset=utf-8
cache-control: max-age=900
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: uPF8KDaDuRPh0Ez6KjPKA6phfSWRBaKLdm--fZDLn06zcQiQikmaoA==

GET
H2 200 script-tag.js Show response
cdn-scripts.signifyd.com/api/ 10 KB
4 KB 551ms
117ms Script
application/javascript 108.138.64.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.64.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-64-116.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:45:04 GMT
content-encoding: gzip
via: 1.1 61bbe72b71f7b857c695c31fdeb7b3a6.cloudfront.net (CloudFront)
last-modified: Tue, 23 Apr 2024 14:51:40 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P1
age: 631
x-amz-server-side-encryption: AES256
etag: W/"73ca6f23f3e08738233832c7a7a0c30c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1800
x-amz-cf-id: xWu42VFRhimU_5lIXd-BsaI0TBVU8qP5ZI1vCgriSmsg-sk4VPNF6A==

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 214 KB
77 KB 144ms
144ms Script
application/javascript 2607:f8b0:4004:c1f::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3f87cee5cca955a5e41d81e6aae9622460f0a2d15abba9c539608dfdbbcae968

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78588
x-xss-protection: 0
last-modified: Thu, 04 Jul 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 04 Jul 2024 14:55:34 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 214 KB
77 KB 173ms
171ms Script
application/javascript 2607:f8b0:4004:c1f::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2f0f86646f6932b0401f5ef63b102f3ec2d2afd6bfd969b35e1e5ee888e2fe40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78707
x-xss-protection: 0
last-modified: Thu, 04 Jul 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 04 Jul 2024 14:55:34 GMT

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 5 KB
2 KB 583ms
139ms Script
application/javascript 2a04:4e42:77::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:77::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 22a7c0f21be2b8240a32adb4e3b490724a69eee63bf02e47615f6d001c0f81f6

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:35 GMT
content-encoding: br
x-cdn: fastly
etag: "ecd8d25c94266835b528fc293ee30bdf"
x-amz-server-side-encryption: AES256
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=7200
alt-svc: h3=":443";ma=600
content-length: 1880

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 222 KB
59 KB 521ms
133ms Script
application/x-javascript 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

63bae03aa97278acb1d6f7863e593999bbdc5d280d2fa5a3050f234ce5eee850

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 04 Jul 2024 14:55:35 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58293
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=15, mss=1392, tbw=2791, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: IdUak+261/w81Yjk0cgcYSHIgJ5Q1cskjxzDjex29P7h4xwDtqXRzWcT1tsQgo4d9g7nVhbal6EUwBTuGaEBaQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 42 KB
13 KB 522ms
97ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:35 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 20 Jun 2024 19:23:03 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "71b328aff914ada8b774bfa8fff542c4"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 12116

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 632ms
114ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 04 Jul 2024 14:55:34 GMT
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7CFC8434DAB242B09494DC8B430F9ED5 Ref B: YTO01EDGE0509 Ref C: 2024-07-04T14:55:35Z
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13261

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 7 KB
3 KB 475ms
135ms Script
application/javascript 23.205.107.69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=BRR4GA0I9JJBU29G8GF0&lib=ttq
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.107.69 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-107-69.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 0dd07e7b3a4c3482fab0b0b2f4921f8aace69eddfed4acbb715c30fb4f4affed

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 13ed8a3f
date: Thu, 04 Jul 2024 14:55:35 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2407041455351F92255290F6626DBCE2-46030AEE94DA4943-00
x-cache: TCP_MISS from a23-218-223-69.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=1, origin; dur=7
content-length: 2207
pragma: no-cache
server: nginx
x-tt-logid: 202407041455351F92255290F6626DBCE2
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 8,23.218.223.69
x-tt-trace-host: 014afc2c0b7558afd48c25ade542f5aa37c5d733e393dba72ca0bbdcfc34fdbc3fce91bf3b78eb682e11011bcdb728eabeacc6e0120dad506913bb7c07ea52156dcc736dbaaefe4f75bc95b40fadef7b2fe51a779308e8212d063cf260907c2e28
expires: Thu, 04 Jul 2024 14:55:35 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 6 KB
3 KB 476ms
136ms Script
application/javascript 23.205.107.69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.107.69 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-107-69.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 39b1948b82779db9c9f7ada92f13003d69857de48b28f19e1dd1f691068f104d

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 13ed8a40
date: Thu, 04 Jul 2024 14:55:35 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2407041455359CFB6713C6C6EB6CEA22-304F1C726EAE535B-00
x-cache: TCP_MISS from a23-218-223-69.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=3, origin; dur=11
content-length: 2218
pragma: no-cache
server: nginx
x-tt-logid: 202407041455359CFB6713C6C6EB6CEA22
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 11,23.218.223.69
x-tt-trace-host: 014afc2c0b7558afd48c25ade542f5aa37c5d733e393dba72ca0bbdcfc34fdbc3f8793bc22edc9797b31cbcb33e45eca6c7fda57bd8ba96d5a4c1f9f1b201d441f78c7cd4d6082d8a197c07ec51d1e77fa80b9d5b353f496d7562e8e52cbf13e35
expires: Thu, 04 Jul 2024 14:55:35 GMT

GET
H2 200 widget.js Show response
js.jebbit.com/companion/v1/ 44 KB
45 KB 700ms
202ms Script
text/javascript 2600:9000:20e2:2e00:a:7914:b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.jebbit.com/companion/v1/widget.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e2:2e00:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cc9709489aeba0f23cc18fd3d1ff6f2087e1381ba6dbe92e98738228d520fd54

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 22:22:36 GMT
x-amz-version-id: j3bLD5VAFZVsHy8WM9iuVjqRLf9F9664
via: 1.1 f4cb5dc388dd91aa43ce5b333fc7c7c2.cloudfront.net (CloudFront)
last-modified: Thu, 02 May 2024 15:04:41 GMT
server: AmazonS3
x-amz-cf-pop: IAD79-C2
age: 59581
etag: "226557253164387c89ed4612b780f10f"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 45245
x-amz-cf-id: 34bNh4j8gD-94JS0DrGGm83fxzHYNK0SmhDs19Xj398Wd6qFyw2dGg==

GET
H2 200 i.js Show response
tag.wknd.ai/6664/ 17 KB
6 KB 438ms
85ms Script
text/plain 34.120.253.250
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.wknd.ai/6664/i.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 250.253.120.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: 71a0f56eb5356f7ff135469289c72eb46acba0e15eee58daaeb2941cd6a11de5

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:11 GMT
content-encoding: gzip
x-envoy-decorator-operation: tag-router.tag-router.svc.cluster.local:80/*
via: 1.1 google
age: 25
x-envoy-upstream-service-time: 0
x-region: us-central1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5688
server: istio-envoy
etag: 434645e6cb25e8
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=60
timing-allow-origin: *
link: <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect

POST
H2 204 collect
analytics.google.com/g/ 0
0 678ms
231ms Fetch
text/plain 2607:f8b0:4004:c1d::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je4730v879088318z8896608294za200zb896608294&_gaz=1&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&tag_exp=0&cid=1436324511.1720104934&ul=en-ca&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&dt=&sid=1720104933&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&en=page_view&_fv=1&_nsi=1&_ss=2&ep.page_type=content&ep.page_environment=production&ep.page_country=CA&ep.page_language=EN&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=CA&up.user_loyalty_status=false&tfd=13192&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c1d::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:34 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
258 B 656ms
171ms Ping
text/plain 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=1436324511.1720104934&gtm=45je4730v879088318z8896608294za200zb896608294&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:38 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 504ms
173ms Image
image/gif 2607:f8b0:4004:c19::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZLYXLXNDL8&cid=1436324511.1720104934&gtm=45je4730v879088318z8896608294za200zb896608294&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5&npa=1&frm=0&z=682318302

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c19::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 local
www.paypal.com/credit-presentment/experiments/ Frame AD49 0
0 492ms
105ms Document
text/html 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.64.8&integrationType=SDK

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (chf/16CA) /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com https:; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-expose-headers: Server-Timing
age: 64367
cache-control: s-maxage=86400, max-age=0
content-encoding: gzip
content-length: 1524
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type: text/html; charset=utf-8
date: Thu, 04 Jul 2024 14:55:34 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"1479-XwICdKYQJ0Fdp7Mer4dmLoo2cX0"
last-modified: Wed, 03 Jul 2024 21:02:47 GMT
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 0b965baa241b4
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (chf/16CA)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000000b965baa241b4-3967de06a26cb114-01
vary: Accept-Encoding
x-cache: HIT
x-xss-protection: 1; mode=block

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 14 KB
6 KB 90ms
88ms Script
application/x-javascript 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.448&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

884df8688e9d6c00669dbeccb332ad72dd4daa12abbdccc5a77fd21cfbcc5f42

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-GsjZAy4PNaizeq0Q1o7IlqPct1sVfv/TU8naPuVpvgcL2CLg' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-GsjZAy4PNaizeq0Q1o7IlqPct1sVfv/TU8naPuVpvgcL2CLg' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 04 Jul 2024 14:55:36 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 97033
x-cache: HIT, HIT, MISS
paypal-debug-id: f534182462b56
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 4796
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200161-BUR, cache-yyz4577-YYZ, cache-yyz4577-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f534182462b56-525ae0a82f1b84b4-01
x-timer: S1720104936.141848,VS0,VE7
etag: W/"3690-aeDIAxyX69x11N5AsEnzjsH6mFM"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=3600
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 489, 35, 0

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 1014 B
924 B 224ms
224ms XHR
application/json 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2f889778a51af70c7303f176fe9adffaa473ca10fbeeeb80f81e7af304a6fdc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
accept: application/json
Referer: https://www.elfcosmetics.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:34 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cache: MISS, MISS, MISS
paypal-debug-id: f21946973c506
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-bur-kbur8200068-BUR, cache-yyz4573-YYZ, cache-yyz4573-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f21946973c506-db738ad143f3b0b2-01
x-timer: S1720104934.433082,VS0,VE140
etag: W/"3f6-bnMqdufNucG/aU7fuZMaAA1Vs84"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: none
x-cache-hits: 0, 0, 0

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 505ms
222ms Preflight 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 0
date: Thu, 04 Jul 2024 14:55:34 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f219469c9f30d
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f219469c9f30d-458d66d21d6f63fd-01
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-content-type-options: nosniff
x-served-by: cache-bur-kbur8200122-BUR, cache-yyz4573-YYZ, cache-yyz4573-YYZ
x-timer: S1720104934.211604,VS0,VE119

GET
H2 200 collect Show response
sgtm.elfcosmetics.com/g/ 65 B
385 B 611ms
310ms XHR
text/plain 34.49.124.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4730v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&tag_exp=0&cid=1436324511.1720104934&ecid=2012313899&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=1403218045.1720104930&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=1&dt=&sid=1720104933&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&en=pageview&_fv=1&_ss=1&ep.page_type=content&ep.page_environment=production&ep.page_language=EN&ep.vendor_id=pinterest&ep.email=&ep.event_id=1720105161115_17201056524368&ep.external_id=&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=CA&up.user_loyalty_status=false&tfd=13470&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.124.49.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:34 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
server: Google Frontend
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering: no

GET
H2 200 collect Show response
sgtm.elfcosmetics.com/g/ 533 B
1 KB 504ms
211ms XHR
text/plain 34.49.124.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4730v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&tag_exp=0&cid=1436324511.1720104934&ecid=2012313899&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=1403218045.1720104930&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=2&dt=&sid=1720104933&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&en=page_view&ep.page_type=content&ep.page_environment=production&ep.page_language=EN&ep.page_country=CA&_et=4&tfd=13479&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.124.49.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

b43aa451108e8579a5111519d0eaf711f17b6cf5a90fa56a8853618fa838112e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:34 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
server: Google Frontend
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering: no

GET
H2 200 collect Show response
sgtm.elfcosmetics.com/g/ 65 B
400 B 592ms
306ms XHR
text/plain 34.49.124.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4730v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&tag_exp=0&cid=1436324511.1720104934&ecid=2012313899&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=1403218045.1720104930&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=3&dt=&sid=1720104933&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&en=page_view&ep.page_type=content&ep.page_environment=production&ep.page_language=EN&ep.vendor_id=facebook&ep.event_id=1720105161115_172010565243621&ep.email=&ep.phone=&_et=3&tfd=13487&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.124.49.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:34 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
server: Google Frontend
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering: no

GET
H2 200 jsp Show response
ut.rd.linksynergy.com/ 148 B
406 B 491ms
151ms Script
text/plain 34.98.67.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.67.98.34.bc.googleusercontent.com

Software

Resource Hash

52ee1e0452e2f62348b4688b319e5b70ac5358f06433ddba0c44ca290e37458d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: text/plain; charset=utf-8
date: Thu, 04 Jul 2024 14:55:36 GMT
via: 1.1 google
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 148
x-samesite: secure

GET
H2 204 pageview
c.contentsquare.net/ 0
321 B 577ms
161ms Image
text/plain 34.198.143.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/pageview?ex=&dt=1136&pvt=n&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6759&ww=1600&wh=1200&sw=1600&sh=1200&uu=fe4a2431-3183-ad49-ef50-88dcfe56386b&sn=1&hd=1720104934&v=14.19.1&pid=1926&pn=1&r=640271
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.198.143.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-198-143-176.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:36 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
BLOB 200
OK a694e9da-5922-42de-9921-eb19d0ace43b
https://www.elfcosmetics.com/ 7 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.elfcosmetics.com/a694e9da-5922-42de-9921-eb19d0ace43b
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3dae94126362e2c8b80dfbc73f6b32f15be7805cbdf6739a72cab5ca534c15e0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 7329
Content-Type: application/javascript

GET
H2 200 company_toolkit.js Show response
cdn-scripts.signifyd.com/api/ 4 KB
2 KB 95ms
95ms Script
application/javascript 108.138.64.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.64.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-64-116.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:33:04 GMT
content-encoding: gzip
via: 1.1 61bbe72b71f7b857c695c31fdeb7b3a6.cloudfront.net (CloudFront)
last-modified: Tue, 30 May 2023 10:18:44 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P1
age: 1353
x-amz-server-side-encryption: AES256
etag: W/"2c3950f122b3977df61b0e077aaa92c8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1800
x-amz-cf-id: Q7CaIzPqA-K50HekcSzAhxZR-nZFEy10MtWY3sLkaIF8UCis1KHJFQ==

GET
H2 204 collect
analytics.google.com/g/s/ 0
47 B 130ms
128ms Image
text/plain 2607:f8b0:4004:c1d::8a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analytics.google.com/g/s/collect?dma=0&gtm=45j91e4730h2v9125640115z8896608294z99175401888za200zb896608294&_gsid=5D80LRC85NRfU4VasYCoRVB0KLM9ZYlw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c1d::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 396ms
395ms Image
image/gif 2607:f8b0:4004:c19::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&tid=G-5D80LRC85N&cid=uZYWKy%2B8YADEZKmHXM4fgwnu4F44V70xUf4xBpmzTa0%3D.1720104934&gtm=45j91e4730h2v9125640115z8896608294z99175401888za200zb896608294&aip=1&z=45139818

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c19::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
sgtm.elfcosmetics.com/g/ 981 B
1 KB 190ms
187ms XHR
text/plain 34.49.124.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.124.49.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

94ccc14d90a9eaa87f6027c137632595bdb5a3cf6125358a85b9fbe1f6521c79

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 04 Jul 2024 14:55:34 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
server: Google Frontend
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering: no

GET
H2 204 dvar
c.contentsquare.net/ 0
320 B 178ms
162ms Image
text/plain 34.198.143.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/dvar?v=14.19.1&pid=1926&pn=1&sn=1&uu=fe4a2431-3183-ad49-ef50-88dcfe56386b&dv=H4sIAAAAAAAAA6tWcnSKd4mMd8%2FJT0rMUXDOzyspys9RCEktLlGyUnKpzEvMzUxWiMxMzUlRcK0oSC3KTM1LTi1W0oHqQ4gpGAI1hCUWZSaWZObnAXkwJT755QqeeSWpeSATA%2FILSnOAikoqlWoB8S1cunwAAAA%3D&ct=2&r=465897
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.198.143.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-198-143-176.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:36 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H3

200

/
www.google.ca/pagead/1p-conversion/698270988/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/698270988/?random=1671494939&fst=1720104934713&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4730h2v9125640...
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=252828290&fst=1720104934713&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4...
https://www.google.com/pagead/1p-conversion/698270988/?random=252828290&fst=1720104934713&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4730h2v9125640115z8896...
https://www.google.ca/pagead/1p-conversion/698270988/?random=252828290&fst=1720104934713&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4730h2v9125640115z88966...

42 B
64 B

139ms
138ms

Image
image/gif

2607:f8b0:4004:c19::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-conversion/698270988/?random=252828290&fst=1720104934713&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4730h2v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&data=event%3Dpageview%3Bpage_type%3Dcontent%3Bpage_environment%3Dproduction%3Bpage_language%3DEN%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1284689265.1720104930&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECSixub3QtbmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI6Y_3ndKNhwMVJ2lHAR0W4gXfMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQDaQooLOysde8UbRMJrz4PocanyEayfmFfpuLLE9X1ciYjBPoJPCX3x&eitems=ChAI8JCZtAYQ18Kno9mBmY9aEh0A3F09_HbMBP9WYcr6QCOORW3mYy8BsC64CyTicQ&random=1762932364&ipr=y

Protocol

Server

2607:f8b0:4004:c19::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:37 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:37 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.ca/pagead/1p-conversion/698270988/?random=252828290&fst=1720104934713&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4730h2v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&data=event%3Dpageview%3Bpage_type%3Dcontent%3Bpage_environment%3Dproduction%3Bpage_language%3DEN%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1284689265.1720104930&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=166.0.205.0&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECSixub3QtbmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI6Y_3ndKNhwMVJ2lHAR0W4gXfMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQDaQooLOysde8UbRMJrz4PocanyEayfmFfpuLLE9X1ciYjBPoJPCX3x&eitems=ChAI8JCZtAYQ18Kno9mBmY9aEh0A3F09_HbMBP9WYcr6QCOORW3mYy8BsC64CyTicQ&random=1762932364&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=9435449244224;npa=1;auiddc=1284689265.1720104930;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps...
ad.doubleclick.net/ 0
22 B 434ms
175ms Image
image/png 172.253.115.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=9435449244224;npa=1;auiddc=1284689265.1720104930;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1750319717;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f149.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:37 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"15233294074325805341"}],"aggregatable_trigger_data":[{"filters":[{"14":["8259474"]}],"key_piece":"0x963c524358d5ffd4","source_keys":["12","13","14","15","16","17","18","19","20","21","628473576","628473577","628473578","628473579","628613572","628613573","628613574","628613575","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","628827972","628827973","628827974","628827975","634786564","634786565","634786566","634786567"]},{"key_piece":"0x2fb5a5a11990094c","not_filters":{"14":["8259474"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","628473576","628473577","628473578","628473579","628613572","628613573","628613574","628613575","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","628827972","628827973","628827974","628827975","634786564","634786565","634786566","634786567"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"628473576":32,"628473577":32,"628473578":32,"628473579":3177,"628613572":32,"628613573":32,"628613574":32,"628613575":3177,"628795380":32,"628795381":32,"628795382":32,"628795383":3177,"628812176":32,"628812177":32,"628812178":32,"628812179":3177,"628827972":32,"628827973":32,"628827974":32,"628827975":3177,"634786564":32,"634786565":32,"634786566":32,"634786567":3177},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"9719256499510268742","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"15233294074325805341","filters":[{"14":["8259474"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"15233294074325805341","filters":[{"14":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"15233294074325805341","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"15233294074325805341","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["9231397"]}}
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

activityi;dc_pre=COntoJ3SjYcDFS7c_QUdpxAEBw;src=9231397;type=retarget;cat=globa0;ord=9435449244224;npa=1;auiddc=1284689265.1720104930;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefine...
9231397.fls.doubleclick.net/ Frame 5B05
Redirect Chain

https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=9435449244224;npa=1;auiddc=1284689265.1720104930;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefi...
https://9231397.fls.doubleclick.net/activityi;dc_pre=COntoJ3SjYcDFS7c_QUdpxAEBw;src=9231397;type=retarget;cat=globa0;ord=9435449244224;npa=1;auiddc=1284689265.1720104930;u6=%2Fen_CA%2Felf-cosmetic-...

0
0

204ms
201ms

Document
text/html

173.194.68.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9231397.fls.doubleclick.net/activityi;dc_pre=COntoJ3SjYcDFS7c_QUdpxAEBw;src=9231397;type=retarget;cat=globa0;ord=9435449244224;npa=1;auiddc=1284689265.1720104930;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1750319717;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.68.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qr-in-f148.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 506
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 04 Jul 2024 14:55:35 GMT
expires: Thu, 04 Jul 2024 14:55:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 04 Jul 2024 14:55:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9231397.fls.doubleclick.net/activityi;dc_pre=COntoJ3SjYcDFS7c_QUdpxAEBw;src=9231397;type=retarget;cat=globa0;ord=9435449244224;npa=1;auiddc=1284689265.1720104930;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1750319717;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 exist Show response
srm.ba.contentsquare.net/ 2 B
95 B 847ms
300ms Fetch
application/json 46.51.207.194
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://srm.ba.contentsquare.net/exist?v=14.19.1&pid=1926&pn=1&sn=1&uu=fe4a2431-3183-ad49-ef50-88dcfe56386b
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.51.207.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-51-207-194.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 04 Jul 2024 14:55:35 GMT
content-length: 2
content-type: application/json

GET
H3 200 activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=3746348894507;npa=1;auiddc=1284689265.1720104930;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1...
ad.doubleclick.net/ 0
22 B 348ms
174ms Image
image/png 172.253.115.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=3746348894507;npa=1;auiddc=1284689265.1720104930;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1361191857;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f149.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:37 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"16746632081649568448"}],"aggregatable_trigger_data":[{"filters":[{"14":["12119809"]}],"key_piece":"0xb352d3237cf68fdd","source_keys":["12","13","14","15","16","17","18","19","20","21","15690448","15690449","15690450","15690451","16253844","16253845","16253846","16253847","628477676","628477677","628477678","628477679","628504556","628504557","628504558","628504559","628627208","628627209","628627210","628627211","628651320","628651321","628651322","628651323","628652116","628652117","628652118","628652119","628801632","628801633","628801634","628801635","638131352","638131353","638131354","638131355"]},{"key_piece":"0x41837acf546c32bc","not_filters":{"14":["12119809"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","15690448","15690449","15690450","15690451","16253844","16253845","16253846","16253847","628477676","628477677","628477678","628477679","628504556","628504557","628504558","628504559","628627208","628627209","628627210","628627211","628651320","628651321","628651322","628651323","628652116","628652117","628652118","628652119","628801632","628801633","628801634","628801635","638131352","638131353","638131354","638131355"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"15690448":93,"15690449":93,"15690450":93,"15690451":9081,"16":65,"16253844":38,"16253845":38,"16253846":38,"16253847":3739,"17":65,"18":6356,"19":65,"20":65,"21":6356,"628477676":32,"628477677":32,"628477678":32,"628477679":3177,"628504556":32,"628504557":32,"628504558":32,"628504559":3177,"628627208":32,"628627209":32,"628627210":32,"628627211":3177,"628651320":65,"628651321":65,"628651322":65,"628651323":6356,"628652116":32,"628652117":32,"628652118":32,"628652119":3177,"628801632":65,"628801633":65,"628801634":65,"628801635":6356,"638131352":327,"638131353":327,"638131354":327,"638131355":31784},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"15554083163906323951","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"16746632081649568448","filters":[{"14":["12119809"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"16746632081649568448","filters":[{"14":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"16746632081649568448","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"16746632081649568448","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["10742279"]}}
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

activityi;dc_pre=CNWntp3SjYcDFUnh_QUdB2cBmw;src=10742279;type=elf8j0;cat=glo_flap;ord=3746348894507;npa=1;auiddc=1284689265.1720104930;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-c...
10742279.fls.doubleclick.net/ Frame 9A3D
Redirect Chain

https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=3746348894507;npa=1;auiddc=1284689265.1720104930;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmeti...
https://10742279.fls.doubleclick.net/activityi;dc_pre=CNWntp3SjYcDFUnh_QUdB2cBmw;src=10742279;type=elf8j0;cat=glo_flap;ord=3746348894507;npa=1;auiddc=1284689265.1720104930;u1=https%3A%2F%2Fwww.elfc...

0
0

169ms
168ms

Document
text/html

173.194.68.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10742279.fls.doubleclick.net/activityi;dc_pre=CNWntp3SjYcDFUnh_QUdB2cBmw;src=10742279;type=elf8j0;cat=glo_flap;ord=3746348894507;npa=1;auiddc=1284689265.1720104930;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1361191857;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.68.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qr-in-f148.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 440
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 04 Jul 2024 14:55:36 GMT
expires: Thu, 04 Jul 2024 14:55:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 04 Jul 2024 14:55:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10742279.fls.doubleclick.net/activityi;dc_pre=CNWntp3SjYcDFUnh_QUdB2cBmw;src=10742279;type=elf8j0;cat=glo_flap;ord=3746348894507;npa=1;auiddc=1284689265.1720104930;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1361191857;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 main.ea1c939c.js Show response
s.pinimg.com/ct/lib/ 80 KB
23 KB 118ms
117ms Script
application/javascript 2a04:4e42:77::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.ea1c939c.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:77::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d23d5715ffe428ffa9ce297fba04eb9ba463cbc6478269f0c53ceeeada3c95c6

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:36 GMT
content-encoding: br
x-cdn: fastly
etag: "2bb7f81e0335844a4b164b873a7f7a30"
x-amz-server-side-encryption: AES256
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=1209600
alt-svc: h3=":443";ma=600
content-length: 23139

GET
H2 200 1638306756445368 Show response
connect.facebook.net/signals/config/ 71 KB
15 KB 128ms
125ms Script
application/x-javascript 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1638306756445368?v=2.9.160&r=stable&domain=www.elfcosmetics.com&hme=733c3732ec767f7a62e7787aff967e6d19b1e13e533937876f2e15efe07bf678&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C175%2C171%2C172%2C174%2C28%2C94%2C50%2C73%2C173%2C155%2C158%2C168%2C169%2C176%2C122%2C39%2C33%2C134%2C14%2C48%2C181%2C180%2C124%2C17%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fbb7c8b0d0c8039153ec4ad8ba215093d355daeb1dc8fa8d5a996feed55bbfd6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 04 Jul 2024 14:55:36 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 14669
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=61, mss=1392, tbw=63815, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: IIpBaYAx8DmgNyzEg6F78dYci0Xyv6ypWpJ7cRwoNUcvyCWgjb/1ZHJRWsdNGzZiAE4SHu6jRq8ZgShbgRHRxg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/t2_16331p/ 3 B
125 B 469ms
155ms XHR
application/json 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/t2_16331p/config
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:35 GMT
content-encoding: gzip
via: 1.1 varnish
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
content-length: 27

GET
H2 200 t2_16331p_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 582ms
188ms XHR
application/json 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_16331p_telemetry
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:35 GMT
content-encoding: gzip
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server: snooserv
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
content-length: 97

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
638 B 458ms
163ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1720104935518&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=69d20838e30e2fb435534a7e6aa9fdc4fbb5d3eb1e621b6667315c25b33474f4&uuid=b58cd344-e279-4509-bc6b-4718b32b0b7b&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:37 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 204 5013978.js Show response
bat.bing.com/p/action/ 0
118 B 122ms
120ms Script
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5013978.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 04 Jul 2024 14:55:36 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 970F741F1BE245019F81D675219D08F2 Ref B: YTO01EDGE0509 Ref C: 2024-07-04T14:55:36Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
363 B 204ms
204ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=a7b6be84-91df-4143-bd73-986aeb4db5c9&sid=782a01d03a1511ef9935db8a75f1fac3&vid=782a21103a1511ef97a9ade464051829&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&p=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&r=&lt=12500&evt=pageLoad&sv=1&rn=190580

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 04 Jul 2024 14:55:36 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7BDF6CD6CDC94A13BC9114824E66B95A Ref B: YTO01EDGE0509 Ref C: 2024-07-04T14:55:37Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.MWU2NDEzYzJiMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ 339 KB
97 KB 171ms
170ms Script
application/javascript 23.205.107.69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMA.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.107.69 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-107-69.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 8878a6113d3767fcb0f7c88fdc432c839a4e4e6fe97dec5e24b0d5eb32addd88

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 13eda1e4
date: Thu, 04 Jul 2024 14:55:37 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024070211555478B4E71AA609CC7B84A4
x-tt-trace-id: 00-24070211555478B4E71AA609CC7B84A4-4E5CA57B251C4620-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-218-223-69.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01b0f9aab740f39d362f5b68f022e51ce96c68c23eccfa65200f6ff991895ff5cbfb8d8262f4f9582a23ac4b2cc003edcd81e9dcbbc3bfe087511922fec006829e9b856defbdc2234272383bee94448802782e8e04421f69d9f0e4691ebf53ae14
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4
content-length: 98454

GET
H2 200 main.MWU2NDEzYzJiMQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 344 KB
99 KB 167ms
163ms Script
application/javascript 23.205.107.69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.107.69 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-107-69.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 8b5eaf40218075cea5deeb7f5b1f281030c970a307707acb1a2057518c64a902

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 13edad78
date: Thu, 04 Jul 2024 14:55:37 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20240702115634965D57C5E399707837FF
x-tt-trace-id: 00-240702115634965D57C5E399707837FF-06B3AE588D03D7F7-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-218-223-69.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01757149a530cdd4ca6454facba505ff1d35e42037a69ad7496c793fabfdfe20989b62882920091a345343003761edbfadc3a1aa917adce37fa3099e1badb02aaba248742846d92fa1a2e8c4ce79fe6dbac8aa25499e2c30d77f3268681d4d4943
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 100287

GET
H2 200 ts
t.paypal.com/ 42 B
520 B 659ms
215ms Image
image/gif 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1720104936200&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (chf/16F7) /

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
correlation-id: 47bff10be19a6
server: ECAcc (chf/16F7)
traceparent: 00-000000000000000000047bff10be19a6-3e477ea39418a305-01
vary: Accept-Encoding
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 47bff10be19a6
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
server-timing: traceparent;desc="00-000000000000000000047bff10be19a6-45a4a8b97dfddfc1-01", content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin: *
expires: Thu, 04 Jul 2024 14:55:38 GMT

GET
H2 200 widget.css
js.jebbit.com/companion/v1/ 15 KB
16 KB 239ms
238ms Stylesheet
text/css 2600:9000:20e2:2e00:a:7914:b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.jebbit.com/companion/v1/widget.css
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e2:2e00:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 22:22:36 GMT
x-amz-version-id: 5TtP6A3FvksKClCFN7X6r1PsSCc1hWlP
via: 1.1 f4cb5dc388dd91aa43ce5b333fc7c7c2.cloudfront.net (CloudFront)
last-modified: Thu, 02 May 2024 15:04:41 GMT
server: AmazonS3
x-amz-cf-pop: IAD79-C2
age: 59581
etag: "de1b72e797664b9b2c2139e5ccb24844"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 15521
x-amz-cf-id: _FuqRKIg8INHYv7Ui9CezURSZ0pl2okJYyM0rhFstLH0FRgLEurELw==

GET
H2 200 launcher_configs Show response
external-api.jebbit.com/moments/v2/ 2 B
449 B 686ms
173ms XHR
application/json 34.237.117.238
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVuX0NBJTJGZWxmLWNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=

Requested by

Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.237.117.238 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-237-117-238.compute-1.amazonaws.com

Software

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
surrogate-control: no-store
x-dns-prefetch-control: off
content-length: 2
x-xss-protection: 1; mode=block
pragma: no-cache
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-download-options: noopen
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials: true
expires: 0

GET
H/1.1 200
OK ovhaw0vyg0na4pmj.js Show response
imgs.signifyd.com/ 96 KB
14 KB 713ms
214ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/ovhaw0vyg0na4pmj.js?rbannjmi8v1l4tdt=w2txo5aa&qptjwoxbmpdk8m5a=L2VuX0NBL2UwZWQwNjJhMDNlNzFkYTI3NzdmM2RiNDM5

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

699b5e103ec7cfa5c3d73e5bf229e1959d46626519af418d9e209f5261012b2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 14:55:38 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: CP=IVAa PSAa
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

cs
tags.rd.linksynergy.com/
Redirect Chain

https://idsync.rlcdn.com/458359.gif?partner_uid=1e03c785-5aa3-4bd5-8620-8a16c03596d0
https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJDFlMDNjNzg1LTVhYTMtNGJkNS04NjIwLThhMTZjMDM1OTZkMBAAGg0I6e-atAYSBQjoBxAAQgBKAA
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=a94446532a4610c09020673893a2625313111b173a94ef33af9ec202d99007806ac34734d8e453ee

37 B
295 B

132ms
101ms

Image
image/gif

34.98.67.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tags.rd.linksynergy.com/cs?ns=lr&uid3=a94446532a4610c09020673893a2625313111b173a94ef33af9ec202d99007806ac34734d8e453ee

Protocol

Server

34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.67.98.34.bc.googleusercontent.com

Software

Resource Hash

bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 04 Jul 2024 14:55:38 GMT
via: 1.1 google
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37
x-samesite: secure

Redirect headers

date: Thu, 04 Jul 2024 14:55:38 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://tags.rd.linksynergy.com/cs?ns=lr&uid3=a94446532a4610c09020673893a2625313111b173a94ef33af9ec202d99007806ac34734d8e453ee
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ 55 KB
16 KB 559ms
111ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (chf/1693) /

Resource Hash

20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 63bc3fec65297
dc: ccg11-origin-www-1.paypal.com
content-length: 16355
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
server: ECAcc (chf/1693)
traceparent: 00-000000000000000000063bc3fec65297-7d91b54e8baebcaf-01
etag: "64f25363-daa8+gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Thu, 04 Jul 2024 15:55:38 GMT

GET
H2 200 runtime_6459738026535cda4232dc813c61447d.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 3 KB
2 KB 402ms
84ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_6459738026535cda4232dc813c61447d.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 23:16:55 GMT
content-encoding: br
age: 2302722
x-guploader-uploadid: ABPtcPrsNlKffX3OOTaYiBMDAv2NlSrBhuxvO7CO9NSlOGWy7EHRnn1g50nCfF3H_r-aNOrLq3epXbkU7w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1316
last-modified: Thu, 06 Jun 2024 18:53:44 GMT
server: UploadServer
etag: "09512239cb2a22728ca9f8608dfc2181"
x-goog-generation: 1715027701560378
ad-auction-allowed: true
access-control-allow-origin: *
x-goog-hash: crc32c=BS9gKg==, md5=CVEiOcsqInKMqfhgjfwhgQ==
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 1316
accept-ranges: bytes
content-type: text/javascript

GET
H2 200 / Show response
ct.pinterest.com/user/ 321 B
705 B 535ms
131ms XHR
application/json 23.220.128.196
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1720104936965&dep=2%2CPAGE_LOAD

Requested by

Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-128-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:37 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
x-cdn: akamai
akamai-grn: 0.04dfda17.1720104937.262d5c6d
x-envoy-upstream-service-time: 1
content-length: 186
x-pinterest-rid: 7629892279240632
pin-unauth: dWlkPU5UWXdOelEwTVRndFlqUmhaaTAwWVdSa0xXSmtZVEF0TkdOaFpXTXhNRFprTWpreA
pragma: no-cache
referrer-policy: origin
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: cac24a94a4695e758e25b435c5c0c6dca81d437a
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 321 B
727 B 535ms
134ms XHR
application/json 23.220.128.196
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22event_id%22%3A%221720105161115_172010565243621%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1720104936970&dep=5%2CEVENT_TAGS_ABSENT

Requested by

Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-128-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:37 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
x-cdn: akamai
akamai-grn: 0.04dfda17.1720104937.262d5c6b
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=600
content-length: 186
x-pinterest-rid: 1462448082880846
pin-unauth: dWlkPVltVmxNRFptTURBdE9EUXlPQzAwT1dVMUxUbGlNemt0TkRFeFlqVTVPV00xTWpFeQ
pragma: no-cache
referrer-policy: origin
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: cac24a94a4695e758e25b435c5c0c6dca81d437a
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
ct.pinterest.com/v3/ 35 B
503 B 529ms
132ms Fetch
image/gif 23.220.128.196
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%22ea1c939c%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22126%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22126%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22126.0.6478.126%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1720104936974

Requested by

Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-128-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:37 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
referrer-policy: origin
x-cdn: akamai
akamai-grn: 0.04dfda17.1720104937.262d5c6e
content-type: image/gif
access-control-allow-origin: https://www.elfcosmetics.com
pinterest-version: cac24a94a4695e758e25b435c5c0c6dca81d437a
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
content-length: 35
x-pinterest-rid: 7463075268119103
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
275 B 626ms
222ms Image
text/plain 2a03:2880:f103:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1720104937092&sw=1600&sh=1200&v=2.9.160&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1720104937086.567073247223155554&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1720104935287&coo=false&eid=1720105161115_172010565243621&tm=1&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=10, mss=1392, tbw=2773, tp=-1, tpl=-1, uplat=1, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 04 Jul 2024 14:55:37 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
4 KB 637ms
234ms Image
image/png 2a03:2880:f103:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1720104937092&sw=1600&sh=1200&v=2.9.160&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1720104937086.567073247223155554&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1720104935287&coo=false&eid=1720105161115_172010565243621&tm=1&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xa90e50505ca4fe26","source_keys":["1","2"]},{"key_piece":"0x521824ae15b46aad","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Thu, 04 Jul 2024 14:55:38 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387794456206961204", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=23, rtx=0, c=10, mss=1392, tbw=3092, tp=-1, tpl=-1, uplat=90, ullat=0
pragma: no-cache
x-fb-debug: kFrXiCz1Mv+TH8megDRdz/gGXbblYZkj+rprM+JrKEG/Jik+5Wm9aXUmr4SebqHMQNeGujDWEDP0RK1WJae2uw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387794456206961204"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 identify_ce1d8843.js Show response
analytics.tiktok.com/i18n/pixel/static/ 146 KB
39 KB 128ms
127ms Script
application/javascript 23.205.107.69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_ce1d8843.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.107.69 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-107-69.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: d891e16dbaf81b89f017b6516afdeffe602f8df1d5e269429e7b6eaf63726a03

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 13edb2e6
date: Thu, 04 Jul 2024 14:55:37 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20240521140000259F23E3B54B103D7560
x-tt-trace-id: 00-240521140000259F23E3B54B103D7560-1DDAECA08FBB061F-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-218-223-69.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 018b0dc58c5353c15d690d6a17dc894329f69b861755725f870cd07a25defddfdc592de2653261a7f22e04cd85e49e6a5e40eace0ac7a213f43d69e4aaf0c55be77374772067cf216cb4ec5763a7dea43c5245e5b9363cad008f9fa13fecd338aa
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=1
content-length: 39550

POST
H2 200 performance_interaction
analytics.tiktok.com/api/v2/ 0
707 B 208ms
207ms Ping
text/plain 23.205.107.69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/performance_interaction
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.107.69 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-107-69.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 13edbb4d
date: Thu, 04 Jul 2024 14:55:38 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240704145538A4A98FB6ADD97A72C5AC-3CAF3CA795F96CD7-00
x-cache: TCP_MISS from a23-218-223-69.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing: inner; dur=11, cdn-cache; desc=MISS, edge; dur=76, origin; dur=14
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240704145538A4A98FB6ADD97A72C5AC
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 15,23.218.223.69
x-tt-trace-host: 014afc2c0b7558afd48c25ade542f5aa37c5d733e393dba72ca0bbdcfc34fdbc3ffdf93ee31e7beb867acc8fe2911b934fbfbee423ef978580c08655b7bd6d5a3d84649efd136fe8a4fe9d9b23d8e375f844bc6d4e73266a736df48d246b71ad1d
access-control-allow-headers: Authorization,*
expires: Thu, 04 Jul 2024 14:55:38 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
847 B 287ms
287ms Ping
text/plain 23.205.107.69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.107.69 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-107-69.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 7d2b8326.13edbd30
date: Thu, 04 Jul 2024 14:55:38 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240704145538521820011AC66A36D29F-1DDD3F776E06D301-00
x-cache: TCP_MISS from a23-218-223-69.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time: 147,23.218.223.69
server-timing: cdn-cache; desc=MISS, edge; dur=35, origin; dur=138, inner; dur=134
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240704145538521820011AC66A36D29F
x-cache-remote: TCP_MISS from a23-52-15-112.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 138,23.52.15.112
x-tt-trace-host: 014afc2c0b7558afd48c25ade542f5aa37db03f2504a4fdc2e1c4cc8a04328a7f001e8ebdd796e225619e4e1902b89144e9a08da8143556e10b899493b7cebca884ba0149a1866c7f8d572ef7f84b34ddaeb18965d2d1e5f084852d0d401e96f7a42bee7b4f1303f9b9056712ea827bdd5
access-control-allow-headers: Authorization,*
expires: Thu, 04 Jul 2024 14:55:38 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
704 B 184ms
184ms Ping
text/plain 23.205.107.69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.107.69 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-107-69.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 13edbd31
date: Thu, 04 Jul 2024 14:55:38 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240704145538A4A98FB6ADD97A72C5AE-12A7648F7027A8B1-00
x-cache: TCP_MISS from a23-218-223-69.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing: inner; dur=34, cdn-cache; desc=MISS, edge; dur=8, origin; dur=42
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240704145538A4A98FB6ADD97A72C5AE
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 42,23.218.223.69
x-tt-trace-host: 014afc2c0b7558afd48c25ade542f5aa37c5d733e393dba72ca0bbdcfc34fdbc3ffdf93ee31e7beb867acc8fe2911b934f5570166253321cd8d5cee11d9e1adc890b8f92e1e9661046f4fa5c444e951d901995a5367943d797db4255b6036aa68d
access-control-allow-headers: Authorization,*
expires: Thu, 04 Jul 2024 14:55:38 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
843 B 171ms
163ms Ping
text/plain 23.205.107.69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.107.69 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-107-69.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 3729a.13edc39d
date: Thu, 04 Jul 2024 14:55:38 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240704145538F623FB88E53D5266D22F-4BE5BAFB53528B3E-00
x-cache: TCP_MISS from a23-218-223-69.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time: 33,23.218.223.69
server-timing: cdn-cache; desc=MISS, edge; dur=32, origin; dur=21, inner; dur=17
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240704145538F623FB88E53D5266D22F
x-cache-remote: TCP_MISS from a23-52-15-108.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 21,23.52.15.108
x-tt-trace-host: 014afc2c0b7558afd48c25ade542f5aa37db03f2504a4fdc2e1c4cc8a04328a7f0f03b97606e7d1e99e7d434b2fafc7948726a8ec07496876a030dc8adb7204aa7e9d770cbc1e6c40e8e759ff5b71b0c7d3cae5d1f0c83d8f0b3c3eb9ec364c00f13086aee747ae4f7371cdbb778623d99
access-control-allow-headers: Authorization,*
expires: Thu, 04 Jul 2024 14:55:38 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
704 B 170ms
163ms Ping
text/plain 23.205.107.69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.107.69 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-107-69.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 13edc39e
date: Thu, 04 Jul 2024 14:55:38 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24070414553890C8BE64BEE0236A0320-382835F4744C54FC-00
x-cache: TCP_MISS from a23-218-223-69.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing: inner; dur=27, cdn-cache; desc=MISS, edge; dur=16, origin; dur=32
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024070414553890C8BE64BEE0236A0320
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 32,23.218.223.69
x-tt-trace-host: 014afc2c0b7558afd48c25ade542f5aa37c5d733e393dba72ca0bbdcfc34fdbc3f2fc098f269117e42e47d6ad712fb39b01c7af1c31d88dd528735b3788176f93089c0ed2cc020080dec5bdbd4127da4ad8b4a2f88b0531bd703c0d3647efec6f1
access-control-allow-headers: Authorization,*
expires: Thu, 04 Jul 2024 14:55:38 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
705 B 164ms
156ms Ping
text/plain 23.205.107.69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.107.69 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-107-69.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 13edc39f
date: Thu, 04 Jul 2024 14:55:38 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240704145538CF4157A2EA96A66CAEA8-2337AEFD908ABCA1-00
x-cache: TCP_MISS from a23-218-223-69.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing: inner; dur=24, cdn-cache; desc=MISS, edge; dur=14, origin; dur=30
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240704145538CF4157A2EA96A66CAEA8
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 30,23.218.223.69
x-tt-trace-host: 014afc2c0b7558afd48c25ade542f5aa37c5d733e393dba72ca0bbdcfc34fdbc3f790b8631341f7e56830ac8257ebf3baed11eb633b366130c241a7d06773244f10f0b10f702b1d03fc2353c5dda85b5b6955c9c1fc28e9582171199dc79edd763
access-control-allow-headers: Authorization,*
expires: Thu, 04 Jul 2024 14:55:38 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
708 B 366ms
359ms Ping
text/plain 23.205.107.69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.107.69 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-107-69.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 13edc3e4
date: Thu, 04 Jul 2024 14:55:38 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240704145538A4A98FB6ADD97A72C5CA-1D0DCCDA719C37B5-00
x-cache: TCP_MISS from a23-218-223-69.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing: inner; dur=196, cdn-cache; desc=MISS, edge; dur=14, origin; dur=216
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240704145538A4A98FB6ADD97A72C5CA
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 216,23.218.223.69
x-tt-trace-host: 014afc2c0b7558afd48c25ade542f5aa37c5d733e393dba72ca0bbdcfc34fdbc3ffdf93ee31e7beb867acc8fe2911b934ff91a0a55bd50e3ca9d2f733a4cad1432e2732f6ae979eb668597463e81dfa1e30656e8b9143a416dd28a340cfbaaf7d4
access-control-allow-headers: Authorization,*
expires: Thu, 04 Jul 2024 14:55:38 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
702 B 285ms
278ms Ping
text/plain 23.205.107.69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.107.69 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-107-69.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 13edc3e5
date: Thu, 04 Jul 2024 14:55:38 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24070414553890C8BE64BEE0236A0326-4361A30C4C213530-00
x-cache: TCP_MISS from a23-218-223-69.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing: inner; dur=44, cdn-cache; desc=MISS, edge; dur=39, origin; dur=50
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024070414553890C8BE64BEE0236A0326
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 51,23.218.223.69
x-tt-trace-host: 014afc2c0b7558afd48c25ade542f5aa37c5d733e393dba72ca0bbdcfc34fdbc3f2fc098f269117e42e47d6ad712fb39b0a445eb058472a7e2fc8c304c48c9844facbbbe2edd05ee5d760150414e1821c3688aeabff697c129f4d7c67c64edcdb2
access-control-allow-headers: Authorization,*
expires: Thu, 04 Jul 2024 14:55:38 GMT

GET
H2 200 / Show response
ct.pinterest.com/v3/ 35 B
748 B 171ms
170ms Fetch
image/gif 23.220.128.196
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22event_id%22%3A%221720105161115_172010565243621%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1720104937515&dep=5%2CEVENT_TAGS_ABSENT&pd=%7B%22np%22%3A%22gtm%22%2C%22external_id%22%3A%22%22%2C%22pin_unauth%22%3A%22dWlkPU5UWXdOelEwTVRndFlqUmhaaTAwWVdSa0xXSmtZVEF0TkdOaFpXTXhNRFprTWpreA%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%22ea1c939c%22%2C%22is_eu%22%3Afalse%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22126%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22126%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22126.0.6478.126%22%2C%22ecm_enabled%22%3Atrue%7D

Requested by

Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-128-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:37 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
referrer-policy: origin
x-cdn: akamai
akamai-grn: 0.04dfda17.1720104937.262d5d92
content-type: image/gif
access-control-allow-origin: https://www.elfcosmetics.com
pinterest-version: cac24a94a4695e758e25b435c5c0c6dca81d437a
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
content-length: 35
x-pinterest-rid: 1955826582021986
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
849 B 518ms
511ms Ping
text/plain 23.205.107.69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.107.69 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-107-69.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 629dff29.13edc3e6
date: Thu, 04 Jul 2024 14:55:39 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24070414553889D9BA36356E5E3CB780-382FE17F61DE15FF-00
x-cache: TCP_MISS from a23-218-223-69.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time: 352,23.218.223.69
server-timing: cdn-cache; desc=MISS, edge; dur=30, origin; dur=349, inner; dur=346
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024070414553889D9BA36356E5E3CB780
x-cache-remote: TCP_MISS from a23-52-15-109.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 349,23.52.15.109
x-tt-trace-host: 014afc2c0b7558afd48c25ade542f5aa37db03f2504a4fdc2e1c4cc8a04328a7f03a0c14a54348a6f8a559e456a44528e1cce86bd9767857ad9ddf8fe4f937a1221ea36a8e93bfd41aa6207f37487bfa3f1971fb7c3633414e951d06d71980a0e7d416ac1b73820faf8cfbecaf0f9f8c80
access-control-allow-headers: Authorization,*
expires: Thu, 04 Jul 2024 14:55:39 GMT

GET
H2 200 main-v2_efcf4183cfe60de21aa43976b713ebd6.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 499 KB
109 KB 82ms
79ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_efcf4183cfe60de21aa43976b713ebd6.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 2712747c3f51e3e240cc7fefcecbf530963c1b3ec7d7f9976275412e7eedf281

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Jul 2024 15:42:00 GMT
content-encoding: br
age: 256418
x-guploader-uploadid: ACJd0NoSrRj-hVGEcNS5G8s00xRR9aUp01M1eV6pvQyRWB5-ipqaUod8gaS-YgwvuL2srgN5BnAPDgnrjg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111654
last-modified: Mon, 01 Jul 2024 15:41:53 GMT
server: UploadServer
etag: "8006084e958b75f62b9244e155f05c62"
x-goog-generation: 1719848513276806
ad-auction-allowed: true
access-control-allow-origin: *
x-goog-hash: crc32c=ltGu+g==, md5=gAYITpWLdfYrkkThVfBcYg==
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 111654
accept-ranges: bytes
content-type: text/javascript

GET
H2 200 cjs_min_3a843477d8e318f67237a66d0a58c542.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 49 KB
16 KB 181ms
180ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_3a843477d8e318f67237a66d0a58c542.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 6c58f061a49641f54723faab57ad0bdb49a95619e86c90dad9a3ed630ffb3780

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 03:41:51 GMT
content-encoding: gzip
age: 818027
x-guploader-uploadid: ACJd0NrYQE0ENTtO1W7-5B9T1h7aikLphG5S0_2lu_4CVqfOgPxFPlf1PKLZQd-Y0NZ7HPA1ZPFp98atHg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15748
last-modified: Mon, 22 Apr 2024 20:59:52 GMT
server: UploadServer
etag: "1eb885454ea6bef1c9747800702959de"
x-goog-generation: 1713819592631797
ad-auction-allowed: true
access-control-allow-origin: *
x-goog-hash: crc32c=Joap5g==, md5=HriFRU6mvvHJdHgAcClZ3g==
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000,no-transform
x-goog-stored-content-length: 15748
accept-ranges: bytes
content-type: text/javascript; charset=utf-8

GET
H3 200 token_create.js Show response
ct.pinterest.com/static/ct/ 4 KB
2 KB 126ms
126ms Script
application/javascript 23.220.128.196
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/static/ct/token_create.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

QUIC, , AES_256_GCM

Server

23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-128-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

cd56592299c1c670fb97ef28bcb50048508c01879ecb23b71364aecc0483e202

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
x-cdn: akamai
akamai-grn: 0.0edfda17.1720104938.261fd9d5
etag: "19c94b308deaf8fbf050b4fca2fa21b7"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
alt-svc: h3=":443"; ma=600
content-length: 2108
quic-version: 0x00000001

GET
H2 200 ct.html
ct.pinterest.com/ Frame 18B0 0
0 551ms
214ms Document
text/html 23.220.128.196
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/ct.html

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-128-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

akamai-grn: 0.04dfda17.1720104938.262d62ab
alt-svc: h3=":443"; ma=600
cache-control: max-age=86400
content-encoding: gzip
content-length: 323
content-type: text/html; charset=utf-8
date: Thu, 04 Jul 2024 14:55:38 GMT
pinterest-version: cac24a94a4695e758e25b435c5c0c6dca81d437a
referrer-policy: origin
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
vary: Accept-Encoding
x-cdn: akamai
x-envoy-upstream-service-time: 0
x-pinterest-rid: 8846748078082415

GET
H2 200 index.html
www.paypalobjects.com/muse/analytics/ Frame 25F9 0
0 94ms
93ms Document
text/html 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (chf/16CA) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-length: 16754
content-type: text/html
date: Thu, 04 Jul 2024 14:55:38 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "64f25363-dacc+gzip"
expires: Thu, 04 Jul 2024 15:55:38 GMT
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id: bb71374e404a6
server: ECAcc (chf/16CA)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000bb71374e404a6-e2fdc144b1d31473-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff

GET
H/1.1 200
OK AU_Uit479tK1ZfYw Show response
imgs.signifyd.com/ Frame CEE0 301 KB
51 KB 158ms
157ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/AU_Uit479tK1ZfYw?953c1bb3024134a8=WvCdyDuZuPvf9SdTRbjtZOCqaY9PWB_EogMxBGyIjYgygNCmqv91I84MptKagIQOn7gevOxTt4qLfLuKTY7TwfBclbIPh0Ow-fRbUdCCcaPBalDW8b7-1CDqspRlhgpPpAHkpK7YYE-9_fV3sBZhMtenoAhrhY_eLxTrSzSJtqX_CC9sda5YFQQb8YiQE4jVg8XNaTQE6BAGVct7AgkM0rve4a8&jb=3d3b2426627365773555696c6e6d77712c607967355763666e6575792d3238333b2c6a7b6a773f4b6272676d6d2468736a3d496a7a6d6d672f303033383c

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/ovhaw0vyg0na4pmj.js?rbannjmi8v1l4tdt=w2txo5aa&qptjwoxbmpdk8m5a=L2VuX0NBL2UwZWQwNjJhMDNlNzFkYTI3NzdmM2RiNDM5

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

970f88ea89cb7d240c5801ef71620c2b32b868a9b3d6cf53bb26f53fde5b0c63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 14:55:38 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
tmx-nonce: 9c349399d350e841
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=99
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK ld2k0e9NhMLKS-wv
imgs.signifyd.com/ Frame CEE0 81 B
474 B 360ms
138ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/ld2k0e9NhMLKS-wv?005b69bd70298e17=gRsxSoJw27ztb0u5dWy5uzqcdkLwDVSSL_z0V6W-gCWL3HrGD-awHT_0UXCORdjq74CU1-EsRHf0dUgMlkcPCf9HIcGYUyWsWRU43jamgYBLjvuMIvJQZar8wM0fq6DcH446mWM5fQZiw08fRzKfdDAgSJzpXtLN9397xqa9IQCqMCLuzA

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 04 Jul 2024 14:55:38 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK TCzb9UpWfQmfJw3k
imgs.signifyd.com/ Frame CEE0 81 B
474 B 486ms
140ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/TCzb9UpWfQmfJw3k?b5fea83039419fa7=bmd_i5HIV3kOZjN9Or7ujxw7sMg44TsNAEXpRvZ7VyQqOjBloRhuH8nJlO3qZ1E-4V8L4f7_pECMufZajjNoYkmkDbZ2Z34gRPR5vM8oOEEPHsJ1ja-R-OU7xfam46_u1LFwLfHmx4GZEdtmrvbomtRhKWvExxuV9XG9hAqW0kYUEB76bw

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 04 Jul 2024 14:55:38 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ts
t.paypal.com/ 42 B
209 B 160ms
160ms Image
image/gif 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1720104938281&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (chf/16DB) /

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
correlation-id: 093930e1b633c
server: ECAcc (chf/16DB)
traceparent: 00-0000000000000000000093930e1b633c-35e398c7a1f435b4-01
vary: Accept-Encoding
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 093930e1b633c
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
server-timing: traceparent;desc="00-0000000000000000000093930e1b633c-9387b289d4332666-01", content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin: *
expires: Thu, 04 Jul 2024 14:55:38 GMT

GET
H3 200 inbox-v2_02aca5df0e176b8810a86da97ac05424.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 17 KB
5 KB 83ms
79ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_02aca5df0e176b8810a86da97ac05424.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 03dbf9dc05fa84370cbdfb363a10855e9fd035a833cd83b67e14cdb975882bed

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 03:46:24 GMT
content-encoding: br
age: 40154
x-guploader-uploadid: ACJd0NooNr-VjgYkoF2BvrNyVyVSTlox45iQqdTwFUR7zb7qHNtcfvwsBDdyReIfAkNJqUj_WSH4Lz6_pQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5089
last-modified: Mon, 01 Jul 2024 15:41:49 GMT
server: UploadServer
etag: "2a4c802d3ec2dfc292cc9bb15ef5f45d"
x-goog-generation: 1719848509406494
ad-auction-allowed: true
access-control-allow-origin: *
x-goog-hash: crc32c=PRHjLA==, md5=KkyALT7C38KSzJuxXvX0XQ==
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 5089
accept-ranges: bytes
content-type: text/javascript

GET
H3 200 onsite-v2_0e56ab6ba004ee080ce3deb3edae35e9.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 16 KB
5 KB 82ms
78ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_0e56ab6ba004ee080ce3deb3edae35e9.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f10699f59e4285b87af5097e4ba9e470ee29b4f3487fa767f2818bdbbdd6bb14

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 13:53:10 GMT
content-encoding: br
age: 90148
x-guploader-uploadid: ACJd0NrNF-dbUWIiJLYYnqfAw70JvFj5c50dY9xU3CSibMmbUZOu_LlsEB1nNWmZ1PtQuSOVfQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5003
last-modified: Mon, 01 Jul 2024 15:41:57 GMT
server: UploadServer
etag: "7ff99b6f1cea743cef749de91009e764"
x-goog-generation: 1719848517072211
ad-auction-allowed: true
access-control-allow-origin: *
x-goog-hash: crc32c=qFvE1Q==, md5=f/mbbxzqdDzvdJ3pEAnnZA==
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 5003
accept-ranges: bytes
content-type: text/javascript

GET
H/1.1 200
OK / Show response
data.cdnbasket.net/ 14 B
338 B 431ms
102ms XHR
application/json 35.201.66.85
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.cdnbasket.net/
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.66.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 85.66.201.35.bc.googleusercontent.com
Software: /
Resource Hash: 21248689d686dfc880bf68eecf7bdebd358d10ddd98e9838433d7b6e8b869ffc

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 04 Jul 2024 14:55:38 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
page.cdnbasket.net/ 14 B
338 B 417ms
100ms XHR
application/json 34.107.212.52
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://page.cdnbasket.net/
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.212.52 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 52.212.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 69a8787bd0fb3c7b7910a9c71ec4b210c7f01351ca3c1fb982807fa8f24ee41c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 04 Jul 2024 14:55:38 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
view.cdnbasket.net/ 14 B
338 B 432ms
109ms XHR
application/json 34.117.235.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://view.cdnbasket.net/
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.235.44 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 44.235.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 92a5177b52e1056a602b10689fe45ab36dc751b6f84fa5e86d1162c48b53d703

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 04 Jul 2024 14:55:38 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK clear.png Show response
imgs.signifyd.com/fp/ Frame CEE0 81 B
536 B 609ms
223ms XHR
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/clear.png

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/AU_Uit479tK1ZfYw?953c1bb3024134a8=WvCdyDuZuPvf9SdTRbjtZOCqaY9PWB_EogMxBGyIjYgygNCmqv91I84MptKagIQOn7gevOxTt4qLfLuKTY7TwfBclbIPh0Ow-fRbUdCCcaPBalDW8b7-1CDqspRlhgpPpAHkpK7YYE-9_fV3sBZhMtenoAhrhY_eLxTrSzSJtqX_CC9sda5YFQQb8YiQE4jVg8XNaTQE6BAGVct7AgkM0rve4a8&jb=3d3b2426627365773555696c6e6d77712c607967355763666e6575792d3238333b2c6a7b6a773f4b6272676d6d2468736a3d496a7a6d6d672f303033383c

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: */*, w2txo5aa/9c349399d350e841l2vux0nbl2uwzwqwnjjhmdnlnzfkyti3nzdmm2rindm5
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 14:55:39 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Thu, 04 Jul 2024 14:55:39 GMT
Server: Apache
Etag: e89bf40559ca463bab48b0887d605a74
Content-Type: image/png
Access-Control-Allow-Origin: https://www.elfcosmetics.com
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Tue, 03 Jul 2029 14:55:39 GMT

GET
H/1.1 200
OK Fs7ULrPiCErVaDnp
imgs.signifyd.com/ Frame 8151 0
0 606ms
218ms Document
text/html 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/Fs7ULrPiCErVaDnp?3abe4b16a748f8d7=xWcJFHUVJyLyFHOeXLQvXcrBnMHWoud1z-q8LbcQesb0yx-Kt5_kWr4hwDvJN2pMjT3hPjeTlzDKJvY4kW7MUY3Mf4HBM4-2oPzH8FYYQmKQ9mYnLAupv4dCKbTiPBV5ZhBdUuAaJtQMFVtzQt9BQLbVgCfMUjp37okS-7PJKFdRGyaNyL3uOwP5UD0CgOYSQwLGhyjwReCkUW302dKj9LhDswpzSg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Thu, 04 Jul 2024 14:55:39 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK WY526rG0jZYpyF4B Show response
imgs.signifyd.com/ Frame CEE0 0
399 B 370ms
226ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 04 Jul 2024 14:55:38 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK 535FB0CsuLQK7c1P Show response
imgs.signifyd.com/ Frame CEE0 134 B
656 B 365ms
219ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/535FB0CsuLQK7c1P?e8e95f36ec648566=jpF7ssyQx1VOx0hjreLMAJt1pEJqF-8VUD66uq3WKBjrGDfzhBkcZFBhWfEVVFBRtYvVTlWePK_ajbTu-YBpX_GymyygHzhB1IkMtmNyOCHcYiIA2P0d720Y3b4ifM6CIukITeSdq6y3fb9PIDx99tySvvHGRsqB

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

501b0862c5009a54f7ad1098596a538f65b3052408d8a1d4a04b5381bbbae60b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 04 Jul 2024 14:55:38 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=100
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK 4nSBvCL5cm_R1-mU
h.online-metrix.net/ Frame 22D4 0
0 714ms
209ms Document
text/html 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/4nSBvCL5cm_R1-mU?ead727207879df63=dJuH0pLdqutYgJI0nQKKwBHBpXqPDYLl1GHVvbAf1ruUgqMkr__vIIIr_vbEgFYliH2yK5fL4G68pO4QTOfnvhtDfqIdjIuPFggXFPVDxYMJ8cfm8fNNqFDrBtfvJjsuObtf5c1hrEg9v-TEo_bePqY5ri28BKRoBw2YmUoYRqWhY34tFB6mklvRmu6IXau5tLykHUwyH6TWsbTTuyTFkCL3WdIu8bM

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Thu, 04 Jul 2024 14:55:39 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 48BZaQhtx9NKBYhA
imgs.signifyd.com/ Frame 7D24 0
0 618ms
214ms Document
text/html 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/48BZaQhtx9NKBYhA?b382c544a730578f=KhIerGQYcyGZH4dkYrjNC7fNaTl1p_bNBEJ7Rn9Tb3rSvVe1pcQGS0CBuYda_WRKWUB2PQGSkU_sgyMVGv569rh_yOw9j7KR_SVbywt-aDmtgXT93v5-26ZQmE_q8tFM-4sp4u9syyWqoF_YjoP53ra3sBfLdFntPKbWH2JwgBxAPsd6L3uWGkgq59z4eHWX7yCWl58MkxHQKw0U666DWKPHYJ6fVw0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Thu, 04 Jul 2024 14:55:39 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET 1afEKBW3OirwkZ15
h64.online-metrix.net/ Frame CEE0 0
0

GET
H/1.1 204
204 WY526rG0jZYpyF4B Show response
imgs.signifyd.com/ Frame CEE0 0
218 B 376ms
144ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/WY526rG0jZYpyF4B?526165ca621ba668=vcWc5OBSxvGDXJPzUOCSAe7Vkzb-hTCfT-1JXBJw0hoJLkksfASCUVu4cElteIOuurrdvUGztwFaXqjasfTE7Ty5JegPPrzIVmWKess48hpM1xh42aa5TWPPbBxnjZvmhM2NurzZVF8tbfZGoIhXqCMdUAdn4T2WjidTvw&ja=3a3231392e26693f253638322c783d343a2c6c3539363a38723b303a38266964373b3638387a333a3a302e73707b3f3638783c322e66707037332c333c3a3a2439323a38263b343a382c39303a3a2c393e3232243b32383024333430382c3b3038322c343a2e36322c677e353a376c3d3b6e313b3c396d34686c32383160343e68643b383f6032616e3369362e6f6e3f382473616e37383c2e6c6235627e767a7b253b432f38462d3a44757f7d2e6d6c6e616d7365657e6b6b712e61656f25304c6f64574b412f3a4c6f6e6c25636771676f74616b2f617a636d616e696e7126786c37372e72683f6f3a30306e6c6b3d3d353b31396c366f6a65303b3339656a3c633b31383938642e6a6a3d6e303231696763353e6330333d3e383b6e3639696e39343c3a333c606e39346b2e6871673757616e6c6d75732d323a3339246a71683f436a7865676d2d323a39383c24607b6f7d3f5d636e6c6775712e60736a7535416a72676d6f24666a633f3e3a266c6e6737302e6e677c7a37322c7c7a6c3f4b67657a6161632d38465e6166616d757e6578246563746a783f34323a396e396b32686d693a306f3e636b373c3a30303a6366393f353c30396466343d3832333c3364346f6361303e6e69313c616c6a6e3d30393933393b3c6b266c7a3f6a7c7e707b253b4327324e2538447f75772c6f6e66616579676d7c69697b24696d672d324e67645543492d30446d6666256367716f657c69692f6b70696f636c616e792c7a35786c7f6f63645d6c64617b6a2f3f456e696e716d2b7064756f6b6c5f7f6964666775735d6767646b6b557a6469796f7a2f3f476c696c7b672b7a6c7d6f6b6c576b6467626d5d63637a6f68637c2735476c636c716f2b7a647d676366557b77636b6b7c6b676f253d4d6463647965297064776569665f796a67616b756b7465273f4f6c6964736f297a66776d616e57706f6b6c7864637b6d78253d456e636e736d217a6e7d65696c55746c61557a66697165782d3f4f646b64736d237a66756f616c5d6c6f76696c7e7027354d666b6e7b6721726677676b6455797e6f5f7c616f7d67782d354d646b66736d29726e7d6d69665f626374612d354f64696e73672c656c5d69377d6d6a67665f6f6845462d323833243a253a382a4d786f6e4f4c2d3032455b2538323a2c30273832436a786567617d6d235f6f6845462d32384546594c2d3a32475b2f32383126322732382845726d6c474e2f303047592f38384f4c59442f38324f5b253a323b24302d3a324160786f65697d6f2b576d62416b7c556560416b7427383a5d6d6a474649444d4e4f576966717e6b6e6b6d665d69787269797b2731422d323a4750565f6066676e66556763666561722d394827383845505655696c61785d616764747a6f642731422d323a4750565f61656e6f7055687f6e6e657857626b6e6c5766646d6b7e253b4a2730384f585c5f6c677274605f696e696f7027394025303a4f525c576666676b7e5d68646566662f39422d3a3247505e5f6e7269655d646d707e6a2d3142273832455a5e557a6764796d6764556d6c6e736d7655696c696572273b48253a304d5a565f7b686b666d705f766f7a7477786f556467642f3b482f303a4d585c5d7e6f787c7d706757696f65707a677173616f645d6a7274612f314227383a4f505c5f7e6d727e77786d5f6b6d677a726d7b716b67645f7a677c6127334a2538324d5a545d7e6778767f786f576e69667c6f785d6b66697b6d7e786f786161273b48253a304d5a565f7c6572767d70655d676b72706578556b64616778557e6d556d646f672f39422d3a3247505e5f7b524f4027334a2538324747535d6f6e656f6f647e57616e6e6d7255776366742d31482f3238474751576c62675f7a676c646d72556f61726d637a2733402f383a474d53557b7e6b6c6e69726c5d6e6f72617e6376617c657b253b402732384f4f515776657a7e777267556c666769742f3b482f303a47455b5d7e6f787c7d7067576c6c67617c5d6e6966656b702d31422738324f4759557e6d70747f7a6f556a6b646657646665617c2d31402d383047455b5d766570747f706d5d686366645f6466656b7c576c63666f6b702f3b422d303a45455b5774677a7e65705f69707061715f6560626763762f314227383a5d4d4a47465769656e657a5f6a776c6c657a57646e676b742d334a2730305f454845445d636d6772726779796f6c57746f707e7f706f57617b76692f334a2d30325f4f424f4c57616d6d78726f717b67645d7e6778767f786f576d74692d3948273838574d404d465f6b676f727a6f737b656c5d766570747f706d5d657669332531482f38385f45484f4655616565707a677979656c577667707e757a65577131746b2539402d3030554f40474e5569656578726f7b796f66557c6570767f7865577b31766b55737a676a2731422d323a554d40474e556665607f6d557a6d6e6e6d786f7055616e6e6d2f39422d3a32554d4847445f6c6760756f5f796a69666570792733402f383a5f4d424d44556e677a7c6857766f72747d7a67273b48253a305f474047445f6e7069755f607f64666778792f3b4a2538385d4f404d445f646d796f5f6b676c766d72742d334a2730305f454845445d6d776676695d6e786b7f2d33482d383a554f4a47445d7a656c716f6d6c57676f6c6539342467645f623f30346631693a3463323d3b6a3c386f696e32363c31616c366b3d623d6b343230683869643d3733362e776d6e7e3f496c7e676c27383a43666b2e2c7f6d667037416e7c67662f323841706b7b2f32384f78676c47442538324d6c676b64672661696e3739&jb=393732266471374f6778696e666325304c3f24382d323a205d636c6e67777b27383a4e5c2d3032393a2e38253b4027323857636c3e36253148273232723c3e212d323a497a7a6e6f5f656a49637e253a4e37313f24333e253a322a4b4054474e2d30432738326c6b616f2f3a38476f6b61652b2f3a304b6a78656d6d2d3044393836263026322c302d323a5169646170632732443f393d263b36

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 14:55:38 GMT
Strict-Transport-Security: max-age=31536000
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=96
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK KdFT46Y4Qx06mSKq
w2txo5aazlqikf67q2i3mrtkt3ywitpyut4avlfs9c349399d350e841sac.d.aa.online-metrix.net/ Frame CEE0 81 B
438 B 865ms
203ms Image
image/png 192.225.158.3
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w2txo5aazlqikf67q2i3mrtkt3ywitpyut4avlfs9c349399d350e841sac.d.aa.online-metrix.net/KdFT46Y4Qx06mSKq?dee0a4a49b3eb6ab=RvXlxyyx-a5i6nJFsrx_PAJG9HANRrd2RbzYRFP_GrwSsByZQ4rTGvPmM-sdP_yGwOPvCcjJFpxCv6Li49Dx-eGoEoo7ssWu5E6v1dCGbI--ZiDV6H1nvPMSThIoP6oMv5wr9YIuXxrEopI0blhkMvSsE5-G4aHTsRPr2PVZffc6ASk

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.3 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 04 Jul 2024 14:55:39 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 rhEVtmY_48UPCfcb Show response
imgs.signifyd.com/ Frame CEE0 0
218 B 410ms
136ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/rhEVtmY_48UPCfcb?0fa5eefafbfe5789=yvHKV0pSLDrZUY-Sy-PokD3e9KkIf-1WS2hjmDPMANuQ-8jDEvFRkJn2Rd1_cgwf2DzPZpjeH05ufcHqVMhNWEBXbxdZVrdZpP_Rl3oOCAx3mxmKrC0nHAAKSCPjAl16pfa2r5fcSRH1IjU4B_5VPslZZYRnAkUOjyMuDB9mOOkKRWH_jlP6AQ9qayvi5NlXVT9wyw0n4XolpVJCwKBj74pGyzQfFg&jac=1&je=3036242665656e6a352a3327384131273849392d3a433969393c603b6e6639606e3238386e303b313e366e62316361633c396f663c6432636e3a62366c6b696930663c3f33333b3938306a33683e37696d313a3c6c3321

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 14:55:39 GMT
Strict-Transport-Security: max-age=31536000
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Type: text/javascript;charset=UTF-8

GET
H3 200 jquery-3.7.1.min.js Show response
assets.bounceexchange.com/assets/bounce/ 85 KB
30 KB 76ms
76ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.7.1.min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 04:16:15 GMT
content-encoding: br
age: 124763
x-guploader-uploadid: ACJd0NrZBxkjUYampmEuxCDBJYqKqdg0Z7FqqpK28y3Z9R15wNdus1Eot1NdaAk5Wq51ppbpWEA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31010
last-modified: Mon, 01 Jul 2024 15:41:34 GMT
server: UploadServer
etag: W/"2c872dbe60f4ba70fb85356113d8b35e"
vary: Accept-Encoding
x-goog-generation: 1719848494006967
ad-auction-allowed: true
access-control-allow-origin: *
x-goog-hash: crc32c=fsBEgw==, md5=LIctvmD0unD7hTVhE9izXg==
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 87533
accept-ranges: none
content-type: text/javascript; charset=UTF-8

GET
H/1.1 204
204 vdcAoqTsRzz6YJgY
imgs.signifyd.com/ Frame CEE0 0
400 B 275ms
146ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/vdcAoqTsRzz6YJgY?7bc6ebcdbb2b82f5=6ftpP2UFdFShWlPKk_uVqxpOPLwrjD0Gzzq4ez24A9uy82cchLMN5BdeF-H5OMeDuIySraaNt6eOW71e6ZROlRBkEKT7EZoenuW_z_BbQV2pzpQkYdUs0JMJ8BtJDzhEFWDd3XCvBfw7rps6uwMF2ysMB7wPM0c59LFhQ-gd1qxJ0ALThPFCEIQh1mz8gV-CDtganAC-YvrglAPhOrlcJVV5LPMDXg&jf=3c3336267b696e5d7a6c643f7e66725d463e527d444e3a475f4b6c5e673367642c79696c5766637c6f3d39373a3233303c39393a2e716966557679726f377d6d6a3a6f6b6e79632c7b696c5d616f79353b32373139303933383432373a6132343c3a6367396630303a3b3a3e38383869323c36326b653b663a3930393835323b3e32383038366736313332633a3a31363d6036646b3f6c3c39616e3f3c68363e3a393c663c6f33386c356438696269356a6733353d346e636b3a36673a3730646c6c3f3b3a353f6a6f68353e6e35313a683c64693b35673b3c343a643f3732646d6433633f3a33603b636367336b6f306a37336d383f33323e6338363d6f353a3f60643f3a632e7361665d736167373138363432383030313a386b6d39653f6d6b3966333c353a61693f336b3a34366b6f336a336c6434386d346f663f3533376e6738343b3b39696a33326b3d3b3a696a623b34323c62383a30323b69323e65303335383b663c313d3a39613a3531316932683d6e33393b3c3d603a6e663d343b6e656e303b673d6e316b38393b60323f6468303033643b3b3b612479636c7a3530

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 04 Jul 2024 14:55:39 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame 0C31 0
0 342ms
78ms Document
text/html 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: none
access-control-allow-origin: *
access-control-expose-headers: etag Content-Type
ad-auction-allowed: true
age: 818031
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public,max-age=31536000
content-encoding: br
content-length: 938
content-type: text/html; charset=UTF-8
date: Tue, 25 Jun 2024 03:41:48 GMT
etag: W/"fc893948c3efc689b5b19d8a77958e23"
last-modified: Thu, 20 Jun 2024 14:04:32 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1718892272055039
x-goog-hash: crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2408
x-guploader-uploadid: ACJd0NrlOupexQwesRuCi5xj1dXwYt8GGaGrooYe5mTVn9o2ZpyFr-i4fquVyQ579uCh1fbS6NV_WR4MpQ

GET
H/1.1 200
OK WY526rG0jZYpyF4B Show response
imgs.signifyd.com/ Frame CEE0 0
398 B 144ms
141ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 04 Jul 2024 14:55:39 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 c Show response
ids.cdnwidget.com/ 441 B
780 B 581ms
191ms XHR
application/json 2600:1901:0:56e0::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=241005201&GCS2=MTcyLjE3LjAuMTIsMTAuMTMuMC4zNCwyNjA0OmFhYTpiYmI6Y2NjOjoxMDIw&pe=false&wsid=6664&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Afalse%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A6664%2C%22loadID%22%3A%22E6eAJcQL0YDZnfj%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A9%2C%22IDStageStart%22%3A9%2C%22netComplete%22%3A139%2C%22obsReqpage%22%3A430%2C%22obsReqdata%22%3A447%2C%22obsReqview%22%3A447%2C%22IDStagePrefire%22%3A447%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A-7%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%225525053199495524568%22%2C%22visitid%22%3A%221720104939190709%22%7D
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:56e0:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 8fd8eb4caa5a4be4e23c845b17eeb3636f8b6b45610be115d582916d6bbe9075

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:39 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 441

GET
H/1.1 200
OK WY526rG0jZYpyF4B Show response
imgs.signifyd.com/ Frame CEE0 0
398 B 138ms
137ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 04 Jul 2024 14:55:39 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 lookup Show response
pd.cdnwidget.com/ 94 B
310 B 475ms
152ms XHR
application/json 34.149.130.207
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pd.cdnwidget.com/lookup?deviceID=2imJtF7YS9tA48ee27yTfxpEBJF&bxwid=6664&bxdid=5525053199495524568&visitID=1720104939190709&enableUID2=false
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 207.130.149.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: 0611894db287962f5bcce0da6738a4a6ecdab5b29235c48d87decb3127e9254f

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:40 GMT
x-envoy-decorator-operation: id-resolution.id-resolution.svc.cluster.local:9000/*
via: 1.1 google
server: istio-envoy
content-type: application/json
access-control-allow-origin: *
x-envoy-upstream-service-time: 11
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94

GET
H2 200 init1.js Show response
api.bounceexchange.com/bounce/ 108 KB
20 KB 599ms
148ms Script
text/javascript 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/init1.js?wklzs=1126&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHYAmABn1IBYBOS0gZmus2AC8QpKzMB3AUwBGOVMD4B9VABMoANjmVMAJz44QAGzhoMBGaVIAPfGVJK+MPouWKo2AIZq1qBAHMxcRWqgALYMAAOOACk9ACCgcQAYuERPLEAdHxqMEggOAC2fGhIOHEpadF8CGIAwmGRiTAAtCnpmahI1YqoaU72OJgAbqjCwGIpIADWqHxQgYQAQuHEan5TwWXEPv5BxACsoeGrkZuRsTwJSTUZWTl5OxGFJWVbF0nVqcf1jc2taivE4cVTinMbxB--MYAEWwIEGw1GEymkikvwWqy2q1I63wTBoCOIlFWMgAHHNiF9-l1JHCiGQKDRGKjSIRSNRPlMOnCxpN-moQM5nHxJBIEHCYG0+Az-nwOhYxOzOdzefzBcLiEhbIpegBHYAATzhpHlODgAhavmlGB6QsBoQFb1NhOmHK5PKcEkkhTQMGGJLNIQtOCtU0Vytllvlft6HXscFNH3NcsIQPlkmcEVQihwwAAMiBbO7IyFgIpw-KvErJABJWMeqbEZogGRgADS+mctcUAA1a+NxutKBAVfoZAAlADiqcoanx1tUMGApeZ-0raQAUsAIoQAJoAZWowBClBxfD4xEI6oAKjB9H4AKLjedRQEE6HOZlQ-7dAAKyi6IDgOGKX9AGR+Hpej6z44Gueo4EgTQCBYAbevK3RHnw+jAGBQiQag0EAdmQHyl+0pqHwzi2EgmqAXKd7-IqSBeOIwDvPMZLkFQtAMNQhDAsCnRKjgADakp2ryAC6sCClxyY8aK4r8dKTjCUBYm8cGYhquqwkmKG4m6vqIiiDyxoiHwcmiRpvHSfaRRSM6qCutyRmWgpPHBnZ3oOUpoYaIZIn2SZPF+LYXJiBqfiefJHROjAfG2jJFlOggLpus5fCdOFjlKiGYYhaJ-RDLRYISkqXJeS5Ah+FAJiZKVPEAETBlVAA0NW2KIzggIo6r1TVNFIAMn7AB1XggBkHV+IoICSHAKAdd6SrUVVgmYH4dE2HkfiOLYyDiDAaj+TYHSFjYhaKPa0hztWdYNk2rbtp23a9oOw5qJgE69FIUBzouy7rpu267vuh4nmel7XkAA
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: 374d82879a3ed014d93e0dae39a48d4cb5ec3387c601cd3c870203a440971a23

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:40 GMT
content-encoding: gzip
x-envoy-decorator-operation: legacy-api-tier1.legacy-api.svc.cluster.local:80/*
last-modified: Thu, 04 Jul 2024 14:55:40 GMT
via: 1.1 google
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 26
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H2 202 graph
idr.cdnwidget.com/ 0
195 B 460ms
164ms Image
text/plain 34.149.130.207
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idr.cdnwidget.com/graph?cookieID=2imo6jKxgKrXKBB534Qqx6RGL4l&deviceID=2imJtF7YS9tA48ee27yTfxpEBJF&bxdid=5525053199495524568&bxvid=1720104939190709&bxwid=6664&gm=true&apikey=2^HIykD&loadID=E6eAJcQL0YDZnfj
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 207.130.149.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 14:55:40 GMT
x-envoy-decorator-operation: id-resolution.id-resolution.svc.cluster.local:9000/*
via: 1.1 google
server: istio-envoy
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 id_sync
events.bouncex.net/track.gif/ 42 B
207 B 128ms
126ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2imJtF7YS9tA48ee27yTfxpEBJF&source=web&agent=cjs&deviceid=5525053199495524568&visitid=1720104939190709&websiteid=6664&pageviewid=undefined&sequenceid=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:40 GMT
x-envoy-decorator-operation: event-collector.event-collector.svc.cluster.local:80/*
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H3 200 creatives-base-styles.a53944a2.min.css
assets.bounceexchange.com/tag/css/ 37 KB
6 KB 85ms
83ms Stylesheet
text/css 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/tag/css/creatives-base-styles.a53944a2.min.css
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 15:55:04 GMT
content-encoding: gzip
age: 82837
x-guploader-uploadid: ACJd0NphCnmVXEJStlptHbs65ATNEJkMG-MSA0Zbfh5WI3Zv03P_dKgoBp0lrVK7puCU-9o7Cg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6053
last-modified: Tue, 13 Dec 2022 17:12:22 GMT
server: UploadServer
etag: "54f61bdcbfb6f81427c8a6803f48b02f"
vary: Accept-Encoding
x-goog-generation: 1670951542233151
ad-auction-allowed: true
access-control-allow-origin: *
x-goog-hash: crc32c=lLRhfg==, md5=VPYb3L+2+BQnyKaAP0iwLw==
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 6053
accept-ranges: bytes
content-type: text/css

GET
H2 200 visit
events.bouncex.net/track.gif/ 42 B
97 B 110ms
108ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoB1ETAEwIDuYNgDkAKmwCMzFpQDMAITbdMANgAs8pdWYAPDQEo2AQQAOp0gk4IARgGkoNBnIDsjOarbs7ACTF4AGRoAYTZSEABrBDYAcQQAYwiCIx1ggAskAgBbaLpJalUWItYdAGUUADMUJBAneld3VQAyUAgYJAQK5A6kHBbwKGgKPh40U3QEWCRSHDTISFNhanrjGno6NboBbcYEUgr4gjAcyBB4sEZDrM3aLAB9YNXluj2KgFpD44RT+I+arJ4KFIYH6bWgHTABFIsFOBEwuhwklUzGYoMGEKhMJAcIAnoidKjWoN4vBINlgNUQCgbJYwDhKC5tNRSAQ0BheHceDRqPIntQqsDcjzqKFqNQEMBkHcWWyEByuWLedyBYhuSFufFqpA7gBHSA4tVyPklYWi6hgWA2AHzOV3OFtIVKsUqx0i7ky9mczCc3hYU4VEByw18l1qt1izVISDB5VA1WK8PUSPainQx1G2OCsNm8YYO760zpkNxx0uAAiaJghwIEUD9MZ3N4IF4MbF9HW9GY9UkAE4e+oe+3qOp6KoABzZ7mgFuKo2SFw6aQD9TMHv5HsuTyJ4Axhvl9Vi3hoWggJBgSABAgoGc8o2QJCwXJmtLVXgASTLrbFICyBFUACs7F0NA7CQAANOwFAUep1AARR1fQACUYgCdRSEnMVIQqSAPy-agfwAKUgWgXAATVKHtIGMdQxwQBBqBcHExAqXRTAAUQUAjaAw6gj13JlwAABQ6UACHgYJSWyZBg1DRNwFKS0wHiGobGk2djFks1wDEBBdEgBSbCUlS1NvDSSwPah4FtSw0BQeIDXUzSNTstIEHzJZTPnRdmGXZg5A3BlP0TCpgGjdSvOYJd+xKM0UAIYMYvdUwvzmBYlhWG4bm2ARdn2T4TjOC4rhue5HhK-YPiOArfmUn9AWBHiUA83lErFYBTB3cKLJvJ1eJ4pAvx4+JQuDCKopXCyIB6o03kkCy0GU4Mey3M1rnU1rmRG8KF0inzooszUsnGEA0EwZqMwbMVh1HYdNHUhkmWATrTI20gts8nbxtYfdE2HVQxVcfip2elqLLesKPu83zAosv6AYne7LuoJ6ErB97eTGvaJv3HGKys1AMGwaAbEyIRkBwdJMhyJp8YmInJTPbFMHxQoZDZmnEAJv1oAsFBIAqAgkCyHAVH4IQpFRWnCZgX1QHib4cULHBfTACIyVMJoSXPKSkGgF8lLhBnIDlHBUQwAhoEOWBsCQHFDl9CnjCac3LbEm27YIX05EdkRnYQC2rfdzAUByCmUGD3gUD9i2OjQJmcFg4Jo-BBA47hYPQ9gx9VPiZP4igPFCBthAgWT0wjkgIF7YQHAfDkHw87hU5MD9aucBEJ3fwd1EBFsB1mxwVQh-USsB8x3y12oDdmlls4EAHodO27PsByHEdxyaXMJUDAQx6aRAdUfTB5YH1F4nCP1Thyc8Q9MRFPqx6RVHoTWL+wFBTBABmIDhHBK7QOQTRZ7y2Vk0SAaRTwcnGFGHEdxtZczuE2MA1JLC8BwC6MBRACA4HUDofeYkkAgN7jYJodNcD43wdhH0OB8JZCIiRcilFqK0XooxZirEOJcSaC+JA8o0G0L-IBYCoEIJQRgvBJCKE0JAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:41 GMT
x-envoy-decorator-operation: event-collector.event-collector.svc.cluster.local:80/*
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H2 200 pageview
events.bouncex.net/track.gif/ 42 B
97 B 110ms
109ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdBOgGYDGA9oQLYS4YHQk2696EAHYB9AMKVarNgFpufAUNWoYvGJJDpCAMlCRYCRB2SFcXXlBDaQAI3QRCmYgHYAQtSroXGCQACbSev5kClRsBoQQkVSy-tAQqNKBwRBhEVRUUf6xhgl51Ml5HI640gCOuACekRT+AAyJ5VSEyM66+NnSXJKEMLgl+c15RfHt-pmh4TIwIVKCbHAhTdFTY2X+lai4m4VxO0l7VdIO6Mg7EzEnM3mmENINwLdbD6VeACIm4NA4EhuFwANZwYYALwgmC8pCo-zMQMsIEkgyEBhw+CIBVo9EY8BY7DU-EEwlEdgkMnkEnYqh4pM0HG0un0hkRgIsIPBL1sXAyjkgmG2HPMwK4YLgr3q70wpGA7OeYssEp50ihMIALJqAKyaoxiYCWXjATAtA12I24DhsM0Wk0oQim82GxBgYDOoy8LjLO3wCDOYajJaYABs4f1sCDIYAjF4qC0Yy1NQBOTUtFMxqgpryhozLWAcCAhnU6qg6lo60gxlNplOlqi60MADlFQNjRniNRukiLHY46DgknwOncuBAJswcYTSdTmqToa8BsHKxAwBgUDSw0GmHHYFI+cBRcwISMuGwMFQYVAB3q6tsqAB0hCMEILjcIWFJzPkK4mE1CadlwaDHv6zhGACw6YNYaRAWw1QhlQOgAFK4DQXgAJoAMoprg5Cas2EAQFQXj1AAKmwAAewAAKI+MhNBGNgjg5J+SHeqGABWADSlFgNxqAABrcT4PhVpqACKNSUaGABKADiAAymroEAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:41 GMT
x-envoy-decorator-operation: event-collector.event-collector.svc.cluster.local:80/*
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H3 200 6aa18944a3ad2c224d37dafb46afa35f.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 92 KB
92 KB 94ms
94ms Image
image/jpeg 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/6aa18944a3ad2c224d37dafb46afa35f.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 29 Jun 2024 23:49:35 GMT
age: 399966
x-guploader-uploadid: ACJd0NpD1Dq1gfYCalNQar9REcfeI_vCfalU48DqUbtjGXXudHAE9GfEqz1H-uIy2Cb4VVcKlOWHC3TLfQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93895
last-modified: Mon, 08 Apr 2024 16:27:35 GMT
server: UploadServer
etag: "6aa18944a3ad2c224d37dafb46afa35f"
x-goog-generation: 1712593655184176
ad-auction-allowed: true
access-control-allow-origin: *
x-goog-hash: crc32c=H/B1bQ==, md5=aqGJRKOtLCJNN9r7Rq+jXw==
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 93895
accept-ranges: bytes
content-type: image/jpeg

GET
H3 200 59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 18 KB
18 KB 83ms
82ms Image
image/png 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 00:31:15 GMT
age: 51866
x-guploader-uploadid: ACJd0NpnN3glNC67JR6kE5YY_9o0UFvkAu9hEUgf06EAxuUGeDgq6F2BHwBiTbn4OysxUdEhvGE
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18352
last-modified: Tue, 25 Aug 2020 15:57:40 GMT
server: UploadServer
etag: "59a941c096f98029341d8c56b7b89113"
x-goog-generation: 1598371060392963
ad-auction-allowed: true
access-control-allow-origin: *
x-goog-hash: crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 18352
accept-ranges: bytes
content-type: image/png

GET
H3 200 16f45df19355361dc1c101036c0035b0.png
assets.bounceexchange.com/assets/uploads/clients/3258/creatives/ 2 KB
2 KB 121ms
121ms Image
image/png 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/3258/creatives/16f45df19355361dc1c101036c0035b0.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 00:41:41 GMT
age: 51240
x-guploader-uploadid: ACJd0NpprbEj4lmpBJpijt4IdLQ_BnO5qGPm9rcdPbV6r1LnPESnKJUN0VHqadfV85tg7mtAZ-xphfjxKQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2419
last-modified: Thu, 01 Apr 2021 03:01:32 GMT
server: UploadServer
etag: "16f45df19355361dc1c101036c0035b0"
x-goog-generation: 1617246092060079
ad-auction-allowed: true
access-control-allow-origin: *
x-goog-hash: crc32c=pklVBw==, md5=FvRd8ZNVNh3BwQEDbAA1sA==
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 2419
accept-ranges: bytes
content-type: image/png

GET
H3 200 eligible
events.bouncex.net/track.gif/ 42 B
61 B 100ms
100ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7ACYADHJUAWAJwaVAZi0KycAI7yypEHwB2nAPoRgUHGVE8ADgQghrjnEo0ANiUlPSMoFlRkTBwEFmtogA8yAhBMWxwAKygyHiZgGJUyAHdMJAhOTD9Amo0yRigKv0VVdW1dLTklQ0CKBghovwBWIaUhlSG9OS0dLRGAocCADjJPNMZMYuaLTBM4dMHgf1ciCHTOTgg+KE4CD3llNU0dOQM5E7PbAncIemxGpjWHC3EB6PqMaI4YBkTjiCCoYB2TyoTgATzsNyYqFSmDswGgBAQREwR0IJHInAAXkwcBpVBYmHh7H4lFcAFKcABiCgAmjAtJwAIIaJaYTBKBSoqR4RLuACiACE2ZyyOICAiHEdWXlApkANKJEB61AADT1CoVkw0AEUTIlAgAlADiABkNEQgA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:41 GMT
x-envoy-decorator-operation: event-collector.event-collector.svc.cluster.local:80/*
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H3 200 pop
events.bouncex.net/track.gif/ 42 B
61 B 99ms
98ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/pop?wklz=A4e2C4EMGMBcEsBukEgHYF4EFsCmAnAMgHNcRxoQBXNWfAT0oBNcMBhAQRLPH12PjoMARTbdylWvDS5azVgDkuVAI4YAjIWiRswSPGJp4TDACYALADZTpgMwB2QgGdq+aKwBG1NO4AehSFJaDAArJ0JsEBYMAAZCAHdcDyd4WFxjDEss80JEeBSEE3V7Uxj1GPMATnMYyvVTSvtLQhY89wyAVg7TDpiO23VK6squiw7LAA5CPVI83HiMzSdcFSpZdpNbLQAbeFlYHFwnWB1gDRKyiur1WxGdvdpIYCQCFKET4i3W+HcMJkJYAALeD4JgAfT0+Fg9DBxxA+ECuDBTHykA821wJgAZpBtssAQAvEAYcylZwgLGwMEZUzwbAAKVgADF7ABNADKlVgHHME1wuFM9noABUsb5gABRABC9KZhEBkFB1JMtMilhCAGlfMQNfgABoaqVS-rmYQqXyWABKAHEADLmbZAA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:41 GMT
x-envoy-decorator-operation: event-collector.event-collector.svc.cluster.local:80/*
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H3 200 eligible
events.bouncex.net/track.gif/ 42 B
61 B 100ms
100ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7ACYADHJUAWAJwaVAZi0KycAI7yypEHwB2nAPoRgUHGVE8ADgQghrjnEo0ANiUlPQAOCxZUZEwcBBZrGIAPMgIQTFscACsoMh4mYFiVMgB3TCQITkw-QNqNMkYoSr9FVXVtXS05JUNAigYIGL8AVmGlYZVhvTktHS1RgOHAiM90xkwSlotMEzgMoeAceuQiCAzOTgg+KE4CD3llNU0dOQ11V1PzgncIemwmpjWHC3EB6fqMGI4YBkTjiCCoYB2TyoTgATzsNyYqDSmDswGgBAQREwh0IJHInAAXkwjqpInh7H4lFcAFKcABiCgAmjAtJwAIIaMKYTBKBSoqR4JLuACiACEWeyyOICAiHIdmflAlkANJJEA61AADR1crlUw0AEUTElAgAlADiABkNEQgA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.elfcosmetics.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 14:55:41 GMT
x-envoy-decorator-operation: event-collector.event-collector.svc.cluster.local:80/*
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/

Domain: h64.online-metrix.net
URL: https://h64.online-metrix.net/1afEKBW3OirwkZ15?e8a5ca066ea39299=BR6GSSFDHgg-01xTZumKXR1FrEpc8hGOG0haBseBdbgQcnQq6mR7w_9F4M3YsYW9Mm5V91NMXluE6QtHX0ZRBeFY14cDy1Mu1DXEDIlVygJ-_0UFZUA_TXENoGAUNXwZv2BG2IK5HeOoUakjbqbn0S0dxEk3GV8_DAIKJazvZMQ

Verdicts & Comments Add Verdict or Comment

179 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

91 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: pNAuCV9Owvc
.youtube.com/	1970-01-21 02:07:36	Name: VISITOR_INFO1_LIVE Value: 2TFy1kW6l_4
.youtube.com/	1970-01-21 02:07:36	Name: VISITOR_PRIVACY_METADATA Value: CgJDQRIEGgAgKg%3D%3D
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: initAuthComplete Value: true
.elfcosmetics.com/	1970-01-21 07:24:24	Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57 Value: g%3A59cc28d4-f24c-dc66-0543-c55d508a8b4f%7Ce%3A1720106729477%7Cc%3A1720104929477%7Cl%3A1720104929477
.elfcosmetics.com/	1970-01-21 07:24:24	Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57 Value: g%3A230d00ed-841e-85ef-229e-bf0b04e74b44%7Ce%3Aundefined%7Cc%3A1720104929479%7Cl%3A1720104929479
.elfcosmetics.com/	1970-01-20 23:58:00	Name: _gcl_au Value: 1.1.1284689265.1720104930
.elfcosmetics.com/	1970-01-20 22:31:36	Name: _dyjsession Value: apx5287cq2xiyjh9ds3exyjveo4fgioc
.elfcosmetics.com/	1969-12-31 23:59:59	Name: dy_fs_page Value: www.elfcosmetics.com%2Fen_ca%2Felf-cosmetic-criminals
.elfcosmetics.com/	1970-01-20 22:31:36	Name: _dy_csc_ses Value: apx5287cq2xiyjh9ds3exyjveo4fgioc
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: scapi Value: prd:7947c963-e43f-4b7b-a2fe-ddb57140a896:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwODJiMWNmZC03ZDA5LTQwZDctYjc2OC03OTUzZjQyOGIyMjUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjc5NDdjOTYzLWU0M2YtNGI3Yi1hMmZlLWRkYjU3MTQwYTg5NiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjAxMDQ5MDEsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibFhJWWwwazNsSGtSeHJvWHhHWVl3SEJHOjpjaGlkOiAiLCJleHAiOjE3MjAxMDY3MzEsImlhdCI6MTcyMDEwNDkzMSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNDg5ODUxMTQzNDIyOTMwOCJ9.9A0_zNjzVDae1nMQXEKRNBG4OfCei7IgtMcWRIptOxeuRGb2aHSdFUNdYVc9hgaINfKJFCD4-PnYTdsvq5uKHQ
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: dwsid Value: hjNXwUmQIDHfZdU7OUvQEJYORGrF2f1KRzwMz5LoPAwnycSnFTp1AvRdJrqC6O0r73Y3LdFR8eyzOKuI8IjziQ==
www.elfcosmetics.com/	1970-01-21 02:07:36	Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92 Value: ablXIYl0k3lHkRxroXxGYYwHBG
.dynamicyield.com/	1970-01-21 06:34:00	Name: DYID Value: -301740932795549725
.elfcosmetics.com/	1970-01-20 22:31:36	Name: _dycnst Value: dg
.elfcosmetics.com/	1970-01-20 22:31:36	Name: _dyid Value: -301740932795549725
.elfcosmetics.com/	1970-01-20 22:31:36	Name: _dycst Value: dk.w.c.ws.fst.
.elfcosmetics.com/	1970-01-20 22:31:36	Name: _dy_geo Value: CA.NA.CA_QC.CA_QC_Montreal
.elfcosmetics.com/	1970-01-20 22:31:36	Name: _dy_df_geo Value: Canada..Montreal
.elfcosmetics.com/	1970-01-20 22:31:36	Name: _dy_toffset Value: -1
.elfcosmetics.com/	1970-01-21 06:34:00	Name: _dy_soct Value: 647796.1248068.1720104932.apx5287cq2xiyjh9ds3exyjveo4fgioc836603.1652212.1720104932837245.1654610.1720104932*861617.1750272.1720104932
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.currency Value: CAD
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: sid Value: hRHbaA1wzEJBA0MKCawTOpUsyMOBORE52Vo
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.InternationalUser Value: true
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.location Value: CA
www.elfcosmetics.com/	1970-01-20 21:49:51	Name: currentLocale Value: en_CA
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.sessionid Value: ablXIYl0k3lHkRxroXxGYYwHBG
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.LanguageIsoCode Value: en_CA
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: __cq_dnt Value: 1
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: dw_dnt Value: 1
.elfcosmetics.com/	1970-01-21 06:34:00	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Thu+Jul+04+2024+07%3A55%3A32+GMT-0700+(Pacific+Daylight+Saving+Time)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=0cc442b8-c800-4dae-84b8-71cb07143916&interactionCount=0&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1%2C5%3A1
www.elfcosmetics.com/	1970-01-20 21:58:29	Name: FPC Value: d5118d3c-9316-4191-bfb1-3a53012b343c
.adsrvr.org/	1970-01-21 06:34:00	Name: TDID Value: 57e233ba-1074-4376-84b0-175016266ad5
.adnxs.com/	1970-01-21 07:24:24	Name: receive-cookie-deprecation Value: 1
.elfcosmetics.com/	1970-01-21 07:24:24	Name: _ga_ZLYXLXNDL8 Value: GS1.1.1720104933.1.0.1720104933.60.0.0
.elfcosmetics.com/	1970-01-21 07:24:24	Name: _ga Value: GA1.1.1436324511.1720104934
.elfcosmetics.com/	1970-01-20 22:31:36	Name: rmStore Value: dmid:9097
.adnxs.com/	1970-01-20 23:58:00	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2E?gwrmqN!]tbP6j2F-XstGt!@DyW$zlr+
.adnxs.com/	1970-01-20 23:58:00	Name: XANDR_PANID Value: nrKEciUjny7fnBz6xmhVnARBMxZ7AIjpukjDHydppCVBEdZoIgYjgQRFQXmw9Np2v9G8imul-PZJC-zlFl3TnNE7Pa6DAb7DcuK1g49qNcg.
.adnxs.com/	1970-01-20 23:58:00	Name: uuid2 Value: 7849415851456316905
.pointmediatracker.com/	1970-01-21 06:34:00	Name: c Value: 9c2ea9c4-84ce-4991-a8da-4653429f3033
.elfcosmetics.com/	1970-01-21 07:24:24	Name: _ga_5D80LRC85N Value: GS1.1.1720104933.1.1.1720104934.0.0.2012313899
.elfcosmetics.com/	1970-01-21 07:17:48	Name: _cs_c Value: 0
.elfcosmetics.com/	1970-01-21 07:17:48	Name: _cs_id Value: fe4a2431-3183-ad49-ef50-88dcfe56386b.1720104934.1.1720104934.1720104934.1558384338.1754268934457.1
.elfcosmetics.com/	1970-01-21 07:24:24	Name: FPID Value: FPID2.2.uZYWKy%2B8YADEZKmHXM4fgwnu4F44V70xUf4xBpmzTa0%3D.1720104934
.elfcosmetics.com/	1970-01-20 21:48:26	Name: FPGSID Value: 1.1720104934.1720104934.G-5D80LRC85N.RfU4VasYCoRVB0KLM9ZYlw
.rubiconproject.com/	1970-01-21 06:34:00	Name: audit_p Value: 1\|wlNAegIEx50t4IKvU3wmx5iW21YN/LeQxayisbdhYa+byR+hvQt5L+0AKjpl/TeXKfWedlz/uiyM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLuqssAuPs4saNJj1ZaUwQmVtCryrqy3BotyDITxNc6c+dV+lzKIpligXHRiEbp3BzpbOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.rubiconproject.com/	1970-01-21 06:34:00	Name: khaos Value: LY7E2DUJ-V-M82G
.rubiconproject.com/	1970-01-21 06:34:00	Name: khaos_p Value: LY7E2DUJ-V-M82G
.rubiconproject.com/	1970-01-21 06:34:00	Name: audit Value: 1\|wlNAegIEx50t4IKvU3wmx5iW21YN/LeQxayisbdhYa+byR+hvQt5L+0AKjpl/TeXKfWedlz/uiyM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLuqssAuPs4saNJj1ZaUwQmVtCryrqy3BotyDITxNc6c+dV+lzKIpligXHRiEbp3BzpbOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.elfcosmetics.com/	1970-01-20 21:49:36	Name: FPLC Value: 3O1R8wHjNvaXc7b0Tq0SD4aNBZmLGUsbdtcDX79uxg435dq6JSBP1Kpm6esg%2BWrYeHlmFyuCaCPgT0TiXLXv9eBHUMlbbZD7Gfl6AIad026DRpNI3t0bL7D8BKXbrg%3D%3D
.elfcosmetics.com/	1970-01-21 07:24:24	Name: _scid Value: f6b0a7a9-23fc-4f38-55fc-2316c662370d
.paypal.com/	1970-01-20 21:48:56	Name: LANG Value: en_US%3BUS
.paypal.com/	1969-12-31 23:59:59	Name: x-pp-s Value: eyJ0IjoiMTcyMDEwNDkzNDc4NyIsImwiOiIwIiwibSI6IjAifQ
.paypal.com/	1970-01-20 21:52:44	Name: tsrce Value: crcpresentmentnodeweb
www.paypal.com/	1969-12-31 23:59:59	Name: nsid Value: s%3A0weqhu2Pkl-8HKBMEtvopJYBgNDdf1g0.DVhooeKZTDF5D6a4EzJpnFEN%2Fb7h8aOzIcNW0BYXycg
.paypal.com/	1970-01-20 21:48:26	Name: l7_az Value: dcg15.slc
.paypal.com/	1970-01-21 07:24:24	Name: ts Value: vreXpYrS%3D1814712934%26vteXpYrS%3D1720106734%26vr%3D7e3e5d671900ad116453b6a8ffd0f0f1%26vt%3D7e3e5d671900ad116453b6a8ffd0f0f0%26vtyp%3Dnew
.paypal.com/	1970-01-21 07:24:24	Name: ts_c Value: vr%3D7e3e5d671900ad116453b6a8ffd0f0f1%26vt%3D7e3e5d671900ad116453b6a8ffd0f0f0
.doubleclick.net/	1970-01-21 07:24:24	Name: IDE Value: AHWqTUl-oMRHwdXu9k7SAKevfnZgsVUF4WAUNm1A3NZnGRQzrYXWu81u-ItKGiulT10
.adsrvr.org/	1970-01-21 06:34:00	Name: TDCPM Value: CAESFwoIYXBwbmV4dXMSCwjulYe67JCOPRAFEhYKB3J1Ymljb24SCwiauoe67JCOPRAFEhUKBmdvb2dsZRILCKKV3cfskI49EAUSFQoGY2FzYWxlEgsI9MDdx-yQjj0QBRgFIAMoATILCMy9qeKCkY49EAVCDyINCAESCQoFdGllcjIQAVoHM2Z0Zm5oM2ABcgZjYXNhbGU.
.elfcosmetics.com/	1970-01-20 21:48:26	Name: _cs_s Value: 1.5.0.1720106735482
.elfcosmetics.com/	1970-01-20 23:58:00	Name: _rdt_uuid Value: 1720104935510.b58cd344-e279-4509-bc6b-4718b32b0b7b
.elfcosmetics.com/	1970-01-20 21:49:51	Name: _uetsid Value: 782a01d03a1511ef9935db8a75f1fac3
.elfcosmetics.com/	1970-01-21 07:10:00	Name: _uetvid Value: 782a21103a1511ef97a9ade464051829
.casalemedia.com/	1970-01-21 06:34:00	Name: CMID Value: Zoa359HM6DsAAFpVAAEdZgAA
.casalemedia.com/	1970-01-20 23:58:00	Name: CMPS Value: 507
.casalemedia.com/	1970-01-20 23:58:00	Name: CMPRO Value: 507
.doubleclick.net/	1970-01-21 02:07:36	Name: receive-cookie-deprecation Value: 1
.tiktok.com/	1970-01-21 07:10:00	Name: _ttp Value: 2imo6E4BV3gxJXa1LxanaEd6vWn
.linksynergy.com/	1970-01-21 06:34:00	Name: rmuid Value: 1e03c785-5aa3-4bd5-8620-8a16c03596d0
.undertone.com/	1970-01-21 06:34:00	Name: UTID Value: ef08584e373a48fabb32ab53236e476b
.undertone.com/	1970-01-21 06:34:00	Name: UTID_ENC Value: e5g3ft4whnog3jb63iro14c4r
.elfcosmetics.com/	1970-01-20 23:58:00	Name: _fbp Value: fb.1.1720104937086.567073247223155554
.doubleclick.net/	1970-01-20 22:31:36	Name: ar_debug Value: 1
.bing.com/	1970-01-21 07:10:00	Name: MUID Value: 156C0A907FAF6BC33E851E227E056A3E
.bat.bing.com/	1970-01-20 21:58:29	Name: MR Value: 0
.elfcosmetics.com/	1970-01-21 07:10:00	Name: _tt_enable_cookie Value: 1
.elfcosmetics.com/	1970-01-21 07:10:00	Name: _ttp Value: 3fFYZj2wsuXqZ_N4oGkacntji_m
.pinterest.com/	1970-01-21 06:34:00	Name: ar_debug Value: 1
.elfcosmetics.com/	1970-01-21 06:34:00	Name: _pin_unauth Value: dWlkPU5UWXdOelEwTVRndFlqUmhaaTAwWVdSa0xXSmtZVEF0TkdOaFpXTXhNRFprTWpreA
.ct.pinterest.com/	1970-01-21 06:34:00	Name: _pinterest_ct_ua Value: "TWc9PSZZc21kWWIxNUdmV01pMU1BQUh5Y3dwRnZuZ25GL1RWTU5tbDlvSWNrZGhlTjk5eGJxT21wOFRkbXczR0gyYVY5R3JPU0tyNm5DSG1lcy9UNTFIWWJSVFdDL1RaL05yRTNaS3dTOFd6VEgybz0mSm5MQzJZc0lmdFVjMnVCWEMyc29SdDZKazJzPQ=="
.rlcdn.com/	1970-01-21 06:34:00	Name: rlas3 Value: 43xyY4yBF93nV9C+mZIaNOLGgMZTKWD/9/8pIzEMxAE=
.rlcdn.com/	1970-01-20 23:14:48	Name: pxrc Value: COrvmrQGEgUI6AcQABIGCOTrARAA
imgs.signifyd.com/	1970-01-21 07:24:24	Name: thx_guid Value: 6f485a1433e1fcc6590ad36c2d9eea53
imgs.signifyd.com/	1970-01-21 07:24:24	Name: tmx_guid Value: AAx04RpVsZwWEjWAC9FUybnegieV_RwlKDFM_Uy3WP1S43b8KIUPOPO0u2hsuBvUaPzQUUuSlnm3WSbgNRDN-58rg1Cyxw
.linksynergy.com/	1970-01-21 06:34:00	Name: icts Value: 2024-07-04T14:55:38Z
.cdnwidget.com/	1970-01-21 07:18:39	Name: __3idcontext Value: {"cookieID":"2imo6jKxgKrXKBB534Qqx6RGL4l","deviceID":"2imJtF7YS9tA48ee27yTfxpEBJF","iv":"","v":""}
.elfcosmetics.com/	1970-01-21 07:17:12	Name: __idcontext Value: eyJjb29raWVJRCI6IjJpbW82akt4Z0tyWEtCQjUzNFFxeDZSR0w0bCIsImRldmljZUlEIjoiMmltSnRGN1lTOXRBNDhlZTI3eVRmeHBFQkpGIiwiaXYiOiIiLCJ2IjoiIn0%3D
.bounceexchange.com/	1970-01-20 21:48:26	Name: bounceClientVisit6664c Value: %7B%22vid%22%3A1720104940912976%2C%22did%22%3A%225525053199495524568%22%7D
www.elfcosmetics.com/	1970-01-20 21:48:26	Name: bounceClientVisit6664v Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0ApmAGYDGA9igLYUICWtKZDTRFAdgH0AwjgJVqAWgbNWHaQCc2TNvwCGYFCAA0IBTBA6QbFIIDm9QSgooUbevxjUN13SfMQrNuw6cuKAL5AA

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Message: Access to image at 'https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_ Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_(Line 1) Message: Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other	warning	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_(Line 1) Message: Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"
other	warning	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_(Line 1) Message: Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other	warning	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_(Line 1) Message: Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"
other	warning	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_(Line 1) Message: Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other	warning	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11486/vendor.js?yocs=1u_1y_(Line 1) Message: Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
ad.doubleclick.net
alb.reddit.com
analytics.google.com
analytics.tiktok.com
api.bounceexchange.com
api.cquotient.com
api.ipify.org
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.blisspointmedia.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
ct.pinterest.com
data.cdnbasket.net
dsum-sec.casalemedia.com
elfcosmetics.a.bigcontent.io
events.bouncex.net
external-api.jebbit.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
h64.online-metrix.net
ib.adnxs.com
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
js.cnnx.link
js.jebbit.com
match.adsrvr.org
page.cdnbasket.net
pd.cdnwidget.com
pixel-config.reddit.com
pixel.pointmediatracker.com
pixel.rubiconproject.com
qoe-1.yottaa.net
s.pinimg.com
sdk.iad-05.braze.com
secure.adnxs.com
sgtm.elfcosmetics.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tags.rd.linksynergy.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aazlqikf67q2i3mrtkt3ywitpyut4avlfs9c349399d350e841sac.d.aa.online-metrix.net
www.cosmeticcriminals.ca
www.elfcosmetics.com
www.facebook.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
www.youtube.com
cdn-fsly.yottaa.net
h64.online-metrix.net
104.18.36.155
104.26.13.205
108.138.64.116
13.249.39.52
140.174.12.225
151.101.129.140
151.101.129.21
151.101.194.133
165.254.198.211
172.217.222.154
172.253.115.149
173.194.68.148
18.165.83.78
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
204.141.88.73
204.2.131.138
23.20.145.69
23.205.107.69
23.220.128.196
23.9.177.190
2600:1408:ec00:12::1730:6845
2600:1901:0:56e0::
2600:9000:20e2:2e00:a:7914:b00:93a1
2600:9000:2191:4e00:a:b89d:a6c0:93a1
2600:9000:2479:f000:11:85b0:d600:93a1
2600:9000:2508:ee00:15:ad21:c740:93a1
2606:4700:4400::6812:2089
2606:4700:4400::6812:26d1
2606:4700:4400::ac40:91b7
2606:4700:4400::ac40:965f
2606:4700::6813:b134
2607:f8b0:4004:c08::be
2607:f8b0:4004:c09::be
2607:f8b0:4004:c19::5e
2607:f8b0:4004:c1b::9c
2607:f8b0:4004:c1d::8a
2607:f8b0:4004:c1f::61
2607:f8b0:4004:c21::69
2607:f8b0:400d:c0d::9d
2620:1ec:c11::237
2a03:2880:f003:c0e:face:b00c:0:3
2a03:2880:f103:83:face:b00c:0:25de
2a04:4e42:600::396
2a04:4e42:600::649
2a04:4e42:77::84
34.102.147.248
34.107.212.52
34.111.8.32
34.117.235.44
34.120.253.250
34.149.130.207
34.198.143.176
34.237.117.238
34.49.124.132
34.98.67.3
34.98.72.95
35.201.66.85
35.244.154.8
46.51.207.194
52.223.40.198
52.85.132.57
54.197.150.242
68.67.160.26
69.173.146.5
74.125.192.154
009342098f06d5ae7b2186f1076fab177d05b5a481ffe1190535fe501c1cae68
03dbf9dc05fa84370cbdfb363a10855e9fd035a833cd83b67e14cdb975882bed
0611894db287962f5bcce0da6738a4a6ecdab5b29235c48d87decb3127e9254f
0b2f3284731451436ae24019f5bced6829fc4f1c005ba21e4694a6dbc6e98f8c
0dd07e7b3a4c3482fab0b0b2f4921f8aace69eddfed4acbb715c30fb4f4affed
11cf11bff7a54cf595f54c5211fd0089934416de1bc7d951f532f967c0ff0d2b
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
21248689d686dfc880bf68eecf7bdebd358d10ddd98e9838433d7b6e8b869ffc
22a7c0f21be2b8240a32adb4e3b490724a69eee63bf02e47615f6d001c0f81f6
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
2712747c3f51e3e240cc7fefcecbf530963c1b3ec7d7f9976275412e7eedf281
27875e1026e8742710642e8ab8400f3ca7472d692fa6a89267fe3b271e26fa77
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805
2e02a7004e780ce2e43c1a5b2775767815f53c8f97413a6bb3bdd072ea221a6b
2f0f86646f6932b0401f5ef63b102f3ec2d2afd6bfd969b35e1e5ee888e2fe40
2f889778a51af70c7303f176fe9adffaa473ca10fbeeeb80f81e7af304a6fdc4
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5
317fad9272eb8c8523c19252324762276f446d449614e657f3d48e1bab58fdc3
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
339579bfab70179b8bd12de8f6f0456bb2c6586bda1e0ca819714278270b8f1a
374d82879a3ed014d93e0dae39a48d4cb5ec3387c601cd3c870203a440971a23
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
39b1948b82779db9c9f7ada92f13003d69857de48b28f19e1dd1f691068f104d
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d
3cc45dd8d967dbc18fd1f2f7c87b8f693de5c1aeb0bddda66ca1c221d05a24eb
3dae94126362e2c8b80dfbc73f6b32f15be7805cbdf6739a72cab5ca534c15e0
3df324704169fcca10e0d90d3722d926aa56cf417a57eae7e17ea2dab9680b67
3f87cee5cca955a5e41d81e6aae9622460f0a2d15abba9c539608dfdbbcae968
41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9
476b949e750bc9bc1e1179523a977db991107d95f9e6ddf9c05212ca6a2b8fb9
4a0fd64f5bf04a55736226ee214b8eb928383198b27f8ce9a925e36e755f0f9f
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
501b0862c5009a54f7ad1098596a538f65b3052408d8a1d4a04b5381bbbae60b
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
52ee1e0452e2f62348b4688b319e5b70ac5358f06433ddba0c44ca290e37458d
55baa715ccc8c2512bceb1c949c1d0927944ca327e7edd2d5fc312d2a41986e4
59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df
5b02d048d7281aed5caad6a0bca1e80747216689205e6ce945d72a98235ee976
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
63bae03aa97278acb1d6f7863e593999bbdc5d280d2fa5a3050f234ce5eee850
66707b7434e14fc523f2fc692e4a190958a02598dd3d9c45ec0f65f90091727b
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
699b5e103ec7cfa5c3d73e5bf229e1959d46626519af418d9e209f5261012b2b
69a8787bd0fb3c7b7910a9c71ec4b210c7f01351ca3c1fb982807fa8f24ee41c
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
6c58f061a49641f54723faab57ad0bdb49a95619e86c90dad9a3ed630ffb3780
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
7142dfd1bdffb1daa451306e67777a326654893f43463bfafd701cb49c6bca4c
71a0f56eb5356f7ff135469289c72eb46acba0e15eee58daaeb2941cd6a11de5
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7ed847ca93d491c3e5ddf82fffc2f7b1602422d2826657e70585fc8eacbc490b
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
85461719c1f6479769151df8cad3514d6819310afbe893ec9fc124501c5b1697
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb
884df8688e9d6c00669dbeccb332ad72dd4daa12abbdccc5a77fd21cfbcc5f42
8878a6113d3767fcb0f7c88fdc432c839a4e4e6fe97dec5e24b0d5eb32addd88
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d
8b5eaf40218075cea5deeb7f5b1f281030c970a307707acb1a2057518c64a902
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
8fd8eb4caa5a4be4e23c845b17eeb3636f8b6b45610be115d582916d6bbe9075
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
92a5177b52e1056a602b10689fe45ab36dc751b6f84fa5e86d1162c48b53d703
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac
94ccc14d90a9eaa87f6027c137632595bdb5a3cf6125358a85b9fbe1f6521c79
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
96e567e55058088bf057ebeb964b202435a2c745a55f49df106fe22f2a9a8e11
970f88ea89cb7d240c5801ef71620c2b32b868a9b3d6cf53bb26f53fde5b0c63
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a396f6a0b9a01f096a49c3f06461a724e7a5ac86baf67ff8034435b4dd5dbe8f
a97e79a09f4d99ea7a5806ce9264c2715d8d227fda3d59321e5d0370d032034d
aa4e04ca2c61874e10fcc4bc47e9eab239ff6d339f8f4d946e9555d7b2f6904a
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ad3ed177f053d775094fa0ad440fd4f6baf970be9af3b38b62e734dd4ab99ecd
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b43aa451108e8579a5111519d0eaf711f17b6cf5a90fa56a8853618fa838112e
b592ffae3e4db32ca59f44351815755d85f43b1b03b5f6b75adf0c727ac702c1
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c5f7a24bdd33816544f990e2b155d94405e705f61cf05698ca96f525ebfe9782
c8ce8e7f48ba031fd5432cadf59198b1ebaa88f4fbb033ccb633ce94f6a175ca
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc9709489aeba0f23cc18fd3d1ff6f2087e1381ba6dbe92e98738228d520fd54
cd56592299c1c670fb97ef28bcb50048508c01879ecb23b71364aecc0483e202
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d23d5715ffe428ffa9ce297fba04eb9ba463cbc6478269f0c53ceeeada3c95c6
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d7003226e2fea50e6765c46fe1bdacfe3a16adedd6c7a2530fef876c2356cf9f
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca
d7a4d3c6bbb813b80afb47a45e75320ff14b02e65ad1ca740d62bcbfb646f2ad
d841b6859d2469f63df65c0a91d70da822367d82810d4d08900d79b21bdddc19
d891e16dbaf81b89f017b6516afdeffe602f8df1d5e269429e7b6eaf63726a03
de4c69e340960eb3472db636f541e7f04b6482965dda55ac281535efe8e03ea7
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4fb59b2144a6681bc2c4db4a280a72e4449a3fc051b411f0656ebbf074723d7
e5388572b3a18177d029f93dde3a77067783ddbe1bb2b89a078eebd61229b3bb
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10699f59e4285b87af5097e4ba9e470ee29b4f3487fa767f2818bdbbdd6bb14
f366287eaa5627dc7ee48d1fcb79d20bceae8238ee2f1dd772f059685fe9c799
f7e9c4d6427d6379534a8324d46af322f1a7b3aebe482a1e5bdaf2e069714568
fbb7c8b0d0c8039153ec4ad8ba215093d355daeb1dc8fa8d5a996feed55bbfd6
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
fdfea52427fb822bebdd32b325768e73b40637bd203c100827d4dece88e431c3

www.elfcosmetics.com Open in urlscan Pro 140.174.12.225 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

194 Requests

94 %HTTPS

37 %IPv6

48 Domains

75 Subdomains

60 IPs

3 Countries

9826 kBTransfer

20027 kBSize

91 Cookies

15 Outgoing links

Page URL History

Redirected requests

194 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.elfcosmetics.com Open in urlscan Pro
140.174.12.225 Public Scan

Screenshot
Live screenshot

Full Image

194
Requests

94 %
HTTPS

37 %
IPv6

48
Domains

75
Subdomains

60
IPs

3
Countries

9826 kB
Transfer

20027 kB
Size

91
Cookies

194 HTTP transactions
3 data transactions