www.elfcosmetics.com Open in urlscan Pro
204.2.133.170 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cosmeticscriminal.com/
Effective URL:
https://www.elfcosmetics.com/cosmetic-criminals
Submission: On January 01 via api (January 1st 2024, 11:14:48 am UTC) from US — Scanned from US

Summary HTTP 215 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 66 IPs in 3 countries across 53 domains to perform 215 HTTP transactions. The main IP is 204.2.133.170, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 78022.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.

This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	204.2.49.63 204.2.49.63	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1 12	204.2.133.170 204.2.133.170	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
6	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
4	35.190.10.96 35.190.10.96	15169 (GOOGLE) (GOOGLE)
12	2606:4700::68... 2606:4700::6812:83ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4004:c1d::61	15169 (GOOGLE) (GOOGLE)
3	2600:9000:26a... 2600:9000:26a0:4e00:a:b89d:a6c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	64.185.227.156 64.185.227.156	18450 (WEBNX) (WEBNX)
6	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:269... 2600:9000:269f:3400:15:ad21:c740:93a1	16509 (AMAZON-02) (AMAZON-02)
7	2607:f8b0:400... 2607:f8b0:4004:c07::71	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:215f:b800:11:85b0:d600:93a1	16509 (AMAZON-02) (AMAZON-02)
2 2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2 3	68.67.160.186 68.67.160.186	29990 (ASN-APPNEX) (ASN-APPNEX)
3 3	34.200.65.202 34.200.65.202	14618 (AMAZON-AES) (AMAZON-AES)
1	23.15.9.48 23.15.9.48	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	34.226.48.45 34.226.48.45	14618 (AMAZON-AES) (AMAZON-AES)
1 2	54.157.127.36 54.157.127.36	14618 (AMAZON-AES) (AMAZON-AES)
1 7	2607:f8b0:400... 2607:f8b0:4004:c09::9d	15169 (GOOGLE) (GOOGLE)
6	3.161.213.35 3.161.213.35	16509 (AMAZON-02) (AMAZON-02)
1 2	142.251.163.149 142.251.163.149	15169 (GOOGLE) (GOOGLE)
1 2	142.251.163.148 142.251.163.148	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4004:c09::63	15169 (GOOGLE) (GOOGLE)
1	44.215.235.184 44.215.235.184	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.192.51.57 54.192.51.57	16509 (AMAZON-02) (AMAZON-02)
1	3.161.213.114 3.161.213.114	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700:440... 2606:4700:4400::6812:2a49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	204.2.50.18 204.2.50.18	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1	184.27.13.189 184.27.13.189	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.102.147.248 34.102.147.248	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
9	151.101.129.21 151.101.129.21	54113 (FASTLY) (FASTLY)
1	2600:1408:c40... 2600:1408:c400:59::17d5:9e04	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:269... 2600:9000:269f:5800:13:d6f4:3240:93a1	16509 (AMAZON-02) (AMAZON-02)
1	172.253.115.156 172.253.115.156	15169 (GOOGLE) (GOOGLE)
2	54.230.48.245 54.230.48.245	16509 (AMAZON-02) (AMAZON-02)
2	2600:1408:c40... 2600:1408:c400:38e::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f07... 2a03:2880:f07d:0:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a04:4e42:400... 2a04:4e42:400::396	54113 (FASTLY) (FASTLY)
21	23.212.251.214 23.212.251.214	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2600:9000:21a... 2600:9000:21a2:2400:a:7914:b00:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.225.195.100 13.225.195.100	16509 (AMAZON-02) (AMAZON-02)
1	3.220.158.64 3.220.158.64	14618 (AMAZON-AES) (AMAZON-AES)
1	34.120.253.250 34.120.253.250	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
1 7	35.190.43.134 35.190.43.134	15169 (GOOGLE) (GOOGLE)
1	52.204.189.63 52.204.189.63	14618 (AMAZON-AES) (AMAZON-AES)
2	2001:4860:480... 2001:4860:4802:36::181	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c09::9a	15169 (GOOGLE) (GOOGLE)
3	151.101.65.35 151.101.65.35	54113 (FASTLY) (FASTLY)
3	100.24.241.105 100.24.241.105	14618 (AMAZON-AES) (AMAZON-AES)
2	34.98.67.3 34.98.67.3	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	151.101.64.84 151.101.64.84	54113 (FASTLY) (FASTLY)
1	23.222.5.91 23.222.5.91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
17	34.98.72.95 34.98.72.95	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	192.229.210.155 192.229.210.155	15133 (EDGECAST) (EDGECAST)
1	2a03:2880:f17... 2a03:2880:f171:81:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2 2	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.117.254.15 34.117.254.15	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.117.86.137 34.117.86.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.149.239.87 34.149.239.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	3.162.3.47 3.162.3.47	16509 (AMAZON-02) (AMAZON-02)
1	54.154.97.89 54.154.97.89	16509 (AMAZON-02) (AMAZON-02)
12	192.225.157.157 192.225.157.157	30286 (THM) (THM)
1	2600:1901:0:5... 2600:1901:0:56e0::	15169 (GOOGLE) (GOOGLE)
2	192.225.158.1 192.225.158.1	30286 (THM) (THM)
1	192.225.158.3 192.225.158.3	30286 (THM) (THM)
2	34.149.130.207 34.149.130.207	15169 (GOOGLE) (GOOGLE)
2 2	35.244.154.8 35.244.154.8	15169 (GOOGLE) (GOOGLE)
6	34.111.8.32 34.111.8.32	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	34.149.254.212 34.149.254.212	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	107.178.254.65 107.178.254.65	15169 (GOOGLE) (GOOGLE)
215	66

1 204.2.49.63 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

cosmeticscriminal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 204.2.133.170 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

www.elfcosmetics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

cdn-fsly.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com

collector-pxxt4gy2ig.px-cloud.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1d::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:26a0:4e00:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.185.227.156 (New York, United States)

ASN18450 (WEBNX, US)
PTR: api.ipify.org

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

sdk.iad-05.braze.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:269f:3400:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)

st.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:4004:c07::71 (Washington, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:215f:b800:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.cnnx.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 68.67.160.186 (Jersey City, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.200.65.202 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-65-202.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.15.9.48 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-15-9-48.deploy.static.akamaitechnologies.com

hb.yahoo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.226.48.45 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-48-45.compute-1.amazonaws.com

pixel.pointmediatracker.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.157.127.36 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-157-127-36.compute-1.amazonaws.com

cnv.event.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:4004:c09::9d (Ashburn, United States) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.161.213.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-213-35.yul62.r.cloudfront.net

async-px.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.163.149 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: wv-in-f149.1e100.net

9231397.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.163.148 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: wv-in-f148.1e100.net

10742279.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4004:c09::63 (Ashburn, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.215.235.184 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-215-235-184.compute-1.amazonaws.com

px.dynamicyield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.51.57 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-54-192-51-57.yul62.r.cloudfront.net

ads.undertone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.161.213.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-213-114.yul62.r.cloudfront.net

evt.undertone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::6812:2a49 (United States)

ASN13335 (CLOUDFLARENET, US)

elfcosmetics.a.bigcontent.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.2.50.18 (United States)

ASN393259 (YOTTAA-AS-1, US)

qoe-1.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.27.13.189 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-27-13-189.deploy.static.akamaitechnologies.com

static.ordergroove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com

tag.rmp.rakuten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.129.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:c400:59::17d5:9e04 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

websdk.appsflyer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:269f:5800:13:d6f4:3240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.usehero.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.115.156 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f156.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.230.48.245 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-48-245.yul62.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1408:c400:38e::1931 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f07d:0:face:b00c:0:3 (Apodaca, Mexico)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 23.212.251.214 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-212-251-214.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:21a2:2400:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.jebbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.195.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-195-100.yul62.r.cloudfront.net

t.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.220.158.64 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-158-64.compute-1.amazonaws.com

api.usehero.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com

tag.wknd.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.190.43.134 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com

tr.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tr6.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.204.189.63 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-189-63.compute-1.amazonaws.com

external-api.jebbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:36::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c09::9a (Ashburn, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.65.35 (United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 100.24.241.105 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-24-241-105.compute-1.amazonaws.com

c.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com

ut.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.64.84 (United States)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.222.5.91 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-222-5-91.deploy.static.akamaitechnologies.com

analytics.pangle-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.229.210.155 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f171:81:face:b00c:0:25de (Apodaca, Mexico)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.254.15 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 15.254.117.34.bc.googleusercontent.com

data.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.86.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.86.117.34.bc.googleusercontent.com

page.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.239.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.239.149.34.bc.googleusercontent.com

view.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.162.3.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-3-47.yul62.r.cloudfront.net

cdn-scripts.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.97.89 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-97-89.eu-west-1.compute.amazonaws.com

srm.ba.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 192.225.157.157 (United States)

ASN30286 (THM, US)

imgs.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:56e0:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

ids.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.225.158.1 (United States)

ASN30286 (THM, US)
PTR: a-sac.h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.225.158.3 (United States)

ASN30286 (THM, US)
PTR: d.aa.online-metrix.net

w2txo5aad22w3so7fqzbamozr6kxoxyicgqcq4jgfa4a1aa5fc9cc978sac.d.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.130.207 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 207.130.149.34.bc.googleusercontent.com

pd.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
idr.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.154.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com

api.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
events.bouncex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.254.212 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 212.254.149.34.bc.googleusercontent.com

pix.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.178.254.65 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 617	283 KB
18	bounceexchange.com assets.bounceexchange.com — Cisco Umbrella Rank: 2050 api.bounceexchange.com — Cisco Umbrella Rank: 2223	530 KB
14	signifyd.com cdn-scripts.signifyd.com — Cisco Umbrella Rank: 6824 imgs.signifyd.com — Cisco Umbrella Rank: 5865	94 KB
12	paypal.com www.paypal.com — Cisco Umbrella Rank: 2085 t.paypal.com — Cisco Umbrella Rank: 2568	238 KB
12	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 324	322 KB
12	elfcosmetics.com 1 redirects www.elfcosmetics.com — Cisco Umbrella Rank: 78022	299 KB
11	dynamicyield.com cdn.dynamicyield.com — Cisco Umbrella Rank: 6084 st.dynamicyield.com — Cisco Umbrella Rank: 5745 async-px.dynamicyield.com — Cisco Umbrella Rank: 5840 px.dynamicyield.com — Cisco Umbrella Rank: 23654	227 KB
10	doubleclick.net 9231397.fls.doubleclick.net — Cisco Umbrella Rank: 188726 Failed 10742279.fls.doubleclick.net — Cisco Umbrella Rank: 192049 Failed stats.g.doubleclick.net — Cisco Umbrella Rank: 75 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33	8 KB
9	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 93 analytics.google.com — Cisco Umbrella Rank: 152	2 KB
7	snapchat.com 1 redirects tr.snapchat.com — Cisco Umbrella Rank: 758 tr6.snapchat.com — Cisco Umbrella Rank: 88800	2 KB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
7	yottaa.net cdn-fsly.yottaa.net — Cisco Umbrella Rank: 13848 Failed qoe-1.yottaa.net — Cisco Umbrella Rank: 6173	1 MB
6	braze.com sdk.iad-05.braze.com — Cisco Umbrella Rank: 3954	1 KB
5	bouncex.net events.bouncex.net — Cisco Umbrella Rank: 1871	512 B
5	cdnwidget.com 1 redirects ids.cdnwidget.com — Cisco Umbrella Rank: 3280 pd.cdnwidget.com — Cisco Umbrella Rank: 3186 pix.cdnwidget.com — Cisco Umbrella Rank: 4293 idr.cdnwidget.com — Cisco Umbrella Rank: 5705	2 KB
5	contentsquare.net t.contentsquare.net — Cisco Umbrella Rank: 3083 c.contentsquare.net — Cisco Umbrella Rank: 3307 srm.ba.contentsquare.net — Cisco Umbrella Rank: 13368	69 KB
4	px-cloud.net collector-pxxt4gy2ig.px-cloud.net — Cisco Umbrella Rank: 167677	2 KB
3	online-metrix.net h.online-metrix.net — Cisco Umbrella Rank: 2534 w2txo5aad22w3so7fqzbamozr6kxoxyicgqcq4jgfa4a1aa5fc9cc978sac.d.aa.online-metrix.net	16 KB
3	cdnbasket.net data.cdnbasket.net — Cisco Umbrella Rank: 4140 page.cdnbasket.net — Cisco Umbrella Rank: 4148 view.cdnbasket.net — Cisco Umbrella Rank: 4147	1014 B
3	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 1965	33 KB
3	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 715	1 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 329	14 KB
3	jebbit.com js.jebbit.com — Cisco Umbrella Rank: 33156 external-api.jebbit.com — Cisco Umbrella Rank: 39914	60 KB
3	bigcontent.io elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 128663	8 KB
3	yahoo.com 3 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 307	1 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 229 secure.adnxs.com — Cisco Umbrella Rank: 478	2 KB
2	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 408	834 B
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 465	1 KB
2	linksynergy.com ut.rd.linksynergy.com — Cisco Umbrella Rank: 6223 tags.rd.linksynergy.com — Cisco Umbrella Rank: 4434	697 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	91 KB
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 745	21 KB
2	sc-static.net sc-static.net — Cisco Umbrella Rank: 945	35 KB
2	usehero.com cdn.usehero.com — Cisco Umbrella Rank: 31511 api.usehero.com — Cisco Umbrella Rank: 29821	29 KB
2	undertone.com 1 redirects ads.undertone.com — Cisco Umbrella Rank: 5720 evt.undertone.com — Cisco Umbrella Rank: 5287	1005 B
2	bidr.io 1 redirects cnv.event.prod.bidr.io — Cisco Umbrella Rank: 7763	1 KB
2	adsrvr.org 2 redirects insight.adsrvr.org — Cisco Umbrella Rank: 557 match.adsrvr.org — Cisco Umbrella Rank: 331	919 B
2	ipify.org api.ipify.org — Cisco Umbrella Rank: 2843	440 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	211 KB
1	pippio.com 1 redirects pippio.com — Cisco Umbrella Rank: 777	576 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	185 B
1	pangle-ads.com analytics.pangle-ads.com — Cisco Umbrella Rank: 2266	822 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1387	637 B
1	wknd.ai tag.wknd.ai — Cisco Umbrella Rank: 3860	6 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1266	9 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138	2 KB
1	appsflyer.com websdk.appsflyer.com — Cisco Umbrella Rank: 4632	12 KB
1	rakuten.com tag.rmp.rakuten.com — Cisco Umbrella Rank: 5888	15 KB
1	ordergroove.com static.ordergroove.com — Cisco Umbrella Rank: 16302	42 KB
1	pointmediatracker.com 1 redirects pixel.pointmediatracker.com — Cisco Umbrella Rank: 4562	498 B
1	yahoo.net hb.yahoo.net — Cisco Umbrella Rank: 866	662 B
1	cnnx.link js.cnnx.link — Cisco Umbrella Rank: 6403	1 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 548	314 B
1	cosmeticscriminal.com 1 redirects cosmeticscriminal.com	325 B
215	53

	Domain	Requested by
21	analytics.tiktok.com	www.elfcosmetics.com analytics.tiktok.com
17	assets.bounceexchange.com	www.elfcosmetics.com
12	imgs.signifyd.com	www.elfcosmetics.com imgs.signifyd.com
12	cdn.cookielaw.org	cdn-fsly.yottaa.net cdn.cookielaw.org www.elfcosmetics.com
12	www.elfcosmetics.com	1 redirects www.elfcosmetics.com cdn-fsly.yottaa.net
9	www.paypal.com	www.elfcosmetics.com www.paypal.com www.paypalobjects.com
7	www.google-analytics.com	www.elfcosmetics.com www.google-analytics.com
6	tr.snapchat.com	1 redirects www.elfcosmetics.com sc-static.net
6	async-px.dynamicyield.com	cdn.dynamicyield.com
6	sdk.iad-05.braze.com	cdn-fsly.yottaa.net
6	cdn-fsly.yottaa.net	www.elfcosmetics.com
5	events.bouncex.net
5	www.google.com	www.elfcosmetics.com
4	googleads.g.doubleclick.net	1 redirects www.elfcosmetics.com
4	collector-pxxt4gy2ig.px-cloud.net	www.elfcosmetics.com
3	www.paypalobjects.com	www.elfcosmetics.com www.paypalobjects.com
3	ct.pinterest.com	s.pinimg.com www.elfcosmetics.com
3	c.contentsquare.net
3	t.paypal.com
3	bat.bing.com	www.elfcosmetics.com
3	elfcosmetics.a.bigcontent.io
3	ups.analytics.yahoo.com	3 redirects
3	cdn.dynamicyield.com	www.elfcosmetics.com
2	pix.cdnwidget.com	1 redirects
2	idsync.rlcdn.com	2 redirects
2	h.online-metrix.net	imgs.signifyd.com
2	cdn-scripts.signifyd.com	www.elfcosmetics.com
2	pixel.tapad.com	2 redirects
2	analytics.google.com	www.googletagmanager.com
2	js.jebbit.com	www.elfcosmetics.com
2	connect.facebook.net	www.elfcosmetics.com
2	s.pinimg.com	www.elfcosmetics.com
2	sc-static.net	www.elfcosmetics.com tr.snapchat.com
2	adservice.google.com	9231397.fls.doubleclick.net 10742279.fls.doubleclick.net
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	cnv.event.prod.bidr.io	1 redirects www.elfcosmetics.com
2	ib.adnxs.com	2 redirects
2	10742279.fls.doubleclick.net	www.googletagmanager.com cdn.cookielaw.org
2	9231397.fls.doubleclick.net	www.googletagmanager.com cdn.cookielaw.org
2	api.ipify.org	cdn-fsly.yottaa.net
2	www.googletagmanager.com	www.elfcosmetics.com
1	idr.cdnwidget.com
1	pippio.com	1 redirects
1	api.bounceexchange.com	www.elfcosmetics.com
1	tags.rd.linksynergy.com
1	pd.cdnwidget.com	assets.bounceexchange.com
1	w2txo5aad22w3so7fqzbamozr6kxoxyicgqcq4jgfa4a1aa5fc9cc978sac.d.aa.online-metrix.net
1	ids.cdnwidget.com	assets.bounceexchange.com
1	srm.ba.contentsquare.net	t.contentsquare.net
1	view.cdnbasket.net	assets.bounceexchange.com
1	page.cdnbasket.net	assets.bounceexchange.com
1	data.cdnbasket.net	assets.bounceexchange.com
1	tr6.snapchat.com	sc-static.net
1	www.facebook.com
1	analytics.pangle-ads.com	analytics.tiktok.com
1	ut.rd.linksynergy.com	www.elfcosmetics.com
1	external-api.jebbit.com	js.jebbit.com
1	alb.reddit.com
1	tag.wknd.ai	www.elfcosmetics.com
1	api.usehero.com	cdn.usehero.com
1	t.contentsquare.net	www.elfcosmetics.com
1	www.redditstatic.com	www.elfcosmetics.com
1	www.googleadservices.com	www.elfcosmetics.com
1	cdn.usehero.com	www.elfcosmetics.com
1	websdk.appsflyer.com	www.elfcosmetics.com
1	tag.rmp.rakuten.com	www.elfcosmetics.com
1	static.ordergroove.com	www.elfcosmetics.com
1	qoe-1.yottaa.net	www.elfcosmetics.com
1	evt.undertone.com	9231397.fls.doubleclick.net
1	ads.undertone.com	1 redirects
1	px.dynamicyield.com	cdn.dynamicyield.com
1	secure.adnxs.com	www.elfcosmetics.com
1	pixel.pointmediatracker.com	1 redirects
1	hb.yahoo.net	www.elfcosmetics.com
1	match.adsrvr.org	1 redirects
1	insight.adsrvr.org	1 redirects
1	js.cnnx.link	www.googletagmanager.com
1	st.dynamicyield.com	www.elfcosmetics.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	cosmeticscriminal.com	1 redirects
215	80

This site contains links to these domains. Also see Links.

Domain
cdn.dynamicyield.com
st.dynamicyield.com
rcom.dynamicyield.com
www.tiktok.com
www.instagram.com
www.pinterest.com
www.facebook.com
www.youtube.com
twitter.com
www.snapchat.com
www.linkedin.com
www.elfbeauty.com
elfcosmetics.onelink.me
preferences.elfcosmetics.com
www.onetrust.com

Subject Issuer	Validity	Valid
*.elfcosmetics.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-25` - `2024-10-25`	a year	crt.sh
*.yottaa.net GlobalSign RSA OV SSL CA 2018	`2023-09-13` - `2024-10-14`	a year	crt.sh
*.px-cloud.net Sectigo RSA Domain Validation Secure Server CA	`2023-08-15` - `2024-09-13`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.dynamicyield.com Amazon RSA 2048 M02	`2023-09-03` - `2024-10-01`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2023-02-07` - `2024-02-18`	a year	crt.sh
*.iad-05.braze.com GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-07-27` - `2024-08-27`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
js.cnnx.link Amazon RSA 2048 M02	`2023-07-11` - `2024-08-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.bigcontent.io GeoTrust TLS RSA CA G1	`2023-03-14` - `2024-04-13`	a year	crt.sh
*.ordergroove.com Go Daddy Secure Certificate Authority - G2	`2023-08-04` - `2024-08-17`	a year	crt.sh
tag.rmp.rakuten.com GTS CA 1D4	`2023-12-02` - `2024-03-01`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2023-10-13` - `2024-08-20`	10 months	crt.sh
*.appsflyer.com DigiCert TLS RSA SHA256 2020 CA1	`2023-07-27` - `2024-07-27`	a year	crt.sh
*.usehero.com Amazon RSA 2048 M02	`2023-08-28` - `2024-09-24`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
sc-static.net Amazon RSA 2048 M03	`2023-12-21` - `2025-01-18`	a year	crt.sh
*.pinterest.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-07` - `2024-08-07`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-10-10` - `2024-01-08`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-25` - `2024-02-21`	6 months	crt.sh
*.tiktok.com RapidSSL ECC CA 2018	`2023-07-14` - `2024-08-13`	a year	crt.sh
*.jebbit.com Amazon RSA 2048 M01	`2023-05-24` - `2024-06-21`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
t.contentsquare.net Amazon RSA 2048 M01	`2023-09-13` - `2024-10-11`	a year	crt.sh
api.usehero.com Amazon RSA 2048 M01	`2023-02-05` - `2024-03-05`	a year	crt.sh
tag.wknd.ai R3	`2023-11-20` - `2024-02-18`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-01` - `2024-02-28`	6 months	crt.sh
*.snap.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-13` - `2024-04-12`	a year	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2023-09-21` - `2024-10-21`	a year	crt.sh
dep.bf.contentsquare.net Amazon RSA 2048 M01	`2023-03-20` - `2024-04-17`	a year	crt.sh
*.rd.linksynergy.com ZeroSSL RSA Domain Secure Site CA	`2023-02-13` - `2024-02-13`	a year	crt.sh
*.pangle-ads.com RapidSSL TLS ECC CA G1	`2023-08-10` - `2024-09-09`	a year	crt.sh
assets.bounceexchange.com GTS CA 1D4	`2023-11-20` - `2024-02-18`	3 months	crt.sh
data.cdnbasket.net GTS CA 1D4	`2023-11-12` - `2024-02-10`	3 months	crt.sh
page.cdnbasket.net GTS CA 1D4	`2023-11-15` - `2024-02-13`	3 months	crt.sh
view.cdnbasket.net GTS CA 1D4	`2023-11-20` - `2024-02-18`	3 months	crt.sh
cdn-scripts.signifyd.com Amazon RSA 2048 M01	`2023-07-03` - `2024-07-31`	a year	crt.sh
srm.ba.contentsquare.net Amazon RSA 2048 M02	`2023-11-07` - `2024-12-06`	a year	crt.sh
imgs.signifyd.com Go Daddy Secure Certificate Authority - G2	`2023-10-20` - `2024-11-20`	a year	crt.sh
ids.cdnwidget.com R3	`2023-11-13` - `2024-02-11`	3 months	crt.sh
online-metrix.net Viking Cloud Organization Validation CA, Level 1	`2023-10-20` - `2024-10-21`	a year	crt.sh
*.aa.online-metrix.net Viking Cloud Organization Validation CA, Level 1	`2023-10-20` - `2024-10-21`	a year	crt.sh
pd.cdnwidget.com R3	`2023-11-13` - `2024-02-11`	3 months	crt.sh
*.wunderkind.co R3	`2023-12-06` - `2024-03-05`	3 months	crt.sh
idr.cdnwidget.com R3	`2023-11-13` - `2024-02-11`	3 months	crt.sh

This page contains 14 frames:

Primary Page: https://www.elfcosmetics.com/cosmetic-criminals
Frame ID: FA95BE132E3A471486E017C912805630
Requests: 180 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CLu1qOeHvIMDFf4PigMdLD8CYQ;src=9231397;type=retarget;cat=globa0;ord=1477341143591;auiddc=45982039.1704107679;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals
Frame ID: 6A91E1096F1AA7403F640CB00D7581E9
Requests: 4 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CLz6qOeHvIMDFR8QigMdVxoI7Q;src=10742279;type=elf8j0;cat=glo_flap;ord=7748974885090;auiddc=45982039.1704107679;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals
Frame ID: 28EBD05FED946F31BAF1E672905EB2BA
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CLz6qOeHvIMDFR8QigMdVxoI7Q;src=10742279;type=elf8j0;cat=glo_flap;ord=7748974885090;auiddc=45982039.1704107679;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals
Frame ID: CBA0163EC41AD05DE57BE1821F26A6BC
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Frame ID: E505C768A84B9B2919D2185B9BCAABA1
Requests: 4 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=24701ef4-d2b3-4eea-96b0-2801b1d49ed1&u_sclid=2c7f7f16-1469-409f-8646-66a0893c2bec
Frame ID: 822B4F5B248225DE09B64ACF11A1E5F9
Requests: 2 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: EB8F4D56EE17566776D66EEF6360B20F
Requests: 3 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/p?rand=1703025191819&pnid=140&pcid=920c376d-c92f-4029-bfd6-decd5bfa9144
Frame ID: 31DF3CFF07F60792B1B64E8073A569DA
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: F278740D92E27ADEE6FB2F957C1766D3
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 6F5C5BADF2605A5AD0B085A2E1422A65
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/BGIjUOh9RAk2_WSj?d03f0c32a0aa4059=6XpJKa7Ji62T2Ltn0BPFJefUw6VU-Jo3egyFsAGrGD6hoWb_09i1mqop1OmuHrsctFyhTFcFuSOHI9h7-VuErUXd1Rh2BPly-mlsSod7CvVwq2AwmQ3NfUwnT5vkhTU3f4SWDrVkIqOF-ev8DtjAmcFOsnjPgk4wU342MHBHee_TA5prB9HC_fE8J9MIcqSOu_VmyE53VR5BmcMt&jb=3d332e2660736d7d375d696e6e65757b2e6a7167375d6b646c6d77712f303833392c6a736a7f354362726d656f2c6a73683741607a6f6f6d2f38323b3a32
Frame ID: 0E5E2257DA1DD97716A5A4F253F60CF0
Requests: 9 HTTP requests in this frame

Frame: https://imgs.signifyd.com/ztvZhQBgtEaS8oet?2232ff0081a09550=wXebYNz7vwg4RHDlO9x_iNeZEOoglZGVN_tOgqTDYBfU5XXmLFSqjpouuKBPR04Yfyqqng-ZjDMWxeIfws2r6hCzKz5jcwNTQI9f9L_dp1kK_W8ABIX3RsCLlTaEIqmEW9bcDfETAo28UwCi-2DmvEJ8QOcyE9yKVcyEDp_KBhqjT-GDbPVYhdQ5MWwSZTC7z9pxXNQcZH5zihjsc-s
Frame ID: C226351A824CD2A1F2BC47CCFEE094C8
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/m4uIH8y8jU-ihaO_?6c0e878a605df887=RZg31Zjk97a-L6R-v7kn-qpO1XJ7yRTN_myYkGpZB33WjW1IqvC7yeAn2GbF0qkx01NW5gtJfsnqQM1HWzX48mHgdEP6CRNvwip0RM3xCSLyAqaF_RQ0os9HIaAwkht-cPimQk-kK5EVYO1AYtdj6IMe1A-Vp06Ly_zYKOlLeVAHHq1GiIypj-st9YkE_m5jHexoEsDSuBx4r36RLpli
Frame ID: BA1CB7045E80A16AAEA9627B09D2D29D
Requests: 2 HTTP requests in this frame

Frame: https://imgs.signifyd.com/0UFqW8LjLxkHztu5?939c59a10acec351=2npkdM5kmXN9Hk-B-2CIsEjG_JK7mpin7oVxaOMmf09fSgjWoBiHjvMuHrTpdZ7KzVGbTN7p_kKwF5Bai5AAMLLuKQUyOQHqtxNnE9y7Okn7RdCurLljc_rErmWO8Dl32CHdzQ2mW0IwrqCOnrKzdhpIbRnJn6P223AyWyIcsdJqXkPftUxVPuxUZr6JFOz82WXgm2xOBiag38FlQqON
Frame ID: 90375C7EBD742C9003BCE9EE1FE53151
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Back ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://cosmeticscriminal.com/ HTTP 301
https://www.elfcosmetics.com/cosmetic-criminals Page URL

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Dynamic Yield (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

cdn\.dynamicyield\.\w+/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

PerimeterX (Security) Expand

Overall confidence: 100%
Detected patterns

Rakuten (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

tag\.rmp\.rakuten\.com

basket.js (JavaScript Libraries) Expand

Overall confidence: 10%
Detected patterns

basket.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

215
Requests

94 %
HTTPS

29 %
IPv6

53
Domains

80
Subdomains

66
IPs

3
Countries

3828 kB
Transfer

13927 kB
Size

90
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://cdn.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://st.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://rcom.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@elfyeah/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/eyeslipsfacedotcom

Search URL Search Domain Scan URL

URL: https://twitter.com/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.snapchat.com/add/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/e-l-f-beauty

Search URL Search Domain Scan URL

URL: https://www.elfbeauty.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://elfcosmetics.onelink.me/wTtZ/AcrossSiteCosmetics

Search URL Search Domain Scan URL

URL: https://preferences.elfcosmetics.com/dont_sell
Title: Do Not Sell My Personal Info/Opt Out of Targeted Ads

Search URL Search Domain Scan URL

URL: https://preferences.elfcosmetics.com/privacy
Title: Privacy Rights Request Form

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cosmeticscriminal.com/ HTTP 301
https://www.elfcosmetics.com/cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=Y06GUxEJRu5Mg7KRU8z6MszZBehrclm0iPJ32UvBtZk HTTP 303
https://www.elfcosmetics.com/callback?usid=46f2eb27-bcd5-443b-87ba-997575292d69&code=ufpXGOMDUA1Jwucaf9om_vEqZQhLo81n_vTDlQs8wLk

Request Chain 30

https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=229c18f2-90cb-493e-9992-e8fbf24ec4b8 HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3D229c18f2-90cb-493e-9992-e8fbf24ec4b8 HTTP 302
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=292962642707206150&ttd_tdid=229c18f2-90cb-493e-9992-e8fbf24ec4b8 HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=229c18f2-90cb-493e-9992-e8fbf24ec4b8&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=229c18f2-90cb-493e-9992-e8fbf24ec4b8&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=55953&ovsid=229c18f2-90cb-493e-9992-e8fbf24ec4b8&gdpr=0&redir=true HTTP 302
https://hb.yahoo.net/cksync?cs=63&axid_e=eS1aRFZpakl0RTJ1RzFSNGIyN0lQNzhJaV9famc2Tm5kVn5B&gdpr=0&ovsid=229c18f2-90cb-493e-9992-e8fbf24ec4b8&dpid=55953

Request Chain 31

https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=2339fd0c-cfe9-4c1c-b192-e9a27ff6cb62&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=1709487225 HTTP 302
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=f6556f8f-bd07-4cbd-9aa0-5535b9fcf3ad.&ord=3478421785171262347 HTTP 303
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=f6556f8f-bd07-4cbd-9aa0-5535b9fcf3ad.&ord=3478421785171262347&_bee_ppp=1

Request Chain 49

https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=1477341143591;auiddc=45982039.1704107679;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals HTTP 302
https://9231397.fls.doubleclick.net/activityi;dc_pre=CLu1qOeHvIMDFf4PigMdLD8CYQ;src=9231397;type=retarget;cat=globa0;ord=1477341143591;auiddc=45982039.1704107679;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals

Request Chain 50

https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7748974885090;auiddc=45982039.1704107679;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals HTTP 302
https://10742279.fls.doubleclick.net/activityi;dc_pre=CLz6qOeHvIMDFR8QigMdVxoI7Q;src=10742279;type=elf8j0;cat=glo_flap;ord=7748974885090;auiddc=45982039.1704107679;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals

Request Chain 58

https://ads.undertone.com/t?trackerid=7729&cb=2115282443 HTTP 307
https://evt.undertone.com/t?trackerid=7729&cb=2115282443

Request Chain 102

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=842134551&cv=11&fst=1704107679446&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&auid=45982039.1704107679&fmt=3&ct_cookie_present=false&ocp_id=oZ6SZaO_C-mcoPMPv4Sd0AE&sscte=1&crd=&eitems=ChEIgOLJrAYQ1tWj2sWOtp_NARIdANJWnmXexEXQxpshH591oeC8Csmu9e-x9x2dIpk&pscrd=EkxDaEVJZ09MSnJBWVF6YzdkeXEzUjRfdm9BUklrQUpSUmV6TW8xQmp5c0kzWUdxTFZ4Vk9RdUtGeFBNVVFrX1BwVUttWTA1WVpYeTY2GldDaEVJZ09MSnJBWVFvNEhPNVBQaXZ0M1NBUklzQVBDSGtpVGdtdDZ0SWJOT1B0Q3NMUkJ1cFlyZ055b2NKanBUM0Q4WHdzYmY2d0Fqc0lYY05kczlzSkkiEwjjk_znh7yDAxVpDmgIHT9CBxo HTTP 302
https://www.google.com/pagead/1p-conversion/698270988/?random=842134551&cv=11&fst=1704107679446&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&auid=45982039.1704107679&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEVJZ09MSnJBWVF6YzdkeXEzUjRfdm9BUklrQUpSUmV6TW8xQmp5c0kzWUdxTFZ4Vk9RdUtGeFBNVVFrX1BwVUttWTA1WVpYeTY2GldDaEVJZ09MSnJBWVFvNEhPNVBQaXZ0M1NBUklzQVBDSGtpVGdtdDZ0SWJOT1B0Q3NMUkJ1cFlyZ055b2NKanBUM0Q4WHdzYmY2d0Fqc0lYY05kczlzSkkiEwjjk_znh7yDAxVpDmgIHT9CBxo&is_vtc=1&ocp_id=oZ6SZaO_C-mcoPMPv4Sd0AE&cid=CAQSKQAvHhf_Mv-j-KYIfgduQdijPKn6JFrerwm2O3jX-_LN2F9tLWodS4hN&eitems=ChEIgOLJrAYQ1tWj2sWOtp_NARIdANJWnmWz9aAu-0XJAzEbCwoMQ2637A1dsVHfd-4&random=3253380977

Request Chain 159

https://tr.snapchat.com/cm/s?bt=1d53c387&pnid=140&cb=1704107682330&u_scsid=e63e8a65-9084-4921-a011-f46f44f66b97&u_sclid=a762a8cf-c5c9-4699-a369-ed00ba0ba88d HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1703025191819%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1703025191819%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://tr.snapchat.com/cm/p?rand=1703025191819&pnid=140&pcid=920c376d-c92f-4029-bfd6-decd5bfa9144

Request Chain 192

https://idsync.rlcdn.com/458359.gif?partner_uid=ad4ebe8d-bc74-4488-a7a2-b0d2bfcd5084 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGFkNGViZThkLWJjNzQtNDQ4OC1hN2EyLWIwZDJiZmNkNTA4NBAAGg0Io73KrAYSBQjoBxAAQgBKAA HTTP 307
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=ef4b429ce17f00a39c3adec7f2d14aad761545dc639204545734046bbfa2eaae6ac34734d8e453ee

Request Chain 212

https://pix.cdnwidget.com/redirect?CID=2aLpOpOh3StClKYxILluPdNAXl0&DID=2aLpOk0jVpEbseZpCrG7CQrav85&v=&iv=&deviceid=8926274271492810135&visitid=1704107683658551&wsid=4142&apikey=2^HIykD HTTP 302
https://pippio.com/api/sync?pid=5749 HTTP 307
https://pix.cdnwidget.com/hash.gif?md5=none&sha1=none&sha256=none

215 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request cosmetic-criminals Show response
www.elfcosmetics.com/
Redirect Chain

https://cosmeticscriminal.com/
https://www.elfcosmetics.com/cosmetic-criminals

809 KB
215 KB

1813ms
1626ms

Document
text/html

204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 7eaf41546a2eee4b7195de023b8e0f49ebba595417a2d630ec2c6b3fd18c5789

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 0
cache-control: public, must-revalidate, s-maxage=900
content-encoding: gzip
content-length: 218803
content-type: text/html; charset=utf-8
date: Mon, 01 Jan 2024 11:14:36 GMT
etag: W/"ad5e9-a8KwVxxrK8zTWte2HWOSmTqQC2k"
vary: Accept-Encoding
via: 1.1 bfad77da64cd65a36fcbbe44acb655e8.cloudfront.net (CloudFront)
x-amz-apigw-id: Q224VHAkiYcEVzQ=
x-amz-cf-id: GhLYUYM45yoMRYr5T1dJJxgbhlTLYxmoo6C5jMbnhISM6ITAF_qF7A==
x-amz-cf-pop: SFO53-P2
x-amzn-remapped-connection: close
x-amzn-remapped-content-length: 710121
x-amzn-remapped-date: Mon, 01 Jan 2024 11:14:36 GMT
x-amzn-requestid: 80a1869f-58bf-43f8-bfc3-6737823e3409
x-amzn-trace-id: Root=1-65929e9b-5e97983e037451e523808e7a;Sampled=0;lineage=2b75b0e9:0
x-cache: Miss from cloudfront
x-yottaa-metrics: 2521cc028a7f/[1411,1370,-] 25D1cc0285aa/[-,1447.921]
x-yottaa-optimizations: ob/1000000100001000 si/25D1cc0285aa-1703880236-7730639928 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os: 200

Redirect headers

age: 0
content-length: 1197
content-type: text/html; charset=utf-8
date: Mon, 01 Jan 2024 11:14:35 GMT
location: https://www.elfcosmetics.com/cosmetic-criminals
vary: User-Agent
x-yottaa-fw: fb/100000 tid/658dc47cd93140973bd48cc9 rid/658dc848d93140973bd496fa stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics: 38D1cc02313f/[-,0.267]
x-yottaa-optimizations: ob/0 si/38D1cc02313f-1703880238-8704527868 tts/1704107675139 ti/0 ai/658dc47cd93140973bd48cc9

GET
H2 200 init.js Show response
www.elfcosmetics.com/XT4Gy2ig/ 166 KB
74 KB 229ms
229ms Script
application/javascript 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 32d03ede47d6e1a7828455f946dd874cefe88cc0afae1b764b3463284d04b5a9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:37 GMT
content-encoding: gzip
etag: "296e1-Q0LHoSEC9nwyAPQNenOxhUAHoU0"
active-cdn: Akamai
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: active-cdn,x-served-by,Akamai-Request-BC
cache-control: max-age=600
x-yottaa-metrics: 25D1cc0285aa/[-,13.286]
x-px-hash: NTQ4MWZhYTAyMGEzZWY1NjI4ZDczNjcyMDcxZmNkNDM5MWZjZWEzYjg0YzJlMjFmMzdiZGM4MDYyMDg0MGQ4MQ==
x-yottaa-optimizations: ob/0 si/25D1cc0285aa-1703880236-7730639931 tts/1704107677145 ti/0 ai/5a0c9b7632f01c35d42101b2

GET /
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/ 0
0

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b

Request headers

Referer
Origin: https://www.elfcosmetics.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd

Request headers

Referer
Origin: https://www.elfcosmetics.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H2 200 vendor.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 2 MB
619 KB 70ms
26ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 57e461c9b78558e62478cca713658387eaf54afe6ae0a8128ee38e5846b4d6d8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 7DhVfT1FfID7USGHRQIdkAPtGlAbpV1z
via: 1.1 6ef53c06467f47a1223db91b4e03cb22.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Mon, 01 Jan 2024 11:14:37 GMT
x-amz-cf-pop: PHL50-C1
age: 2304736
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1000 si/23114047a17c-1695931016-541995637 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 621192
content-length: 633349
x-amz-meta-bundle: 10314
x-served-by: cache-yyz4550-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1704107677.459867,VS0,VE1
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 2321cc8d59da/[102,30,-] 23114047a17c/[-,432.958]
accept-ranges: bytes
x-amz-cf-id: 6zb_xtoppKSGsjxOXb8cZXddrv87KnMwd9rYqabcmOz60TiNjtJfsA==
x-cache-hits: 1

GET
H2 200 main.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 2 MB
454 KB 104ms
61ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4f770b32793546ad41060cc03c06e4a744b10e9ae4af0b2b0522cfcf1fb33285

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: ee3xb.NTbr4bzXJ3SxfA7qqa0mkCetT8
via: 1.1 4a124e8b579c1eb5bfcb198db51e61fe.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Mon, 01 Jan 2024 11:14:37 GMT
x-amz-cf-pop: PHL50-C1
age: 2304744
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1001 si/23114047a14b-1695931015-2158562704 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Miss from cloudfront, HIT
x-amz-meta-deploy: 621192
content-length: 464645
x-amz-meta-bundle: 10314
x-served-by: cache-yyz4550-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1704107677.459856,VS0,VE1
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 23214047a17a/[284,217,-] 23114047a14b/[hit]
accept-ranges: bytes
x-amz-cf-id: tx9fXbz0095TYlPVqmEeaL7RZF6eYmd0umqNUfjWxGkjV5y15AU9BA==
x-cache-hits: 1

GET
H2 200 pages-product-list-product-list-page.js Show response
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 40 KB
11 KB 64ms
21ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/pages-product-list-product-list-page.js?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cd0b162bc6e5a1dfcdba80c8b12d3f2ec6ac423a1c1ed7d996779d9c6b81f346

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 3Wq5BoaKPulOYkW6Fp3r6wFQLlG6RLjA
via: 1.1 235099561ba63a2b7662a2b20d9ac036.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Mon, 01 Jan 2024 11:14:37 GMT
x-amz-cf-pop: PHL50-C1
age: 2304709
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1000 si/23114047a17c-1695931016-541996941 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Miss from cloudfront, HIT
x-amz-meta-deploy: 621192
content-length: 11125
x-amz-meta-bundle: 10314
x-served-by: cache-yyz4550-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1704107677.459842,VS0,VE0
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 23214047a183/[70,62,-] 23114047a17c/[-,77.321]
accept-ranges: bytes
x-amz-cf-id: p4dxcsI-tGZ300wVKXQGnxp6Ql9t896iiPVgoouL2AzCxPrUuihNpg==
x-cache-hits: 5

GET
H2 200 us.svg
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/flag-icons/ 9 KB
1 KB 67ms
25ms Image
image/svg+xml 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/flag-icons/us.svg?yocs=1u_1y_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 9zy6w68xzC0VtboioQSwQDLT607ezHMK
via: 1.1 812f46bf61001f0b27e402ec485db73c.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Mon, 01 Jan 2024 11:14:37 GMT
x-amz-cf-pop: ORD53-C3
age: 1564561
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1100 si/2611cc028373-1700446746-2117305748 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 621192
content-length: 676
x-amz-meta-bundle: 10314
x-served-by: cache-yyz4550-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1704107677.459816,VS0,VE1
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31104000
x-yottaa-metrics: 2621cc8d587c/[5,-,1702538668691] 2611cc028373/[-,8.745]
accept-ranges: bytes
x-amz-cf-id: q47ic1oVV3BU_vdfTTTlgaPtBFqjKBYj1HMoOR45GdhPJRgUJAMWfw==
x-cache-hits: 1

GET
H2 200 download-on-the-app-store-badge.png
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/global/ 4 KB
4 KB 103ms
62ms Image
image/webp 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/global/download-on-the-app-store-badge.png?yocs=1u_1y_1A_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f114a64c26edb67def4dd84a00694f76e0573aedddb68428c52c6ea8b00de4c3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: Akq7KTd_WVm0_2HVhDA1m.JC63cBf7G7
via: 1.1 83ac07892fa0e0fd0b9db6e878d848aa.cloudfront.net (CloudFront), 1.1 varnish
date: Mon, 01 Jan 2024 11:14:37 GMT
x-amz-cf-pop: ORD53-C3
age: 1373288
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/10000000000100 si/2611cc8d5869-1700446742-1900701262 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 621192
content-length: 3724
x-amz-meta-bundle: 10314
x-served-by: cache-yyz4550-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1704107677.459791,VS0,VE1
content-type: image/webp
cache-control: public, max-age=31104000
x-yottaa-metrics: 2621cc8d5872/[4,-,1702731105441] 2611cc8d5869/[-,7.385]
accept-ranges: bytes
x-amz-cf-id: cGaZY98Dx1vPAc2YAdkvyTwCPtcpFOKGt0cEgkn_mr-gbwMV512u2A==
x-cache-hits: 1

GET
H2 200 google-play-badge.png
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/global/ 3 KB
4 KB 65ms
24ms Image
image/webp 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/global/google-play-badge.png?yocs=1u_1y_1A_
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e8f118daabadc747ba3e2236a27edce749bb73dde4f16c6c6acc5cce36009a36

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: XXBoQCUlKEOsesGOGsNaSVfpZce.5TGs
via: 1.1 7608da25eb5aed0ce7cca5fc0587c650.cloudfront.net (CloudFront), 1.1 varnish
date: Mon, 01 Jan 2024 11:14:37 GMT
x-amz-cf-pop: EWR50-C1
age: 988733
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/10000000000100 si/3811cc023146-1693316487-306713587 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 621192
content-length: 3318
x-amz-meta-bundle: 10314
x-served-by: cache-yyz4550-YYZ
x-yottaa-forcecache: true, true
server: AmazonS3
x-timer: S1704107677.459802,VS0,VE0
content-type: image/webp
cache-control: public, max-age=31104000
x-yottaa-metrics: 3821cc02314a/[4,-,1703118018733] 3811cc023146/[-,5.805]
accept-ranges: bytes
x-amz-cf-id: sIqM7JUokwDjLxnhO3CjphZ74gFYmItH8AsmRvBOqkRe4wwsbSWg6g==
x-cache-hits: 1126

POST
H2 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 540 B
787 B 125ms
60ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 06d60ef187331c4a34bd69bb33e30cb0915a06509dc038a0e7c44a53891db495

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 Jan 2024 11:14:37 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 540

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 1 MB
152 KB 113ms
46ms Script
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/OtAutoBlock.js

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e038dff62440b626103b2b81adcbb64b5cb3bd80433d1a710f37162cd7c0cc17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 11:14:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 47255
content-md5: 3CHjrTrl4YSKzn90GsMA3A==
content-length: 154812
x-ms-lease-status: unlocked
last-modified: Mon, 30 Oct 2023 13:08:00 GMT
server: cloudflare
etag: 0x8DBD9493E0E92B7
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: faa9619b-101e-0023-4914-1ea340000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea56ffac044bbd-BUF
expires: Tue, 02 Jan 2024 11:14:38 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 109ms
42ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d72fa0f78c80b1874d3ee4aadf43d973edc442a65fef83d37e684ac559893b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 11:14:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 5rel+BW+cbOCNkEJ4C4NBQ==
age: 10378
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6841
x-ms-lease-status: unlocked
last-modified: Thu, 21 Dec 2023 21:19:55 GMT
server: cloudflare
etag: 0x8DC026A943751A5
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: d530a67f-201e-0007-3283-3455e0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea56ffac034bbd-BUF

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 428 KB
121 KB 117ms
43ms Script
application/javascript 2607:f8b0:4004:c1d::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

46e7f9c795cdb3ace0a608ba26b11459c3a2f73824aff309043521e91be78f56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123610
x-xss-protection: 0
last-modified: Mon, 01 Jan 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 01 Jan 2024 11:14:38 GMT

GET
H2 200 api_dynamic.js Show response
cdn.dynamicyield.com/api/8772046/ 378 KB
44 KB 119ms
38ms Script
application/javascript 2600:9000:26a0:4e00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26a0:4e00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 30ca5a7ae3f12eb7d187d400d8c23903395c7e9c3fa7f85cb742785af28f2c81

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:39 GMT
content-encoding: gzip
via: 1.1 b00903dd6c0e35a04eab89fc03a8023e.cloudfront.net (CloudFront)
last-modified: Thu, 28 Dec 2023 20:49:56 GMT
server: DYCDN
x-amz-cf-pop: YUL62-P2
x-amz-server-side-encryption: AES256
etag: W/"b89b7a9d333258d9640358edad54dc22"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=30
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: EJ-TYZnrUedAiK3B11LUDKi4QTdXY3o6kLHdLRz6ctdHRdCgYlvw_A==

GET
H2 200 api_static.js Show response
cdn.dynamicyield.com/api/8772046/ 385 KB
111 KB 151ms
70ms Script
application/javascript 2600:9000:26a0:4e00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26a0:4e00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 2c8574ba42424a1dcf02c58fda5e3482e2262e0b0dddd09e5935bd94e5eba03e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 07:26:51 GMT
content-encoding: gzip
via: 1.1 b00903dd6c0e35a04eab89fc03a8023e.cloudfront.net (CloudFront)
last-modified: Fri, 22 Dec 2023 09:27:57 GMT
server: DYCDN
age: 13668
x-amz-cf-pop: YUL62-P2
x-amz-server-side-encryption: AES256
etag: W/"81d82ff6d3b7239a1cfc7723116ee4aa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: i6iDJfvt5ZzQvkSC_3rV3b1uqwBjtVmxeYhhqCd0-3alFsW9NpdCuw==

GET
H/1.1 200
OK / Show response
api.ipify.org/ 20 B
220 B 100ms
32ms XHR
application/json 64.185.227.156
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 64.185.227.156 New York, United States, ASN18450 (WEBNX, US),
Reverse DNS: api.ipify.org
Software: nginx/1.25.1 /
Resource Hash: e1d5812685d65f3487de6b27522bdd6ab17573fa94f00570b04685cebf825ce6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 01 Jan 2024 11:14:38 GMT
Server: nginx/1.25.1
Connection: keep-alive
Content-Length: 20
Vary: Origin
Content-Type: application/json

GET
H/1.1 200
OK / Show response
api.ipify.org/ 20 B
220 B 99ms
31ms XHR
application/json 64.185.227.156
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 64.185.227.156 New York, United States, ASN18450 (WEBNX, US),
Reverse DNS: api.ipify.org
Software: nginx/1.25.1 /
Resource Hash: e1d5812685d65f3487de6b27522bdd6ab17573fa94f00570b04685cebf825ce6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 01 Jan 2024 11:14:38 GMT
Server: nginx/1.25.1
Connection: keep-alive
Content-Length: 20
Vary: Origin
Content-Type: application/json

GET
H2

200

callback
www.elfcosmetics.com/
Redirect Chain

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
https://www.elfcosmetics.com/callback?usid=46f2eb27-bcd5-443b-87ba-997575292d69&code=ufpXGOMDUA1Jwucaf9om_vEqZQhLo81n_vTDlQs8wLk

0
0

320ms
320ms

Fetch
application/json

204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/callback?usid=46f2eb27-bcd5-443b-87ba-997575292d69&code=ufpXGOMDUA1Jwucaf9om_vEqZQhLo81n_vTDlQs8wLk
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Server: 204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:39 GMT
via: 1.1 139fcf0656ce62dcfe3841c9c385a5c6.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 0
x-amz-cf-pop: SFO53-P2
age: 0
x-amzn-remapped-connection: close
x-amzn-requestid: bedd61e9-c5d3-436e-b51b-537536695e06
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1703880236-7730639938 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
x-amz-apigw-id: Q224-Fk6CYcEcOw=
content-length: 0
x-yottaa-forcecache: true
x-amzn-trace-id: Root=1-65929e9f-59d32ab3689fc36221f56f17;Sampled=0;lineage=2b75b0e9:0
content-type: application/json
cache-control: public, max-age=604800
x-yottaa-os: 200
x-yottaa-metrics: 2521cc028516/[228,226,-] 25D1cc0285aa/[-,228.779]
x-amzn-remapped-date: Mon, 01 Jan 2024 11:14:39 GMT
x-amz-cf-id: grWtJJycjO8gvsj1m157lBfgqKWAqmGSo0tT4TgnenQgKUCQPMX38Q==

Redirect headers

date: Mon, 01 Jan 2024 11:14:39 GMT
x-correlation-id: 83ea57023f16c3c0
via: 1.1 33296fd8128d04868ae5ae8907ff3c6c.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SFO53-P2
age: 0
x-yottaa-optimizations: ob/0 si/25D1cc0285aa-1703880236-7730639937 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
content-length: 0
pragma: no-cache
x-ratelimit-1m-remaining: 23458, 1974894
x-ratelimit-1m-reset: 20857, 20856
x-ratelimit-1m-limit: 24000, 2000000
vary: Accept-Encoding
location: https://www.elfcosmetics.com/callback?usid=46f2eb27-bcd5-443b-87ba-997575292d69&code=ufpXGOMDUA1Jwucaf9om_vEqZQhLo81n_vTDlQs8wLk
cache-control: no-store
x-yottaa-os: 303
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=Y06GUxEJRu5Mg7KRU8z6MszZBehrclm0iPJ32UvBtZk
x-yottaa-metrics: 2521cc028a8f/[167,165,-] 25D1cc0285aa/[-,168.724]
cf-ray: 83ea57023f16c3c0-SEA
x-amz-cf-id: rBSqI-cJpXdj0k1IpgxB9VsV2tacYrrEnRcqHgdS-nSdKXSRKN1ctA==

POST
H2 201 / Show response
sdk.iad-05.braze.com/api/v3/data/ 323 B
477 B 185ms
185ms XHR
application/json 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1a09824b6d7bbd0f5e82a23d14da408abfba60d02f5bdb48309d3ab6ca61bb1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest: true
X-Braze-DataRequest: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/json
Referer: https://www.elfcosmetics.com/
X-Requested-With: XMLHttpRequest

Response headers

date: Mon, 01 Jan 2024 11:14:39 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: MISS
x-request-id: 435b008d-eb62-4ae7-9818-12340fda08b1
x-served-by: cache-yyz4544-YYZ
x-runtime: 0.066240
etag: W/"1a09824b6d7bbd0f5e82a23d14da408a"
access-control-max-age: 7200
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin,Accept-Encoding
accept-ranges: bytes
x-cache-hits: 0

OPTIONS
H2 200 /
sdk.iad-05.braze.com/api/v3/data/ Frame 0
0 160ms
114ms Preflight 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
content-encoding: gzip
date: Mon, 01 Jan 2024 11:14:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-yyz4544-YYZ

GET
H2 200 6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json Show response
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 5 KB
2 KB 111ms
46ms XHR
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8a6566c7e926c37c010dc811a5e82d5eddad8b10057bf711f0f644be60707d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 11:14:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 43665
content-md5: 4swZDWVp4C0QChiGUbrcTg==
content-length: 1746
x-ms-lease-status: unlocked
last-modified: Tue, 14 Nov 2023 15:26:04 GMT
server: cloudflare
etag: 0x8DBE5260423F079
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b26488eb-901e-0084-770e-174b82000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea5701eae14bc0-BUF
expires: Tue, 02 Jan 2024 11:14:39 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 69 B
314 B 115ms
47ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 83ea57033c004bd5-BUF
access-control-allow-headers: Content-Type

GET
H2 200 st Show response
st.dynamicyield.com/ 114 KB
10 KB 171ms
66ms Script
text/javascript 2600:9000:269f:3400:15:ad21:c740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=x7ymn8sny0am4esoihfq3zv8y2zmymgo&ref=&scriptVersion=1.213.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-US%22%2C%22data%22%3A%5B%5D%7D
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:269f:3400:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4b86e4366d724a208a2cabc76612e12322b6ac17447ae4ed8ab268fd097ba266

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:39 GMT
content-encoding: gzip
via: 1.1 baa0aaa1ff4766ddf3afe80431a74b82.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control: no-cache
x-amz-cf-id: gxCdvy3SfZM01jiGuG-54amzaJVKgevgnKrb6JjlrsfZ3W0ZDJbVBQ==
expires: Mon, 01 Jan 2024 11:14:38 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 100ms
32ms Script
text/javascript 2607:f8b0:4004:c07::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 01 Jan 2024 09:49:35 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 5104
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 01 Jan 2024 11:49:35 GMT

GET activityi;src=9231397;type=retarget;cat=globa0;ord=1477341143591;auiddc=45982039.1704107679;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;d...
9231397.fls.doubleclick.net/ Frame 6A91 0
0

GET activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7748974885090;auiddc=45982039.1704107679;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;e...
10742279.fls.doubleclick.net/ Frame 28EB 0
0

GET
H2 200 cnxtag-min.js Show response
js.cnnx.link/roi/ 2 KB
1 KB 126ms
47ms Script
text/javascript 2600:9000:215f:b800:11:85b0:d600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:215f:b800:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:10:39 GMT
via: 1.1 google, 1.1 39379e6e28640430f64b963528b44426.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: YUL62-C2
age: 239
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
cache-control: max-age=600
x-amz-cf-id: CNJfkQb0Eidjcocv7PH1aGMhupiJTKcqJA-AadzyqkmPH1LFZs55rw==

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/ 404 KB
98 KB 40ms
40ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 11:14:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: XJk1ZZTljtwHFT3qcIJg+w==
age: 4732
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 99599
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:36 GMT
server: cloudflare
etag: 0x8DB82A15D413626
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 80bad15d-801e-006c-2fda-12d214000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea5704fd494bbd-BUF

GET
H2

200

cksync
hb.yahoo.net/
Redirect Chain

https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=229c18f2-90cb-493e-9992-e8fbf24ec4b8
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3D229c18f2-90cb-493e-9992-e8fbf24ec4b8
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=292962642707206150&ttd_tdid=229c18f2-90cb-493e-9992-e8fbf24ec4b8
https://ups.analytics.yahoo.com/ups/55953/sync?uid=229c18f2-90cb-493e-9992-e8fbf24ec4b8&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true
https://ups.analytics.yahoo.com/ups/55953/sync?uid=229c18f2-90cb-493e-9992-e8fbf24ec4b8&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=55953&ovsid=229c18f2-90cb-493e-9992-e8fbf24ec4b8&gdpr=0&redir=true
https://hb.yahoo.net/cksync?cs=63&axid_e=eS1aRFZpakl0RTJ1RzFSNGIyN0lQNzhJaV9famc2Tm5kVn5B&gdpr=0&ovsid=229c18f2-90cb-493e-9992-e8fbf24ec4b8&dpid=55953

57 B
662 B

469ms
327ms

Image
image/gif

23.15.9.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hb.yahoo.net/cksync?cs=63&axid_e=eS1aRFZpakl0RTJ1RzFSNGIyN0lQNzhJaV9famc2Tm5kVn5B&gdpr=0&ovsid=229c18f2-90cb-493e-9992-e8fbf24ec4b8&dpid=55953

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Server

23.15.9.48 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-15-9-48.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ed079d77ba54a8e4bfc931029de75b1f5128fcae45e274d53aca95f8ab17b438

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains, max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=86400 ; includeSubDomains, max-age=604800
date: Mon, 01 Jan 2024 11:14:40 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 57
x-mnet-hl2: E
expires: Mon, 01 Jan 2024 11:14:40 GMT

Redirect headers

location: https://hb.yahoo.net/cksync?cs=63&axid_e=eS1aRFZpakl0RTJ1RzFSNGIyN0lQNzhJaV9famc2Tm5kVn5B&gdpr=0&ovsid=229c18f2-90cb-493e-9992-e8fbf24ec4b8&dpid=55953
date: Mon, 01 Jan 2024 11:14:40 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

cnv
cnv.event.prod.bidr.io/log/
Redirect Chain

https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=2339fd0c-cfe9-4c1c-b192-e9a27ff6cb62&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=un...
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=f6556f8f-bd07-4cbd-9aa0-5535b9fcf3ad.&ord=3478421785171262347
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=f6556f8f-bd07-4cbd-9aa0-5535b9fcf3ad.&ord=3478421785171262347&_bee_ppp=1

43 B
796 B

43ms
43ms

Image
image/gif

54.157.127.36
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=f6556f8f-bd07-4cbd-9aa0-5535b9fcf3ad.&ord=3478421785171262347&_bee_ppp=1

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

HTTP/1.1

Server

54.157.127.36 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-157-127-36.compute-1.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
Date: Mon, 01 Jan 2024 11:14:40 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=f6556f8f-bd07-4cbd-9aa0-5535b9fcf3ad.&ord=3478421785171262347&_bee_ppp=1
Date: Mon, 01 Jan 2024 11:14:40 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 756 B
668 B 293ms
293ms XHR
application/json 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9992ab992ae41e546eb93aa9d9eddc29c03d4a9fbe3c61378c547b6ba281a45e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/json
BRAZE-SYNC-RETRY-COUNT: 0
Referer: https://www.elfcosmetics.com/
X-Requested-With: XMLHttpRequest
X-Braze-ContentCardsRequest: true

Response headers

date: Mon, 01 Jan 2024 11:14:39 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: MISS
x-request-id: a3384f2d-7839-4434-aa52-03f6131a390d
x-served-by: cache-yyz4544-YYZ
x-runtime: 0.248301
etag: W/"9992ab992ae41e546eb93aa9d9eddc29"
access-control-max-age: 7200
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin,Accept-Encoding
accept-ranges: bytes
x-cache-hits: 0

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 0
0 119ms
119ms Preflight 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
content-encoding: gzip
date: Mon, 01 Jan 2024 11:14:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-yyz4544-YYZ

POST
H2 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 600 B
655 B 74ms
73ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 43b24ab1dd1d38d82c01f58b737a381ef12a755fdc090b6b72802a25ac7445f3

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 Jan 2024 11:14:39 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 600

GET
H2 200 dy-coll-min.js Show response
cdn.dynamicyield.com/scripts/1.213.0/ 199 KB
62 KB 34ms
34ms Script
application/javascript 2600:9000:26a0:4e00:a:b89d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26a0:4e00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: DYCDN /
Resource Hash: 19b9a6628fa003af26766ce1578420be5068227a572c78f0e20b53e2f2fc1886

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 19:46:00 GMT
content-encoding: gzip
via: 1.1 b00903dd6c0e35a04eab89fc03a8023e.cloudfront.net (CloudFront)
last-modified: Sun, 15 Oct 2023 07:23:37 GMT
server: DYCDN
age: 1006120
x-amz-cf-pop: YUL62-P2
etag: W/"b587b1ed184fe1cb6e2ea31f12e547c2"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
link: <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id: PZCHx8rW5VYPdvVEW1xgPr7NUogfi2o2dVJKHQjLAc0qVEwaH4Yg7g==

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/fce1bc7f-b7cb-4383-a7e9-8430e48a01d7/ 202 KB
36 KB 44ms
44ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/fce1bc7f-b7cb-4383-a7e9-8430e48a01d7/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf1b4e2a57de561424fb99aa43ef462868d58d9c205a38ae3f564c10266a4dbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 11:14:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 43664
content-md5: A+auRPWlNU8wck+viG1D2g==
content-length: 36970
x-ms-lease-status: unlocked
last-modified: Tue, 14 Nov 2023 15:26:15 GMT
server: cloudflare
etag: 0x8DBE5260AC67F7E
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 45a814af-d01e-005e-170e-17d263000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea57056c374bc0-BUF
expires: Tue, 02 Jan 2024 11:14:39 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
212 B 41ms
40ms XHR
text/plain 2607:f8b0:4004:c07::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1434288175&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgAI~&jid=708169514&gjid=1642122045&cid=741843828.1704107680&tid=UA-432816-1&_gid=1856746597.1704107680&_r=1&_slc=1&gtm=45He3bt0n81WL3STMXv896608294&gcd=11l1l1l1l1&dma=0&z=421924741

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
350 B 111ms
41ms XHR
text/plain 2607:f8b0:4004:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-432816-1&cid=741843828.1704107680&jid=708169514&gjid=1642122045&_gid=1856746597.1704107680&_u=YEBAAEAAAAAAACgAI~&z=344671423

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9d Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 01 Jan 2024 11:14:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 114ms
47ms Fetch 3.161.213.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=882901&uid=7408421633541709471&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=0075c02422a5c0ff2b10c5367508eaef&expSes=97342&aud=1004392.1092373.1167402.1274296.1324059.1426804.1443347.1846919.884367.884372.884385.884387.998337.1182144.799438.799440&expVisitId=-2723716969296813324&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704107679682&rri=8442353
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.213.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-213-35.yul62.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:39 GMT
via: 1.1 7ea5749a224369d9af20b6d6ce7dbd92.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P1
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: dw-GOWXPGAUCWexFKuJwo_7zmowI2jOkN-kj_cGz533kDFqQfnE7EA==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 112ms
46ms Fetch 3.161.213.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=878712&uid=7408421633541709471&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=0075c02422a5c0ff2b10c5367508eaef&expSes=97342&aud=1004392.1092373.1167402.1274296.1324059.1426804.1443347.1846919.884367.884372.884385.884387.998337.1182144.799438.799440&expVisitId=-2723716969052598835&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704107679684&rri=6291054
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.213.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-213-35.yul62.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:39 GMT
via: 1.1 7ea5749a224369d9af20b6d6ce7dbd92.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P1
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: XOKGzUB2ZL7D6yLP1C2SkovBR3gNuoaDhPayXx3gq81ygcNo8xIwkQ==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 110ms
45ms Fetch 3.161.213.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=814232&uid=7408421633541709471&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=0075c02422a5c0ff2b10c5367508eaef&expSes=97342&aud=1004392.1092373.1167402.1274296.1324059.1426804.1443347.1846919.884367.884372.884385.884387.998337.1182144.799438.799440&expVisitId=-2723716969408930376&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704107679684&rri=3341261
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.213.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-213-35.yul62.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:39 GMT
via: 1.1 7ea5749a224369d9af20b6d6ce7dbd92.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P1
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: SZ0GmJdO-7ta-qzSpHtT0n4Mn0ozIlAYKAuxI7sUMnNJaCZbCMjDAA==
expires: 0

GET
H2 200 var
async-px.dynamicyield.com/ 0
0 111ms
47ms Fetch 3.161.213.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/var?cnst=1&_=669772&uid=7408421633541709471&sec=8772046&t=ri&e=1575901&p=1&ve=12692962&va=%5B28207095%5D&ses=0075c02422a5c0ff2b10c5367508eaef&expSes=97342&aud=1004392.1092373.1167402.1274296.1324059.1426804.1443347.1846919.884367.884372.884385.884387.998337.1182144.799438.799440&expVisitId=-2723716970725992044&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704107679685&rri=984250
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.213.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-213-35.yul62.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:39 GMT
via: 1.1 7ea5749a224369d9af20b6d6ce7dbd92.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P1
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: 33oWzSqUWeQLXd-zhLvmonueEKJTNfFJWMEdpCi-7b7HaNmkQSixcw==
expires: 0

POST
H2 200 uia Show response
async-px.dynamicyield.com/ 0
381 B 107ms
46ms XHR
text/plain 3.161.213.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/uia?cnst=1&_=1704107679688
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.213.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-213-35.yul62.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:39 GMT
via: 1.1 7ea5749a224369d9af20b6d6ce7dbd92.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P1
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: gfmIdtg7vRRt39s4UeM_eVf76Ji-QRL7cIsUVgbnqQ_19Hitpez7Ug==
expires: 0

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 13 KB
3 KB 43ms
42ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 11:14:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 5mNZducabMgxSDzBo+ZI8w==
age: 43663
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3017
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:30 GMT
server: cloudflare
etag: 0x8DB82A159AF8EA6
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 0c718e4e-201e-0081-6f27-129959000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea57066c8d4bc0-BUF

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/ 61 KB
12 KB 44ms
44ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 11:14:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: sXFDxCJwbPEMIT/8f5Prwg==
age: 43663
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12544
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:33 GMT
server: cloudflare
etag: 0x8DB82A15AFF8646
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: cdeea96a-a01e-006b-6ae6-1dbe77000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea57066c8f4bc0-BUF

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 21 KB
4 KB 43ms
43ms Fetch
text/css 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 11:14:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: oWkBTLgDDXvrUsd93y/Zxg==
age: 43663
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:41 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: d09127de-b01e-0048-64cd-1224b4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 83ea57066c904bc0-BUF

POST
H2 200 token Show response
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 2 KB
2 KB 272ms
272ms Fetch
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

3914e51c83eae4ff2aa8059effc381051b5efcbe579a2e0868c8c8d65f738834

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
accept-language: en-US,en;q=0.9
x-pwa-request: true
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 Jan 2024 11:14:39 GMT
content-encoding: gzip
x-correlation-id: 83ea5706ff95c878
cf-cache-status: DYNAMIC
via: 1.1 b9123be426d0e732cf10eff602d871c8.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SFO53-P2
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1703880236-7730639939 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
pragma: no-cache
x-ratelimit-1m-remaining: 23451, 1974445
x-ratelimit-1m-reset: 20118, 20117
vary: Accept-Encoding, User-Agent
x-ratelimit-1m-limit: 24000, 2000000
content-type: application/json
cache-control: no-store
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics: 2521cc028523/[174,173,-] 25D1cc0285aa/[-,174.528]
cf-ray: 83ea5706ff95c878-SEA
x-amz-cf-id: ZB1Ch2kwCV7N1v2gPJMNJNzZxhCTNgmGGJQdnVzzIs5gB7UJwyuRaA==

POST
H2 200 batch
async-px.dynamicyield.com/ 0
384 B 107ms
47ms Ping
text/plain 3.161.213.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://async-px.dynamicyield.com/batch?cnst=1&_=1704107679748_557259
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.213.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-213-35.yul62.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:39 GMT
via: 1.1 baa0aaa1ff4766ddf3afe80431a74b82.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P1
access-control-allow-methods: POST, GET, OPTIONS
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
x-amz-cf-id: n-xb8YvpKvfjHJQTg33JtYVHpI1o8Agid4xHr-9zP8OrfpuKsALhjw==
expires: 0

GET
H2

200

activityi;dc_pre=CLu1qOeHvIMDFf4PigMdLD8CYQ;src=9231397;type=retarget;cat=globa0;ord=1477341143591;auiddc=45982039.1704107679;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=4... Show response
9231397.fls.doubleclick.net/ Frame 6A91
Redirect Chain

https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=1477341143591;auiddc=45982039.1704107679;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm...
https://9231397.fls.doubleclick.net/activityi;dc_pre=CLu1qOeHvIMDFf4PigMdLD8CYQ;src=9231397;type=retarget;cat=globa0;ord=1477341143591;auiddc=45982039.1704107679;u6=%2Fcosmetic-criminals;u10=undefi...

644 B
553 B

51ms
50ms

Document
text/html

142.251.163.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9231397.fls.doubleclick.net/activityi;dc_pre=CLu1qOeHvIMDFf4PigMdLD8CYQ;src=9231397;type=retarget;cat=globa0;ord=1477341143591;auiddc=45982039.1704107679;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f149.1e100.net

Software

cafe /

Resource Hash

b5bb8c17c356ee8b1ba6a9861971d20314091f7af7e622941a239711799bf9fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 341
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 Jan 2024 11:14:39 GMT
expires: Mon, 01 Jan 2024 11:14:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 Jan 2024 11:14:39 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9231397.fls.doubleclick.net/activityi;dc_pre=CLu1qOeHvIMDFf4PigMdLD8CYQ;src=9231397;type=retarget;cat=globa0;ord=1477341143591;auiddc=45982039.1704107679;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

activityi;dc_pre=CLz6qOeHvIMDFR8QigMdVxoI7Q;src=10742279;type=elf8j0;cat=glo_flap;ord=7748974885090;auiddc=45982039.1704107679;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt... Show response
10742279.fls.doubleclick.net/ Frame 28EB
Redirect Chain

https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7748974885090;auiddc=45982039.1704107679;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He...
https://10742279.fls.doubleclick.net/activityi;dc_pre=CLz6qOeHvIMDFR8QigMdVxoI7Q;src=10742279;type=elf8j0;cat=glo_flap;ord=7748974885090;auiddc=45982039.1704107679;u1=https%3A%2F%2Fwww.elfcosmetics...

604 B
485 B

54ms
53ms

Document
text/html

142.251.163.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10742279.fls.doubleclick.net/activityi;dc_pre=CLz6qOeHvIMDFR8QigMdVxoI7Q;src=10742279;type=elf8j0;cat=glo_flap;ord=7748974885090;auiddc=45982039.1704107679;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f148.1e100.net

Software

cafe /

Resource Hash

43654211e823006c972c9fdd750bcb4719f93a25bd75e3d01efc0e276158ce87

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 310
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 Jan 2024 11:14:39 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 Jan 2024 11:14:39 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10742279.fls.doubleclick.net/activityi;dc_pre=CLz6qOeHvIMDFR8QigMdVxoI7Q;src=10742279;type=elf8j0;cat=glo_flap;ord=7748974885090;auiddc=45982039.1704107679;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
599 B 40ms
39ms Image
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 11:14:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 4768
x-ms-lease-status: unlocked
last-modified: Thu, 21 Dec 2023 21:20:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 81552adf-c01e-000f-5b93-344fef000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 83ea5706ede04bbd-BUF

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
490 B 39ms
38ms Fetch
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 11:14:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 43663
x-ms-lease-status: unlocked
last-modified: Thu, 21 Dec 2023 21:20:04 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: a9b48ef7-701e-0078-4f9b-349a7b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 83ea5706fcb14bc0-BUF

GET
H2 200 px
secure.adnxs.com/ 43 B
784 B 38ms
36ms Image
image/gif 68.67.160.186
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.186 Jersey City, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:39 GMT
an-x-request-uuid: c11cb3f7-7875-4eae-a406-dc01e58e70da
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 96.9.249.43; 96.9.249.43; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 41ms
40ms Image
image/png 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 11:14:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 10243
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Thu, 21 Dec 2023 21:20:05 GMT
server: cloudflare
etag: 0x8DC026A9A33BA9F
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 2916b006-b01e-0077-67ae-34ec17000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 83ea57071df64bbd-BUF

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 40ms
39ms Image
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 01 Jan 2024 11:14:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 10379
x-ms-lease-status: unlocked
last-modified: Thu, 21 Dec 2023 21:20:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: a220a8b7-a01e-006b-498a-34be77000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 83ea57071df74bbd-BUF

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 116ms
45ms Image
image/gif 2607:f8b0:4004:c09::63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=741843828.1704107680&jid=708169514&_u=YEBAAEAAAAAAACgAI~&z=589631404

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::63 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 clog Show response
px.dynamicyield.com/ 0
228 B 131ms
47ms XHR
text/plain 44.215.235.184
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://px.dynamicyield.com/clog
Requested by: Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.215.235.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-215-235-184.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:39 GMT
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With
content-length: 0
expires: 0

GET
H2

204

t
evt.undertone.com/ Frame 6A91
Redirect Chain

https://ads.undertone.com/t?trackerid=7729&cb=2115282443
https://evt.undertone.com/t?trackerid=7729&cb=2115282443

0
654 B

133ms
70ms

Image
text/plain

3.161.213.114
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evt.undertone.com/t?trackerid=7729&cb=2115282443
Requested by: Host: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;dc_pre=CLu1qOeHvIMDFf4PigMdLD8CYQ;src=9231397;type=retarget;cat=globa0;ord=1477341143591;auiddc=45982039.1704107679;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?
Protocol: H2
Server: 3.161.213.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-213-114.yul62.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://9231397.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:40 GMT
via: 1.1 1444171bfa6dc77903048694929271f2.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P1
x-cache: Miss from cloudfront
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
access-control-allow-origin: https://9231397.fls.doubleclick.net/
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
x-amz-cf-id: DmYklCPxWiB1xOVcdMHU7upKIu7ablYZv3PbDqbfwaEm9rL-bQzoVQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Mon, 01 Jan 2024 11:14:39 GMT
via: 1.1 18b0fca4845f3542d7f0566683e26626.cloudfront.net (CloudFront)
accept-ch: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
x-amz-cf-pop: YUL62-C2
x-cache: Miss from cloudfront
location: https://evt.undertone.com/t?trackerid=7729&cb=2115282443
content-length: 0
x-amz-cf-id: lo1uyySEvuhXxvK3_mNr4GU0qjzh1ZGgbN30vH1d1HyNYMm6nf0lnw==

GET
H2 200 dc_pre=CLu1qOeHvIMDFf4PigMdLD8CYQ;src=9231397;type=retarget;cat=globa0;ord=1477341143591;auiddc=*;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1...
adservice.google.com/ddm/fls/z/ Frame 6A91 42 B
401 B 121ms
52ms Image
image/gif 2607:f8b0:4004:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLu1qOeHvIMDFf4PigMdLD8CYQ;src=9231397;type=retarget;cat=globa0;ord=1477341143591;auiddc=*;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals

Requested by

Host: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;dc_pre=CLu1qOeHvIMDFf4PigMdLD8CYQ;src=9231397;type=retarget;cat=globa0;ord=1477341143591;auiddc=45982039.1704107679;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9d Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://9231397.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CLz6qOeHvIMDFR8QigMdVxoI7Q;src=10742279;type=elf8j0;cat=glo_flap;ord=7748974885090;auiddc=45982039.1704107679;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v89660829... Show response
adservice.google.com/ddm/fls/i/ Frame CBA0 194 B
212 B 108ms
53ms Document
text/html 2607:f8b0:4004:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CLz6qOeHvIMDFR8QigMdVxoI7Q;src=10742279;type=elf8j0;cat=glo_flap;ord=7748974885090;auiddc=45982039.1704107679;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals

Requested by

Host: 10742279.fls.doubleclick.net
URL: https://10742279.fls.doubleclick.net/activityi;dc_pre=CLz6qOeHvIMDFR8QigMdVxoI7Q;src=10742279;type=elf8j0;cat=glo_flap;ord=7748974885090;auiddc=45982039.1704107679;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9d Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10742279.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 85
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 Jan 2024 11:14:40 GMT
expires: Mon, 01 Jan 2024 11:14:40 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 sessions Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 0
1 KB 536ms
536ms XHR
text/plain 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
accept-language: en-US,en;q=0.9
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjQ2ZjJlYjI3LWJjZDUtNDQzYi04N2JhLTk5NzU3NTI5MmQ2OSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDEwNzY0OSwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsYnhLa0t0R2tIQVJ3S2xJbHFZWWxibEc6OmNoaWQ6ICIsImV4cCI6MTcwNDEwOTQ3OSwiaWF0IjoxNzA0MTA3Njc5LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NzcyNTk2MDU0MzU4MTc0In0.8AMajv09XHUXbBwGqgrXZ1r-XQaowetHUa-mG7pPMJbGoGv2ti0B5jSt0RJYwfgmrhVuXYZZ-b2C-YuQCFyzbA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:40 GMT
via: 1.1 9b64e6d3539557e166b875a71dd8ecf4.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: SFO53-P2
age: 0
x-yottaa-optimizations: ob/0 si/25D1cc0285aa-1703880236-7730639940 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
pragma: no-cache
allow: OPTIONS,POST
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 2521cc028a86/[445,445,-] 25D1cc0285aa/[-,446.988]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges: bytes
cf-ray: 83ea57090b82c4c0-SEA
x-dw-request-base-id: khl6Q6CekmUBAAB_
x-amz-cf-id: MoX8bCdhKaA-n6KXAKVSlpv66TVmTyVjE5ZuELn3lc4fgOptoWYjjA==
x-yottaa-os: 204
expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H2 200 shoppercontext Show response
www.elfcosmetics.com/api/v1/ 114 B
784 B 712ms
711ms XHR
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 6b42a56b231d70ea3691b9f46363b9f8ed6ca35f6b50084718669b8beac1e57d

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
accept-language: en-US,en;q=0.9
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjQ2ZjJlYjI3LWJjZDUtNDQzYi04N2JhLTk5NzU3NTI5MmQ2OSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDEwNzY0OSwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsYnhLa0t0R2tIQVJ3S2xJbHFZWWxibEc6OmNoaWQ6ICIsImV4cCI6MTcwNDEwOTQ3OSwiaWF0IjoxNzA0MTA3Njc5LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NzcyNTk2MDU0MzU4MTc0In0.8AMajv09XHUXbBwGqgrXZ1r-XQaowetHUa-mG7pPMJbGoGv2ti0B5jSt0RJYwfgmrhVuXYZZ-b2C-YuQCFyzbA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Mon, 01 Jan 2024 11:14:40 GMT
via: 1.1 968842023e92f9868a60ec906f146c2c.cloudfront.net (CloudFront)
content-encoding: gzip
x-amzn-remapped-content-length: 114
x-amz-cf-pop: SFO53-P2
age: 0
x-amzn-remapped-connection: close
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1703880236-7730639941 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-amzn-requestid: 900bad91-11c2-49f9-a47c-3f1dccb502bc
x-cache: Miss from cloudfront
x-amz-apigw-id: Q225FGrbiYcEubQ=
content-length: 108
etag: W/"72-HgdmTgyCF/DQfqnMU3u+4UstAzI"
x-amzn-trace-id: Root=1-65929ea0-2ea5d14e3082fa5c725662de;Sampled=0;lineage=2b75b0e9:0
content-type: application/json; charset=utf-8
x-yottaa-os: 200
x-yottaa-metrics: 2521cc028a87/[621,620,-] 25D1cc0285aa/[-,622.514]
x-amzn-remapped-date: Mon, 01 Jan 2024 11:14:40 GMT
x-amz-cf-id: mUDQ5CpN08AeEIxMjvrvMOftcs6l3wKo142_0DjbTICR_vgVZpsKgA==

GET
H2 200 geo-ip Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 199 B
870 B 413ms
412ms XHR
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.43

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language: en-US,en;q=0.9
x-pwa-request: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Mon, 01 Jan 2024 11:14:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 b3bd576a8737b681477ac8e12b113dc4.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P2
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1703880236-7730639942 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.43
x-yottaa-metrics: 2521cc028a89/[320,319,-] 25D1cc0285aa/[-,321.521]
cf-ray: 83ea5709fa21c373-SEA
x-dw-request-base-id: khl3Q6CekmUBAAB_
x-amz-cf-id: 09euwf9GEhzfRjFgnDtKIEqx4bf8Pg1KR7UP6G0FJNSO2EFN1YBFXA==

GET
H2 200 geo-ip Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 199 B
870 B 410ms
409ms XHR
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.43

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language: en-US,en;q=0.9
x-pwa-request: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Mon, 01 Jan 2024 11:14:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 ab6fdf5fb199d6495c32e485c23f5728.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P2
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1703880236-7730639943 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.43
x-yottaa-metrics: 2521cc028a8b/[316,314,-] 25D1cc0285aa/[-,317.181]
cf-ray: 83ea5709ec0ac399-SEA
x-dw-request-base-id: 22Rat6CekmUBAAB_
x-amz-cf-id: pLhIwjkMbSY9AIfGaqqLClE3S2cYLfauqZC_J18KM6blKV3EKURQyw==

GET
H2 200 baskets Show response
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/ablbxKkKtGkHARwKlIlqYYlblG/ 11 B
825 B 309ms
308ms Fetch
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/ablbxKkKtGkHARwKlIlqYYlblG/baskets?siteId=elf-us

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
accept-language: en-US,en;q=0.9
x-pwa-request: true
Authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjQ2ZjJlYjI3LWJjZDUtNDQzYi04N2JhLTk5NzU3NTI5MmQ2OSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDEwNzY0OSwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsYnhLa0t0R2tIQVJ3S2xJbHFZWWxibEc6OmNoaWQ6ICIsImV4cCI6MTcwNDEwOTQ3OSwiaWF0IjoxNzA0MTA3Njc5LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NzcyNTk2MDU0MzU4MTc0In0.8AMajv09XHUXbBwGqgrXZ1r-XQaowetHUa-mG7pPMJbGoGv2ti0B5jSt0RJYwfgmrhVuXYZZ-b2C-YuQCFyzbA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:40 GMT
x-correlation-id: 83ea5709db13ec8c
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 139fcf0656ce62dcfe3841c9c385a5c6.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P2
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1703880236-7730639944 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding: gzip
x-cache: Miss from cloudfront
content-length: 37
allow: GET,HEAD,OPTIONS
x-ratelimit-remaining: 999
content-type: application/json;charset=UTF-8
vary: Accept-Encoding
sfdc_load: 1
cache-control: max-age=0,no-cache,no-store
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/ablbxKkKtGkHARwKlIlqYYlblG/baskets?siteId=elf-us
x-ratelimit-limit: 99999
accept-ranges: bytes
cf-ray: 83ea5709db13ec8c-SEA
x-amz-cf-id: yBwe013GSZvR88Q-5R0Dp49REukIDaY1ZPkqJYJd7ac2A8zpVyzOBQ==
x-yottaa-metrics: 2521cc028a8c/[215,213,-] 25D1cc0285aa/[-,216.542]

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 77 B
197 B 173ms
173ms XHR
application/json 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

40bf361efafc0be284d70e1b728fef7191e1158ac3e6a28b593c735f4f81dbea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key: 609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/json
BRAZE-SYNC-RETRY-COUNT: 0
Referer: https://www.elfcosmetics.com/
X-Requested-With: XMLHttpRequest
X-Braze-ContentCardsRequest: true

Response headers

date: Mon, 01 Jan 2024 11:14:40 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: MISS
x-request-id: 759a594b-5baa-47e0-ba11-4fd1c67c65ec
x-served-by: cache-yyz4544-YYZ
x-runtime: 0.127472
etag: W/"40bf361efafc0be284d70e1b728fef71"
access-control-max-age: 7200
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin,Accept-Encoding
accept-ranges: bytes
x-cache-hits: 0

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 0
0 43ms
42ms Preflight 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
content-encoding: gzip
date: Mon, 01 Jan 2024 11:14:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-yyz4544-YYZ

POST
H3 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 32 B
49 B 53ms
52ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 Jan 2024 11:14:39 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32

POST
H2 200 baskets Show response
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 3 KB
2 KB 454ms
453ms XHR
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

54ec9eb13dc5e72cc114e01b65fde280da3fc964e945b29ab445d6d3b0a0c21a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language: en-US,en;q=0.9
x-pwa-request: true
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjQ2ZjJlYjI3LWJjZDUtNDQzYi04N2JhLTk5NzU3NTI5MmQ2OSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDEwNzY0OSwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsYnhLa0t0R2tIQVJ3S2xJbHFZWWxibEc6OmNoaWQ6ICIsImV4cCI6MTcwNDEwOTQ3OSwiaWF0IjoxNzA0MTA3Njc5LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NzcyNTk2MDU0MzU4MTc0In0.8AMajv09XHUXbBwGqgrXZ1r-XQaowetHUa-mG7pPMJbGoGv2ti0B5jSt0RJYwfgmrhVuXYZZ-b2C-YuQCFyzbA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Mon, 01 Jan 2024 11:14:40 GMT
via: 1.1 052960a51348e5c17ce749c03a1fac58.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: SFO53-P2
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1703880236-7730639945 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
content-length: 1049
pragma: no-cache
etag: 7e673971dd04eb38a43cf47f9abdd95d8a8169cf33cd85f25b75ada3f71e820e
allow: OPTIONS,POST
content-type: application/json;charset=UTF-8
x-dw-resource-state: 7e673971dd04eb38a43cf47f9abdd95d8a8169cf33cd85f25b75ada3f71e820e
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 2521cc028a8d/[362,361,-] 25D1cc0285aa/[-,363.732]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges: bytes
cf-ray: 83ea570bce02c4c0-SEA
x-dw-request-base-id: khmAQ6GekmUBAAB_
x-amz-cf-id: s_tEbqXnKPnL8853nKDNS2JAZdAq2Dd2tk8eaUR5yvtPcrfxtBNUpw==
x-yottaa-os: 200
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 34ms
33ms Image
image/gif 2607:f8b0:4004:c07::71
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1434288175&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ux&ea=scrolled%20page&el=25%25&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=741843828.1704107680&tid=UA-432816-1&_gid=1856746597.1704107680&gtm=45He3bt0n81WL3STMXv896608294&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=US&gcd=11l1l1l1l1&dma=0&z=96024961

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 04:47:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23239
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 35ms
34ms Image
image/gif 2607:f8b0:4004:c07::71
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1434288175&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ux&ea=scrolled%20page&el=50%25&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=741843828.1704107680&tid=UA-432816-1&_gid=1856746597.1704107680&gtm=45He3bt0n81WL3STMXv896608294&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=US&gcd=11l1l1l1l1&dma=0&z=2105654850

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 04:47:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23239
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 36ms
35ms Image
image/gif 2607:f8b0:4004:c07::71
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1434288175&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ux&ea=scrolled%20page&el=75%25&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=741843828.1704107680&tid=UA-432816-1&_gid=1856746597.1704107680&gtm=45He3bt0n81WL3STMXv896608294&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=US&gcd=11l1l1l1l1&dma=0&z=69168690

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 04:47:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23239
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 35ms
34ms Image
image/gif 2607:f8b0:4004:c07::71
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1434288175&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ux&ea=scrolled%20page&el=95%25&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=741843828.1704107680&tid=UA-432816-1&_gid=1856746597.1704107680&gtm=45He3bt0n81WL3STMXv896608294&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=US&gcd=11l1l1l1l1&dma=0&z=199897944

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 04:47:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23239
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 5 KB
6 KB 174ms
42ms Image
image/png 2606:4700:4400::6812:2a49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2a49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:41 GMT
x-amz-version-id: null
cf-cache-status: HIT
age: 82120
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 5378
last-modified: Sun, 31 Dec 2023 08:18:17 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 83ea570f9abf4bc1-BUF
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 2 KB
1 KB 176ms
44ms Image
image/svg+xml 2606:4700:4400::6812:2a49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2a49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:41 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
age: 62261
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 31 Dec 2023 11:21:28 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 83ea570f9abe4bc1-BUF
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 icon-noun-snowflake-1044022
elfcosmetics.a.bigcontent.io/v1/static/ 3 KB
1 KB 175ms
43ms Image
image/svg+xml 2606:4700:4400::6812:2a49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-snowflake-1044022?%24Desktop%24=&fmt=auto
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2a49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30766af54516bbc623c690d7506f7d86b6c987acbcc1229debb7dff8f463459b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:41 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
age: 82120
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 31 Dec 2023 06:33:07 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 83ea570f9abd4bc1-BUF
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

POST
H2 200 event
qoe-1.yottaa.net/log-nt/ 3 B
191 B 152ms
71ms Ping
text/json 204.2.50.18
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://qoe-1.yottaa.net/log-nt/event
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.2.50.18 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 01 Jan 2024 11:14:41 GMT
access-control-expose-headers: X-Results-Data-Source
access-control-allow-credentials: true
cache-control: no-cache
timing-allow-origin: *
content-type: text/json

GET
H/1.1 200
OK main.js Show response
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 144 KB
42 KB 140ms
37ms Script
application/javascript 184.27.13.189
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.27.13.189 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-27-13-189.deploy.static.akamaitechnologies.com

Software

nginx / Express

Resource Hash

ec82b31e96055d86efd9adec9781b4b588e877c51b1b62ce71dbf73d64ab5318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15768000
Content-Encoding: gzip
Date: Mon, 01 Jan 2024 11:14:41 GMT
Server: nginx
ETag: W/"5dfe8369a3933fdb6e1183aaae1f4985cce427b9"
X-Powered-By: Express
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: must-revalidate, max-age=900
Connection: keep-alive
Content-Length: 42894
Expires: Mon, 01 Jan 2024 11:29:41 GMT

GET
H2 200 110221.ct.js Show response
tag.rmp.rakuten.com/ 47 KB
15 KB 98ms
38ms Script
text/javascript 34.102.147.248
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.rmp.rakuten.com/110221.ct.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

248.147.102.34.bc.googleusercontent.com

Software

Resource Hash

9b3632368a9856515572ac89df71707fcef5d58219d9b7c1b1de04a995f30973

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: gzip
via: 1.1 google
strict-transport-security: max-age=31536000
last-modified: Mon, 01 Jan 2024 11:14:41 GMT
x-cache: hit
x-samesite: secure
content-type: text/javascript
cache-control: max-age=86400
x-dyn: 0
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 js Show response
www.paypal.com/sdk/ 405 KB
113 KB 139ms
92ms Script
application/javascript 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

406c93b0692878bad84a4f34065184d023ac12f1b92d9cb0398642fb0de45c2d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
disable-set-cookie: true
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Mon, 01 Jan 2024 11:14:41 GMT
age: 554
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT, HIT, MISS
p3p: true
paypal-debug-id: f795141b825a2
server-timing: "traceparent;desc="00-0000000000000000000f795141b825a2-e84f1f95b6377d83-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 113491
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200160-BUR, cache-yyz4583-YYZ, cache-yyz4583-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f795141b825a2-87afe40249f9ddae-01
x-timer: S1704107681.142213,VS0,VE70
etag: W/"1bb53-c79XMxVek5EmjAexQ41SV+7fXh0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 126, 1, 0

GET
H/1.1 200
OK / Show response
websdk.appsflyer.com/ 38 KB
12 KB 137ms
39ms Script
application/javascript 2600:1408:c400:59::17d5:9e04
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://websdk.appsflyer.com/?st=banners&
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:59::17d5:9e04 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 11:14:41 GMT
Content-Encoding: gzip
x-amz-request-id: VPCP98F3K3N7Y0S8
x-amz-server-side-encryption: AES256
Connection: keep-alive
Content-Length: 11792
x-amz-id-2: J0ehP83iGtFhFDzx9znFBbdK81DLNN3txzQUDzGLeFDByel0pX1qQacK6amhO9VxDmxquql6M8o=
Last-Modified: Wed, 14 Jun 2023 06:58:45 GMT
Server: AmazonS3
ETag: "5a676288bcea03bd05e483bc4ce066ae"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=1571
Accept-Ranges: bytes
X-DataStream-Cache-Status: 1
Expires: Mon, 01 Jan 2024 11:40:52 GMT

GET
H2 200 loader.js Show response
cdn.usehero.com/ 98 KB
28 KB 114ms
35ms Script
application/javascript 2600:9000:269f:5800:13:d6f4:3240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.usehero.com/loader.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:269f:5800:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:06:38 GMT
content-encoding: gzip
via: 1.1 905aa3bc80ce385e5945d99189fc1eac.cloudfront.net (CloudFront)
last-modified: Tue, 19 Sep 2023 07:56:38 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-P1
age: 485
x-amz-server-side-encryption: AES256
etag: W/"fbf714a58cbac38c0deea519667d9044"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: U0Cb9l7AoXbwoYPbk584rmMBGFPg59w24ZNbBKlQa4gmX9BXO3dP2g==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10812184462/ 2 KB
2 KB 46ms
46ms Script
text/javascript 2607:f8b0:4004:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10812184462/?random=1704107679441&cv=11&fst=1704107679441&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&auid=45982039.1704107679&rfmt=3&fmt=4

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9d Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

33018e0e7c93bcdf7248c1dafe3f43352bd0f0dd90830863918942488b085459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1234
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/698270988/ 3 KB
2 KB 125ms
50ms Script
text/javascript 172.253.115.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/698270988/?random=1704107679446&cv=11&fst=1704107679446&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&bttype=purchase&auid=45982039.1704107679&rfmt=3&fmt=4

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f156.1e100.net

Software

cafe /

Resource Hash

b684d7c22d3097709f2c66673fc6a85d2ca775b6413de7ba97116ea59dea77fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1580
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 PWA-UpdateSession Show response
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/ 56 B
1 KB 533ms
532ms XHR
application/json 204.2.133.170
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.133.170 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6

Request headers

Referer: https://www.elfcosmetics.com/cosmetic-criminals
accept-language: en-US,en;q=0.9
x-pwa-request: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: gzip
via: 1.1 23e0198e3ba45afaefc61c0d0fc4eacc.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: SFO53-P2
age: 0
x-yottaa-optimizations: ob/1000 si/25D1cc0285aa-1703880236-7730639951 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache: Miss from cloudfront
pragma: no-cache
content-type: application/json
cache-control: no-cache, no-store, must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
x-yottaa-metrics: 2521cc02851d/[442,440,-] 25D1cc0285aa/[-,443.237]
cf-ray: 83ea570f8bcb30a2-SEA
x-dw-request-base-id: 22Rrt6GekmUBAAB_
x-amz-cf-id: FwAGORdo2Ui32qhGG6T7dzJ1_fY5XF1O7L44PoT9FEVFYEqJ3poivQ==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/865242110/ 2 KB
2 KB 46ms
46ms Script
text/javascript 2607:f8b0:4004:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/865242110/?random=1704107679485&cv=11&fst=1704107679485&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&auid=45982039.1704107679&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&rfmt=3&fmt=4

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9d Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a63234aa6d19c1cf164e144fae39c9db747379929997242013c13e4af15a7c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1264
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/ 2 KB
2 KB 51ms
51ms Script
text/javascript 2607:f8b0:4004:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1704107679486&cv=11&fst=1704107679486&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&auid=45982039.1704107679&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&rfmt=3&fmt=4

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9d Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d8c23e6db22357100d7f659338f74b739c432957c7b49891f1065d2fe37052a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1266
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 scevent.min.js Show response
sc-static.net/ 41 KB
18 KB 139ms
66ms Script
application/javascript 54.230.48.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.48.245 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-48-245.yul62.r.cloudfront.net
Software: CloudFront /
Resource Hash: ab12e815caea6aba8fe2da60e7d298cccb649166f81926ff64e5dc56ea526522

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: gzip
via: 1.1 0df778cadb5eaa000de4f1d7838b16e0.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: YUL62-C2
x-cache: Miss from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 17610
x-amz-cf-id: L5NpyVYhlwYB2F1_JAS_2gZjk3tL54pTsuzYJGipTh6_G0jSDfq7yw==

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 4 KB
2 KB 150ms
35ms Script
application/javascript 2600:1408:c400:38e::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:38e::1931 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ef45c21f7e054481c81992c1a46293a28c9bb8b3722bc566479326187f473c8c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

akamai-x-true-ttl: 7200
content-encoding: br
x-cdn: akamai
etag: "8d7d8ce32aa2a45d64e9f04a9a5cb1c4"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: X-CDN
cache-control: max-age=7200
accept-ranges: bytes
alt-svc: h3=":443"; ma=600
content-length: 1793

GET
H2 200 /
www.google.com/pagead/1p-user-list/10812184462/ 42 B
154 B 47ms
47ms Image
image/gif 2607:f8b0:4004:c09::63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10812184462/?random=1704107679441&cv=11&fst=1704106800000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_hZVOMjZ5FpHAbfXTtc6z1o6NeywB6KoVupCI8EhYBCz8Kfgn&random=2771936372&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::63 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:41 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 223ms
72ms Script
application/x-javascript 2a03:2880:f07d:0:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f07d:0:face:b00c:0:3 Apodaca, Mexico, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 01 Jan 2024 11:14:41 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: 6K2FPczEGSABxDQdDqAuuIl2WD0fC6fXXpudNEhLw06XdmCEpDKwHU4eqOND8kX90U56tWeF8hPWUP9BV2SMMg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 26 KB
9 KB 112ms
33ms Script
application/javascript 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Tue, 12 Dec 2023 19:56:38 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "ead4fccfb1bebd02138cf2dcadd7dcba"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 8123

GET
H2 200 /
www.google.com/pagead/1p-user-list/865242110/ 42 B
108 B 47ms
46ms Image
image/gif 2607:f8b0:4004:c09::63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/865242110/?random=1704107679485&cv=11&fst=1704106800000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_MwFMav0SRnvpj520htJcs7pFPzxDrQfbos-OKYt-Mo6BiYuS&random=1936835985&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::63 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:41 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/698270988/ 42 B
108 B 46ms
45ms Image
image/gif 2607:f8b0:4004:c09::63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/698270988/?random=1704107679486&cv=11&fst=1704106800000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_KCWJrat8PlFkNkwpq5TkgEvJ2MdDJEBjRMKBfB5aOYMWxr6C&random=2657203008&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::63 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:41 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 6 KB
3 KB 130ms
53ms Script
application/javascript 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 6b8b7d08422b149cf2cce104848f82adb77f46bd5d1490ecab088b1540e175c4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id: c651b9b5
date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24010111144171968A9F1CEA7C532F7E-0C3010FDFD5222BE-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=0, origin; dur=16
content-length: 1947
pragma: no-cache
server: nginx
x-tt-logid: 2024010111144171968A9F1CEA7C532F7E
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 16,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c30d3ca74dc9f81ca0176865fbfaf6267863f6145352ae8c818607c33ddbdf2cdd0fd5c252ebd9ca1014c7b501c2234a3b98597fc19bbc1f72809462418c29127ce
expires: Mon, 01 Jan 2024 11:14:41 GMT

GET
H2 200 widget.js Show response
js.jebbit.com/companion/v1/ 44 KB
44 KB 137ms
37ms Script
text/javascript 2600:9000:21a2:2400:a:7914:b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.jebbit.com/companion/v1/widget.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21a2:2400:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a68adcd6e4525179b1a4e28b16abe4777a0afb870b4317b427f6d6ea8fbe22ed

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: Uw77y8f3Lm7O6.ZhO9qLmkRQyA3BbYtB
date: Mon, 01 Jan 2024 08:58:11 GMT
via: 1.1 1df98836515ac348d12c9af86e1ecc48.cloudfront.net (CloudFront)
last-modified: Thu, 21 Dec 2023 18:01:49 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C1
age: 8191
x-amz-server-side-encryption: AES256
etag: "c3a781ab856fe1e791e7bbb3d0023f28"
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 45036
x-amz-cf-id: xC5te-BNzwZ4Nsni2yOsM1zlXBYBaxkEkUkr2Z0BogHorH0DtRgfEg==

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 121ms
46ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 01 Jan 2024 11:14:40 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DF556F5394804BF0A13DD7AD4F16CCB7 Ref B: EWR311000108027 Ref C: 2024-01-01T11:14:41Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2 200 1a8bfa042c9c5.js Show response
t.contentsquare.net/uxa/ 283 KB
68 KB 111ms
38ms Script
application/javascript 13.225.195.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.195.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-195-100.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e164d3eb3e9b278fea4e13e0d68d3f1bb3fc421c3a2b709710ddfe8762dc4fad

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 07:20:56 GMT
content-encoding: br
via: 1.1 1df98836515ac348d12c9af86e1ecc48.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C1
age: 0
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 69384
last-modified: Tue, 19 Dec 2023 14:04:54 GMT
server: AmazonS3
etag: "cf13703979657a27cb3c3eeda3bbb72a"
vary: Origin
content-type: application/javascript;charset=utf-8
cache-control: max-age=900
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: -MKVHs5ZA0cUOBUBrV73SVx41vqHi5OrztIrrE0PDubxJOq6aMiNZg==

GET
H2 200 display Show response
api.usehero.com/webplugin/ 189 B
1 KB 179ms
67ms XHR
application/json 3.220.158.64
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&state=untouched&outboundFeature=

Requested by

Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.220.158.64 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-220-158-64.compute-1.amazonaws.com

Software

Resource Hash

e5bc8202b6c886b98b96b9735213ab2e54ecd18714d2e01772ced3f4340207c0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies: none
surrogate-control: no-store
x-dns-prefetch-control: off
klarna-correlation-id: 4d1664f3-ae52-4f3e-b290-dc9e7b66bd76
cross-origin-resource-policy: same-origin
x-geo-longitude: -78.89270
pragma: no-cache
referrer-policy: same-origin
etag: W/"bd-KLDDSBUfIaAsjjQLHO2h4ywGGzk"
x-frame-options: SAMEORIGIN
x-geo-zip: 14202
content-type: application/json; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?1
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude: 42.88670
x-accuracy: 20
expires: 0
date: Mon, 01 Jan 2024 11:14:41 GMT
strict-transport-security: max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp
x-time-zone: America/New_York
x-envoy-upstream-service-time: 11
content-length: 189
x-xss-protection: 0
x-request-id: 4d1664f3-ae52-4f3e-b290-dc9e7b66bd76
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-country: US
x-geo-city: Buffalo

GET
H2 200 i.js Show response
tag.wknd.ai/4142/ 18 KB
6 KB 96ms
29ms Script
text/plain 34.120.253.250
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.wknd.ai/4142/i.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 250.253.120.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: 9a77cbb7b054563b83506932790e70186ba3a92e69a147216e3176337178adbb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:03 GMT
content-encoding: gzip
via: 1.1 google
age: 38
x-envoy-upstream-service-time: 0
x-region: us-central1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5754
server: istio-envoy
etag: 84d224ee45e478
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=60
timing-allow-origin: *
link: <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect

GET
H2 200 sdk.js Show response
analytics.tiktok.com/i18n/pixel/ 8 KB
3 KB 64ms
42ms Script
application/javascript 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=BRR4GA0I9JJBU29G8GF0
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 1bfd87b509bdab30b8c516142578d5ba9dd60d2254bfeb0c94419d8e944bd433

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id: c651b9b6
date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101111441797F585B73F790E1F9B8-14517EEAF8AEE2B0-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=0, origin; dur=6
content-length: 2374
pragma: no-cache
server: nginx
x-tt-logid: 20240101111441797F585B73F790E1F9B8
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 6,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c309a75c50b4a68da519bdad0e257bf02047f05c4a5ed7617589c461a61b636933b261168dfe0be41e715f930153134ddc70564ee368c476f1dcb95bb4a934c07b6
expires: Mon, 01 Jan 2024 11:14:41 GMT

GET
H3

200

/
www.google.com/pagead/1p-conversion/698270988/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=842134551&cv=11&fst=1704107679446&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u...
https://www.google.com/pagead/1p-conversion/698270988/?random=842134551&cv=11&fst=1704107679446&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%...

42 B
64 B

48ms
48ms

Image
image/gif

2607:f8b0:4004:c09::63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/698270988/?random=842134551&cv=11&fst=1704107679446&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&auid=45982039.1704107679&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEVJZ09MSnJBWVF6YzdkeXEzUjRfdm9BUklrQUpSUmV6TW8xQmp5c0kzWUdxTFZ4Vk9RdUtGeFBNVVFrX1BwVUttWTA1WVpYeTY2GldDaEVJZ09MSnJBWVFvNEhPNVBQaXZ0M1NBUklzQVBDSGtpVGdtdDZ0SWJOT1B0Q3NMUkJ1cFlyZ055b2NKanBUM0Q4WHdzYmY2d0Fqc0lYY05kczlzSkkiEwjjk_znh7yDAxVpDmgIHT9CBxo&is_vtc=1&ocp_id=oZ6SZaO_C-mcoPMPv4Sd0AE&cid=CAQSKQAvHhf_Mv-j-KYIfgduQdijPKn6JFrerwm2O3jX-_LN2F9tLWodS4hN&eitems=ChEIgOLJrAYQ1tWj2sWOtp_NARIdANJWnmWz9aAu-0XJAzEbCwoMQ2637A1dsVHfd-4&random=3253380977

Protocol

Server

2607:f8b0:4004:c09::63 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:41 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:41 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://www.google.com/pagead/1p-conversion/698270988/?random=842134551&cv=11&fst=1704107679446&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&auid=45982039.1704107679&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEVJZ09MSnJBWVF6YzdkeXEzUjRfdm9BUklrQUpSUmV6TW8xQmp5c0kzWUdxTFZ4Vk9RdUtGeFBNVVFrX1BwVUttWTA1WVpYeTY2GldDaEVJZ09MSnJBWVFvNEhPNVBQaXZ0M1NBUklzQVBDSGtpVGdtdDZ0SWJOT1B0Q3NMUkJ1cFlyZ055b2NKanBUM0Q4WHdzYmY2d0Fqc0lYY05kczlzSkkiEwjjk_znh7yDAxVpDmgIHT9CBxo&is_vtc=1&ocp_id=oZ6SZaO_C-mcoPMPv4Sd0AE&cid=CAQSKQAvHhf_Mv-j-KYIfgduQdijPKn6JFrerwm2O3jX-_LN2F9tLWodS4hN&eitems=ChEIgOLJrAYQ1tWj2sWOtp_NARIdANJWnmWz9aAu-0XJAzEbCwoMQ2637A1dsVHfd-4&random=3253380977
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 271 KB
90 KB 50ms
50ms Script
application/javascript 2607:f8b0:4004:c1d::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

38d57ae71528afe2c0bdaee495f8b2268db5db0be10684a10240a32c58e2f925

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92066
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 01 Jan 2024 11:14:41 GMT

GET
H2 200 local Show response
www.paypal.com/credit-presentment/experiments/ Frame E505 5 KB
3 KB 28ms
27ms Document
text/html 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

76ccee8dcac265bb4a7e8ec0fc9bc41d9c50a4d7152202944486cdf5d29d3104

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com https:; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-expose-headers: Server-Timing
age: 47388
cache-control: s-maxage=86400, max-age=0
content-encoding: gzip
content-length: 1525
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type: text/html; charset=utf-8
date: Mon, 01 Jan 2024 11:14:41 GMT
dc: ccg11-origin-www-1.paypal.com
edge-cache-tag: up-treatments-zoid
etag: W/"1479-Cw0bW9SNdV/AdJwbOb5XSdbCup8"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f385383f65308
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: "traceparent;desc="00-0000000000000000000f385383f65308-7ca2c2c6ff5a1db6-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f385383f65308-d84f887b0dc0d540-01
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT, MISS
x-cache-hits: 6, 4462, 0
x-served-by: cache-bur-kbur8200094-BUR, cache-yyz4583-YYZ, cache-yyz4583-YYZ
x-timer: S1704107681.475755,VS0,VE6
x-xss-protection: 1; mode=block

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 14 KB
6 KB 25ms
25ms Script
application/x-javascript 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.416&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b3dfd765b2448d6b895743c2ef502d2a12efeb74f1506493c9126b99565806d1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-A/3pSAedoDeXaCC+3C/QHRNda8JO80YulAjm1TFNzVJvujEe' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-A/3pSAedoDeXaCC+3C/QHRNda8JO80YulAjm1TFNzVJvujEe' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 01 Jan 2024 11:14:41 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 46055
x-cache: HIT, HIT, MISS
paypal-debug-id: f93840447dc64
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 4797
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200058-BUR, cache-yyz4583-YYZ, cache-yyz4583-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f93840447dc64-d90b3b097a3e4095-01
x-timer: S1704107681.441568,VS0,VE4
etag: W/"3692-QzVHWNx2x6P2T/jQmWJ7N1OzDJ8"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=3600
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 814, 16, 0

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 1016 B
878 B 157ms
153ms XHR
application/json 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a35e2544863450c6d7f43d779efb575d49962ecab89cb5ec915821077a578530

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Mon, 01 Jan 2024 11:14:41 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cache: MISS, MISS, MISS
paypal-debug-id: f4591275761ae
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-bur-kbur8200162-BUR, cache-yyz4568-YYZ, cache-yyz4568-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f4591275761ae-ca4b252d375da991-01
x-timer: S1704107682.687387,VS0,VE133
etag: W/"3f8-tp7rwuDPGQciUWFd0qb211DfwIg"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: none
x-cache-hits: 0, 0, 0

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 199ms
155ms Preflight 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 0
date: Mon, 01 Jan 2024 11:14:41 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f45912748ac80
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f45912748ac80-5e27a3e859766464-01
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-content-type-options: nosniff
x-served-by: cache-bur-kbur8200162-BUR, cache-yyz4568-YYZ, cache-yyz4568-YYZ
x-timer: S1704107682.529196,VS0,VE134

GET
H2 200 main.74d80534.js Show response
s.pinimg.com/ct/lib/ 65 KB
19 KB 36ms
35ms Script
application/javascript 2600:1408:c400:38e::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.74d80534.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:38e::1931 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 60cc60a6fcbd230def379432395199b585791ed521e2e5f595369a2193e617fb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

akamai-x-true-ttl: 1209600
content-encoding: br
x-cdn: akamai
etag: "cb251578b1e91b3cc440fd1521770cc5"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: X-CDN
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 18895

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 69ms
21ms Image
image/gif 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1704107681485&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=369baed3-2fc5-466d-acdc-1f73de2fe59f&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_3549b422&dpm=&dpcc=&dprc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:41 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 main.MWNkZmM2YTcxNA.js Show response
analytics.tiktok.com/i18n/pixel/static/ 436 KB
114 KB 36ms
35ms Script
application/javascript 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 55788c5128dfe492550d4be991c50248941d9231a1abe334a97dc8951685aab7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id: c651bd50
date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202312211226032BF1B0594321B4609A7E
x-tt-trace-id: 00-2312211226032BF1B0594321B4609A7E-04384F7194F421D5-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01cc2473f50c021cd9d112185e9e5172722359d5cb2332dcded948495a026085cc1666210276a3d40b83e06d1b8f15fbc12fe958ec26ac70ad23eeaf04fd691de7c4414f45dcbfe50cf607bd2805f3ff84fa22a6fe5f8683898b0c68f787140e2f
server-timing: cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=14
content-length: 116349

GET
H2 200 p
tr.snapchat.com/ 68 B
458 B 129ms
67ms Image
image/png 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.snapchat.com/p?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&ev=PAGE_VIEW&intg=gtm&pids=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_c1=64c3fa79-6ca1-431b-a3ba-10e4de6cef2e&u_sclid=2c7f7f16-1469-409f-8646-66a0893c2bec&u_scsid=24701ef4-d2b3-4eea-96b0-2801b1d49ed1&bt=1d53c387&d_bvs=%5B%5D&df=true&huah=true&m_dcl=2437&m_fcps=2402&m_pi=2437&m_pl=5869&m_pv=2&m_rd=6545&m_sh=1200&m_sl=0&m_sw=1600&pl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&trackId=8c79fdb6-9199-4788-ab7d-1481239a69ea&ts=1704107681517&v=3.7.3-2312182359

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via: 1.1 google, 1.1 google
server: API Gateway
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, no-transform
x-envoy-upstream-service-time: 1
alt-svc: clear, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68

GET
H2 200 main.MWNkZmM2YTcxNQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 455 KB
116 KB 97ms
96ms Script
application/javascript 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNQ.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 7d6c4d0f6c0243be96359698866dd471c961e463dbc5604aebc1c36a229ba303

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id: c651bd6f
date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20231221122623FF38599D8DA2E7F330AF
x-tt-trace-id: 00-231221122623FF38599D8DA2E7F330AF-39B4B4CEC1AF69BE-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01a5088279e3dfa7a923b5bea041d19535f50760726feb14cfa5c489ddf399de882171a84357dda343b2461d5711350caa66b680f3e01a2d06e5168619dbb169e314f0884d55686ae6315ccbfcb9aaafbd9b609cf799804f51ac5e1540f1fcd7cd
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 118437

GET
H2 200 widget.css
js.jebbit.com/companion/v1/ 15 KB
16 KB 38ms
37ms Stylesheet
text/css 2600:9000:21a2:2400:a:7914:b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.jebbit.com/companion/v1/widget.css
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21a2:2400:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1a1fe89f11a11d89299028b565a99569e2aa5df3055ce514ba4dec2a8f0fe4fa

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: RTEvjx9S_f.J6xhm_CGfuKjdaFCgE8S4
date: Mon, 01 Jan 2024 07:31:17 GMT
via: 1.1 1df98836515ac348d12c9af86e1ecc48.cloudfront.net (CloudFront)
last-modified: Thu, 21 Dec 2023 18:01:49 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C1
age: 13405
x-amz-server-side-encryption: AES256
etag: "8e754beaa7f32e405c184f00c12cece1"
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 15502
x-amz-cf-id: 6YtUlkiI9GJywL4ndRYf4ANBBTkXsnm6iDhKck-KsqOKwudx24x5-Q==

GET
H2 200 launcher_configs Show response
external-api.jebbit.com/moments/v2/ 2 B
448 B 163ms
57ms XHR
application/json 52.204.189.63
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=

Requested by

Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.204.189.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-204-189-63.compute-1.amazonaws.com

Software

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
surrogate-control: no-store
x-dns-prefetch-control: off
content-length: 2
x-xss-protection: 1; mode=block
pragma: no-cache
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-download-options: noopen
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials: true
expires: 0

POST
H2 204 collect
analytics.google.com/g/ 0
257 B 106ms
41ms Ping
text/plain 2001:4860:4802:36::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je3bt0v879088318z8896608294&_p=1704107678608&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=741843828.1704107680&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dt=&sid=1704107681&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&en=page_view&_fv=1&_ss=1&ep.page_type=content&ep.page_environment=production&ep.page_country=US&ep.page_language=EN&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=US&up.user_loyalty_status=false&tfd=6629
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 42ms
41ms Ping
text/plain 2607:f8b0:4004:c09::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=741843828.1704107680&gtm=45je3bt0v879088318z8896608294&aip=1&dma=0&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c09::9a Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame E505 405 KB
112 KB 27ms
26ms Script
application/javascript 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

406c93b0692878bad84a4f34065184d023ac12f1b92d9cb0398642fb0de45c2d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-4C4B72ggdX/Kru/TIOewMUi2uwqAMeQrEcNR0HgJZZI0wkIo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
disable-set-cookie: true
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Mon, 01 Jan 2024 11:14:41 GMT
age: 554
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT, HIT, MISS
p3p: true
paypal-debug-id: f795141b825a2
server-timing: "traceparent;desc="00-0000000000000000000f795141b825a2-e84f1f95b6377d83-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 113491
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200160-BUR, cache-yyz4583-YYZ, cache-yyz4583-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f795141b825a2-87afe40249f9ddae-01
x-timer: S1704107682.648551,VS0,VE4
etag: W/"1bb53-c79XMxVek5EmjAexQ41SV+7fXh0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 126, 2, 0

GET
H2 200 ts
t.paypal.com/ 42 B
545 B 304ms
254ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1704107681643&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Mon, 01 Jan 2024 11:14:41 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 47669178f5342
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-bur-kbur8200057-BUR, cache-yyz4536-YYZ
pragma: no-cache
correlation-id: 47669178f5342
traceparent: 00-000000000000000000047669178f5342-81b0f069fc738d5c-01
x-timer: S1704107682.704311,VS0,VE232
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 01 Jan 2024 11:14:41 GMT

GET
H2 204 5013978.js Show response
bat.bing.com/p/action/ 0
117 B 47ms
46ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5013978.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 01 Jan 2024 11:14:41 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 61294A19C18F42AE85C58ED1605D680A Ref B: EWR311000108027 Ref C: 2024-01-01T11:14:41Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
360 B 112ms
112ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=8531dd7c-220d-420f-852e-ecfed2d4f181&sid=f5be3e30a89611eeab885bf710c56104&vid=f5be7fc0a89611eeb6046b30b4158240&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&p=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&r=&lt=5869&evt=pageLoad&sv=1&rn=791285

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 01 Jan 2024 11:14:41 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B437BC8C21FB420D8CE14224C2F61B4A Ref B: EWR311000108027 Ref C: 2024-01-01T11:14:41Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 pageview
c.contentsquare.net/ 0
320 B 129ms
40ms Image
text/plain 100.24.241.105
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/pageview?pid=1926&uu=53a5de20-0b47-a062-b01d-588c7acf0516&sn=1&hd=1704107681&pn=1&dw=1600&dh=1202&ww=1600&wh=1200&sw=1600&sh=1200&dr=&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&uc=0&la=en-US&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&v=13.76.1&pvt=n&ex=&r=002480
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.241.105 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-241-105.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:41 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H2 200 jsp Show response
ut.rd.linksynergy.com/ 148 B
404 B 103ms
36ms Script
text/plain 34.98.67.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.67.98.34.bc.googleusercontent.com

Software

Resource Hash

fb0905949ecd040eb418246b02a0e9d29999f684c8f36d61838fd444d781433e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-type: text/plain; charset=utf-8
date: Mon, 01 Jan 2024 11:14:41 GMT
via: 1.1 google
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 148
x-samesite: secure

GET
H2 200 1638306756445368 Show response
connect.facebook.net/signals/config/ 146 KB
37 KB 146ms
146ms Script
application/x-javascript 2a03:2880:f07d:0:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1638306756445368?v=2.9.138&r=stable&domain=www.elfcosmetics.com

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f07d:0:face:b00c:0:3 Apodaca, Mexico, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7bab85eaa8d74cec964409d9e0a5c6d7ed0000b23b6400c562333c6483761ca2

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 01 Jan 2024 11:14:41 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: 8CLFyl+q8bX6lyfs198CrK18UaEKDYYh/qh5cZIaXwrzLt8jePKlsOznQVCJxTR2mDYaWXVAFnZZZvuqHZwUiA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
BLOB 200
OK b6eb966b-6473-425a-87dc-e8c23df54943
https://www.elfcosmetics.com/ 7 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.elfcosmetics.com/b6eb966b-6473-425a-87dc-e8c23df54943
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a19915f513441bab259dbf5472a9501139e4eda8d1891ca5a0bd4efd6d60dd4d

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Length: 7329
Content-Type: application/javascript

GET
H2 200 / Show response
ct.pinterest.com/user/ 298 B
622 B 91ms
43ms XHR
application/json 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1704107681753&dep=2%2CPAGE_LOAD
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.74d80534.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.64.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8e33955f54ef8025b647a6e685fa689a9256fc5c987f7dc98590310ac3c358e5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: gzip
x-cdn: fastly
x-envoy-upstream-service-time: 1
alt-svc: h3=":443";ma=600
x-pinterest-rid: 8824518528542870
content-length: 173
pin-unauth: dWlkPU5EY3hPVEkzTldZdFlXVTNaQzAwWTJJNUxUZzVOREl0WW1FeU5XVmlOR0kxWmpJMg
pragma: no-cache
referrer-policy: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: 8c23f27d55c77c9c78a5d022d53a766b1295cc23
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 identify_ce767.js Show response
analytics.tiktok.com/i18n/pixel/static/ 135 KB
36 KB 36ms
35ms Script
application/javascript 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_ce767.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a1d4b01843b9dad68a10bba7ab416fb60cbe6052a223f6bd74cbad286b812b2a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id: c651c18b
date: Mon, 01 Jan 2024 11:14:41 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20231221122555845055A09DD86B5E8F73
x-tt-trace-id: 00-231221122555845055A09DD86B5E8F73-6A1C4AE2C0DE46A3-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01fe398b335681e3b48c41611fc14dc2534825ecb03a0e16272b7a903ca356dc2a5161889a167887c57b99a415d4178a68369dfb1cff6c5cdef7bf484a3a33f212aec5295c5359becb416ab4f411fc36d925a63fc30a9330634fb5f49e865a0198
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 36260

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
698 B 50ms
49ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c23b
date: Mon, 01 Jan 2024 11:14:41 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24010111144187862BA1DEA1CAF721E8-2D3B1EA8C42887A1-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=6, cdn-cache; desc=MISS, edge; dur=4, origin; dur=9
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024010111144187862BA1DEA1CAF721E8
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 10,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c301035194603b08d1221c71b6d45207dbe1ef8718a5a5468e06925c0bb6ca4aba0be703eed1a9b9b2f4016682cdaf5292382d93b2a622b8f725d8d27c8a83c7cf1
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:41 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
700 B 48ms
48ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c23c
date: Mon, 01 Jan 2024 11:14:41 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2401011114414ED9E3DB6388881E7A22-4DDA32663CAFD39E-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=5, cdn-cache; desc=MISS, edge; dur=4, origin; dur=8
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202401011114414ED9E3DB6388881E7A22
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 8,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c308540e6bd69f5b9b323ca3e21f1025113f97555af0f6c7ddd302bf054841a0e923fb850394e3b20e56e98f784eb511b40b23a6d4a6e2da80dadf766cb7a6b2502
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:41 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
701 B 164ms
164ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c23d
date: Mon, 01 Jan 2024 11:14:41 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101111441823142F9C7574AFAEF71-513F5471D528F1FF-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=121, cdn-cache; desc=MISS, edge; dur=5, origin; dur=123
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101111441823142F9C7574AFAEF71
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 123,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c300ce12d7ab9de426511f4a96318148e0c156c95bf851b99e9ffd2a985cb281ba51400ec9e6cdd41b8d0a5e5d6eedc031e5420cc0d60ecc4ff8848c4e23a7b2770
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:41 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
698 B 51ms
51ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c273
date: Mon, 01 Jan 2024 11:14:41 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2401011114410CB59C968326D625A4CC-4A38E7921C63257F-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=6, cdn-cache; desc=MISS, edge; dur=5, origin; dur=9
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202401011114410CB59C968326D625A4CC
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 9,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c30e8ebb78337375b43905fc28acdb43d7d245199868e0516694aa1be033519d012de8e5732ee5e9eac5642be74dbee2c1d154b0d08bb06f411aeb0dde4bb302f59
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:41 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
704 B 197ms
196ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c293
date: Mon, 01 Jan 2024 11:14:42 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24010111144169CE1A294CC49475ED50-0AC4AB76E8BACAB9-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=152, cdn-cache; desc=MISS, edge; dur=6, origin; dur=156
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024010111144169CE1A294CC49475ED50
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 156,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c301f0a557c5a69dcc64248d91dbcfc5a800ec1c4ac895ba9e9152e594c35f4d1c9ff91da7a79b339981df9da58a46bda9cdd48ff69401309449619ef06512f735c
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:42 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
704 B 678ms
677ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c2c5
date: Mon, 01 Jan 2024 11:14:42 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2401011114414F52DFCE325EC1816374-6490555DD4375685-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=626, cdn-cache; desc=MISS, edge; dur=5, origin; dur=629
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202401011114414F52DFCE325EC1816374
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 630,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c3072c427fdbbc9a5b1fa96be9ded8c3d5a854ebd1aab02149ade445ef60a4fe169cb93436414e3d44a198fc2df362ae8b64c0c266ddfae9955107934ed53e4291f
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:42 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
700 B 76ms
75ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c2c6
date: Mon, 01 Jan 2024 11:14:41 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101111441DA577BF26EA6DA2A2E0B-7BEC15D3F4D79CD0-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=26, cdn-cache; desc=MISS, edge; dur=5, origin; dur=29
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101111441DA577BF26EA6DA2A2E0B
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 30,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c30e644c473f8ddf3c1b44654fad4fe93c5c152385ccb75d0c8722cc1a6a6aa97417071486c56f2211764184bcce16f19cce805d335e0510eed08538ddb98174cef
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:41 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
700 B 71ms
66ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c2c8
date: Mon, 01 Jan 2024 11:14:41 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101111441FF98D8366D41194224EC-35FC1E1AED297827-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=12, cdn-cache; desc=MISS, edge; dur=7, origin; dur=14
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101111441FF98D8366D41194224EC
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 14,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c30097294e99a35eebfe575bf6f8a3e0e904e099d073a2cfbd58520f6530afd88827999ec75af23df3b720cbcd798eacc04746f367022f119d6e15ff4ede44bcd9d
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:41 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
699 B 65ms
60ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c2c9
date: Mon, 01 Jan 2024 11:14:41 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101111441402B5BA87410B7543507-3EF8C84B0C6A1827-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=6, cdn-cache; desc=MISS, edge; dur=5, origin; dur=16
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101111441402B5BA87410B7543507
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 16,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c30a4df86bf3357495dbb249481a17e649bd1fc0948cbe55baca67eb588a4d7939ac22febfa88d036f3066f07fe299e2a7f927873ff4cf733515bba99f351cbb2d6
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:41 GMT

POST
H2 200 pangle_pixel
analytics.pangle-ads.com/api/v2/ 0
822 B 132ms
39ms Ping
text/plain 23.222.5.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.pangle-ads.com/api/v2/pangle_pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.222.5.91 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-222-5-91.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 2fefd5f1
date: Mon, 01 Jan 2024 11:14:41 GMT
x-bytefaas-request-id: 202401011114415C4BBE9628C8780B027C
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2401011114415C4BBE9628C8780B027C-3E03433BD7C08CFE-00
x-cache: TCP_MISS from a23-209-100-91.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52668873) (-)
server-timing: inner; dur=4, cdn-cache; desc=MISS, edge; dur=0, origin; dur=7
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202401011114415C4BBE9628C8780B027C
access-control-max-age: 86400
access-control-allow-methods: *
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
x-bytefaas-execution-duration: 3.06
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-gw-dst-psm: ad.union.pangle_web_traffic
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54a305393b864669d1b8d1cf0746b21e11e366c8d0a83c72893e61ab18494f67d18498d9576b5aa23a717f0e2593cc1724a623e53621482ea635057bb80e46578aa2c301f5de0fdd96b8175353da6ed6612
x-origin-response-time: 7,23.209.100.91
access-control-allow-headers: *
expires: Mon, 01 Jan 2024 11:14:41 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
700 B 110ms
110ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c313
date: Mon, 01 Jan 2024 11:14:41 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2401011114412E583BE2C0A6FF10783A-08D3F3EC27686D0C-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=41, cdn-cache; desc=MISS, edge; dur=7, origin; dur=45
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202401011114412E583BE2C0A6FF10783A
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 45,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c3097cfb0f9c363c6779dae0e088c6a9453cd40d1d92de34f180c342517483da8e5e8c95e2dc72177f3d2c41c5c2177f33787f508496fe9203d7ead9e53e312c041
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:41 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
700 B 96ms
96ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c314
date: Mon, 01 Jan 2024 11:14:41 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101111441D5653CE56750580ED184-5338F9AB356A822C-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=35, cdn-cache; desc=MISS, edge; dur=5, origin; dur=39
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101111441D5653CE56750580ED184
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 39,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c3001fe85ca06cecd14a9f6c6b58e52f95f8ab74f5031441355e4543f1a8077907bc7343a2f32e7f612e9ae1c0a8e0d78fbba791d88bb614ee3ddeb0ce5d5744985
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:41 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
701 B 109ms
109ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c315
date: Mon, 01 Jan 2024 11:14:41 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2401011114417A3F9183A00E5CFB53DD-6F4B94DBE4577756-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=43, cdn-cache; desc=MISS, edge; dur=5, origin; dur=47
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202401011114417A3F9183A00E5CFB53DD
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 47,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c30e644c473f8ddf3c1b44654fad4fe93c543ac57defc1e7dbbb5768c56b65456dc5a2918b9b290f2df622a6ca1d81fe35ebaf7dc7f760a7cf901d28ebff575e0e1
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:41 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
185 B 48ms
47ms Image
image/gif 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2274d80534%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1704107681875
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.64.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:41 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: *
pinterest-version: 8c23f27d55c77c9c78a5d022d53a766b1295cc23
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 3
alt-svc: h3=":443";ma=600
x-pinterest-rid: 4721074993153173
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST monitor
analytics.tiktok.com/api/v2/ 0
0

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
703 B 171ms
164ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c403
date: Mon, 01 Jan 2024 11:14:42 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24010111144155F2CF6927491B13F6F9-322BDAEC003B8B89-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=109, cdn-cache; desc=MISS, edge; dur=5, origin; dur=112
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024010111144155F2CF6927491B13F6F9
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 113,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c30dcd6f29522036a0b762d2216b0da9342215e0cb035ac6dfed8d6d4d167764402d34c5d0f9d2bc5129264a0df2ee961914aec95cc517a7abc95645b4930747a52
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:42 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
700 B 56ms
55ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c60a
date: Mon, 01 Jan 2024 11:14:42 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101111442BAB6095BFD308A1D3055-6972C3E3E76E893E-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=12, cdn-cache; desc=MISS, edge; dur=5, origin; dur=15
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101111442BAB6095BFD308A1D3055
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 15,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c3012607162fbfae485b0dc5532207f126ec123cbea1b6b07192a28e4e248547fe39ed290fca05b0531f68c1230b376fcca1315f4af5095508437d5392b26a07db0
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:42 GMT

GET
H2 204 dvar
c.contentsquare.net/ 0
319 B 40ms
40ms Image
text/plain 100.24.241.105
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/dvar?v=13.76.1&pid=1926&pn=1&sn=1&uu=53a5de20-0b47-a062-b01d-588c7acf0516&dv=H4sIAAAAAAAAA0WMsQrCUAxFfyVkdnHtpq0VwVEKnUraBgnERF6DWor%2F7hOUjvdwzl1wt%2B%2Bqtjuq96RQukVyhQtPgQVWs9FNBmiFdYTD685J2AaecPPrVgbbHDSUhELc8vorZ3%2FCyYLt%2B1i6KvWesvRgqEUj53bF9wcxTAoRiQAAAA%3D%3D&ct=2&r=223463
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.241.105 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-241-105.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:42 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H2 200 hash Show response
www.paypal.com/credit-presentment/experiments/ Frame E505 40 B
2 KB 161ms
160ms Fetch
text/html 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/experiments/hash?device_id=uid_a9afb4bb69_mte6mtq6ndi&disableSetCookie=true&features=disable-set-cookie

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com https:; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Mon, 01 Jan 2024 11:14:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 0
edge-cache-tag: up-treatments-hash
x-cache: MISS, MISS, MISS
paypal-debug-id: f4591278325e7
server-timing: "traceparent;desc="00-0000000000000000000f4591278325e7-34e0f9b2ac66ea44-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 56
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200100-BUR, cache-yyz4583-YYZ, cache-yyz4583-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f4591278325e7-06f832e3eced8653-01
x-timer: S1704107682.120661,VS0,VE139
etag: W/"28-xz7oeWVj/8B52QKKulWR9ZDQlKU"
vary: Accept-Encoding
content-type: text/html; charset=utf-8
access-control-expose-headers: Server-Timing
cache-control: s-maxage=86400, max-age=0
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 0, 0, 0

GET
H2 200 c69c204f-fba0-4685-aea8-ad32f799fa5d.js Show response
tr.snapchat.com/config/com/ 185 B
466 B 120ms
63ms Script
application/javascript 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/config/com/c69c204f-fba0-4685-aea8-ad32f799fa5d.js?v=3.7.3-2312182359

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

2125f1a011cbd591338ae3c896d3b5b6ad80930fe86493af4518510ede5795cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/
Origin: https://www.elfcosmetics.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via: 1.1 google, 1.1 google
server: API Gateway
content-type: application/javascript
access-control-allow-origin: https://www.elfcosmetics.com
x-envoy-upstream-service-time: 0
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 185

GET
H2 200 i Show response
tr.snapchat.com/cm/ Frame 822B 672 B
741 B 75ms
74ms Document
text/html 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=24701ef4-d2b3-4eea-96b0-2801b1d49ed1&u_sclid=2c7f7f16-1469-409f-8646-66a0893c2bec

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 672
content-type: text/html
date: Mon, 01 Jan 2024 11:14:42 GMT
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via: 1.1 google, 1.1 google
x-envoy-upstream-service-time: 10

GET
H2 200 runtime_8b30b4890203fd4144c54b9ffd765f5e.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 3 KB
2 KB 89ms
28ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_8b30b4890203fd4144c54b9ffd765f5e.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: c4fad867557fa65e1a778e915c0b4ed0cd1bbb4443452c8943e5cec6504311e7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 17:33:33 GMT
content-encoding: br
age: 1359669
x-guploader-uploadid: ABPtcPqoJ_qYnevpN3Sw7njJekKVg-SyvuKdhXjW8Ix88fTMaO3ersfli0AIRvqniQmVL7n0sgC1Z9eezyjRYbQdKB10UaiqIuBj
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1317
last-modified: Mon, 13 Nov 2023 15:33:51 GMT
server: UploadServer
etag: "dbc90523c425a5d782995c1a39051881"
x-goog-generation: 1699889631731187
x-goog-hash: crc32c=Xs/EYg==, md5=28kFI8QlpdeCmVwaOQUYgQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 1317
accept-ranges: bytes
content-type: text/javascript

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
700 B 79ms
78ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c7ac
date: Mon, 01 Jan 2024 11:14:42 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240101111442D56DB8D2E9AA1ED58536-6972C3E3E7BB92DE-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=32, cdn-cache; desc=MISS, edge; dur=9, origin; dur=34
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240101111442D56DB8D2E9AA1ED58536
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 35,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c30205588ca5cf268bb266f2b042eb4c05ba8ca7f5d368f7f43c8fe74148d0b7b72ce4fe094a2e4217717d30990fc9de0316d3c0690ecde4ae6993592f8d82fecdf
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:42 GMT

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ 55 KB
16 KB 142ms
36ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/79B8) /

Resource Hash

20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 874533d71dd28
dc: ccg11-origin-www-1.paypal.com
content-length: 16355
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
server: ECAcc (nya/79B8)
traceparent: 00-0000000000000000000874533d71dd28-5c6956e512d7cbad-01
etag: "64f25363-daa8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Mon, 01 Jan 2024 12:14:42 GMT

POST
H2 200 monitor
analytics.tiktok.com/api/v2/ 0
699 B 47ms
47ms Ping
text/plain 23.212.251.214
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/monitor
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxNA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.251.214 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-251-214.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c651c862
date: Mon, 01 Jan 2024 11:14:42 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2401011114420E5B3F920F6EF10E5064-1CF95C141BD756D2-00
x-cache: TCP_MISS from a23-220-107-214.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=4, cdn-cache; desc=MISS, edge; dur=5, origin; dur=8
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202401011114420E5B3F920F6EF10E5064
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 8,23.220.107.214
x-tt-trace-host: 012157ed0b957c30d5c3d973b0a86cb54af9921a4a6c3c5aac2b1bb1fb6db58c307e78ee7374af048672f95b3d2517e700ae4e18aa14739db6e6cd2858d6eedc78bb860fb6c195b9b3070a43aa85361ef52b29508f9876e2624fef46bb0138a0aa
access-control-allow-headers: Authorization,*
expires: Mon, 01 Jan 2024 11:14:42 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 212ms
70ms Image
text/plain 2a03:2880:f171:81:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&rl=&if=false&ts=1704107682224&sw=1600&sh=1200&v=2.9.138&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1704107682216.770428995&ic=fbpixel&ler=empty&it=1704107681733&coo=false&tm=1&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f171:81:face:b00c:0:25de Apodaca, Mexico, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 01 Jan 2024 11:14:42 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST logger
www.paypal.com/xoplatform/logger/api/ Frame E505 0
0

GET
H2 200 scevent.min.js Show response
sc-static.net/ Frame 822B 41 KB
18 KB 38ms
38ms Script
application/javascript 54.230.48.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: tr.snapchat.com
URL: https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=24701ef4-d2b3-4eea-96b0-2801b1d49ed1&u_sclid=2c7f7f16-1469-409f-8646-66a0893c2bec
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.48.245 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-48-245.yul62.r.cloudfront.net
Software: CloudFront /
Resource Hash: ab12e815caea6aba8fe2da60e7d298cccb649166f81926ff64e5dc56ea526522

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tr.snapchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 31 Dec 2023 15:21:31 GMT
content-encoding: gzip
via: 1.1 0df778cadb5eaa000de4f1d7838b16e0.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: YUL62-C2
age: 71591
etag: b0abdf9f9dff4cfeb2717a9960d575ec
x-cache: Hit from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=86400, max-age=600
access-control-allow-headers: Content-Type
content-length: 17610
x-amz-cf-id: l1AGBQO7dC5Zg6JX6_yQazwLVQB3ZbM0QFiLL6_jDRfwDlJwOzPLpA==

GET
H2 200 main-v2_8aebf97cc6bdaca1cfc56940afdbc7d5.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 452 KB
101 KB 34ms
33ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_8aebf97cc6bdaca1cfc56940afdbc7d5.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 828011e932c7f65177e00c50ef88564628178b9d3190845404b02e3132a14c90

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 20:29:09 GMT
content-encoding: br
age: 1608333
x-guploader-uploadid: ABPtcPoo7KUDkP3R6itzeFC7tP_lJJaDXAlTgrtbeV_7Iqt7K7uKrF5L_LNcLzspQwGuNi3GN2DuWCaLDQi7vrE4d5duwWmrQbij
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 103229
last-modified: Wed, 13 Dec 2023 20:29:02 GMT
server: UploadServer
etag: "2404e3009bfbe89e5d2c7f7b24179df7"
x-goog-generation: 1702499342060242
x-goog-hash: crc32c=kCJJLw==, md5=JATjAJv76J5dLH97JBed9w==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 103229
accept-ranges: bytes
content-type: text/javascript

GET
H2 200 cjs_min_1e55b565811f11b08485230cf1d150d6.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 49 KB
16 KB 60ms
60ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 16:23:18 GMT
content-encoding: gzip
age: 1623084
x-guploader-uploadid: ABPtcPqxv1jpmadWC418JxeDNf7sKEUeXqJKQMZ_oQ1jPHU33u752VAC2wstFQaA1hD60bfgn9RwqCJns2eHM0myy5Oh2Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15751
last-modified: Wed, 13 Dec 2023 16:23:11 GMT
server: UploadServer
etag: "d7dc7d7ebcc4f5af5fc2d4804e7ec737"
x-goog-generation: 1702484591435387
x-goog-hash: crc32c=3TW0yQ==, md5=19x9frzE9a9fwtSATn7HNw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000,no-transform
x-goog-stored-content-length: 15751
accept-ranges: bytes
content-type: text/javascript; charset=utf-8

POST
H2 200 p
tr6.snapchat.com/ 0
48 B 67ms
65ms Ping
text/plain 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr6.snapchat.com/p

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 01 Jan 2024 11:14:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0
via: 1.1 google, 1.1 google
server: API Gateway
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 index.html Show response
www.paypalobjects.com/muse/analytics/ Frame EB8F 55 KB
17 KB 36ms
36ms Document
text/html 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/78F4) /

Resource Hash

7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-length: 16892
content-type: text/html
date: Mon, 01 Jan 2024 11:14:42 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "64f25363-dacc"
expires: Mon, 01 Jan 2024 12:14:42 GMT
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id: 6d9e6836d712a
server: ECAcc (nya/78F4)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000006d9e6836d712a-cc01e12d8b257289-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff

GET
H3

200

p Show response
tr.snapchat.com/cm/ Frame 31DF
Redirect Chain

https://tr.snapchat.com/cm/s?bt=1d53c387&pnid=140&cb=1704107682330&u_scsid=e63e8a65-9084-4921-a011-f46f44f66b97&u_sclid=a762a8cf-c5c9-4699-a369-ed00ba0ba88d
https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1703025191819%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1703025191819%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
https://tr.snapchat.com/cm/p?rand=1703025191819&pnid=140&pcid=920c376d-c92f-4029-bfd6-decd5bfa9144

0
19 B

83ms
82ms

Document
text/html

35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/p?rand=1703025191819&pnid=140&pcid=920c376d-c92f-4029-bfd6-decd5bfa9144

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer: https://tr.snapchat.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: clear h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-transform
content-length: 0
content-type: text/html
date: Mon, 01 Jan 2024 11:14:42 GMT
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via: 1.1 google, 1.1 google
x-envoy-upstream-service-time: 18

Redirect headers

accept-ch: Sec-CH-UA Sec-CH-UA-Arch Sec-CH-UA-Bitness Sec-CH-UA-Full-Version-List Sec-CH-UA-Mobile Sec-CH-UA-Model Sec-CH-UA-Platform Sec-CH-UA-Platform-Version Sec-CH-UA-WoW64
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 01 Jan 2024 11:14:42 GMT
location: https://tr.snapchat.com/cm/p?rand=1703025191819&pnid=140&pcid=920c376d-c92f-4029-bfd6-decd5bfa9144
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
server: Jetty(11.0.13)
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H/1.1 200
OK / Show response
data.cdnbasket.net/ 14 B
338 B 289ms
58ms XHR
application/json 34.117.254.15
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.254.15 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 15.254.117.34.bc.googleusercontent.com
Software: /
Resource Hash: b73d23721ec3d102971773ff4ab2e13a6a4eea7f8e3a95b8fbf79c5c731188c6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 11:14:42 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
page.cdnbasket.net/ 14 B
338 B 242ms
57ms XHR
application/json 34.117.86.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://page.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.86.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.86.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 27c2b549e5a8c790671c751928917df02e62ab94e7d0c038a19c6ce4d561cb17

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 11:14:42 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
view.cdnbasket.net/ 14 B
338 B 265ms
57ms XHR
application/json 34.149.239.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://view.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.239.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.239.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 5930c52386428cfc5a608b256ce54b1688495c985d54500dce5b7cc18af7d01c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 11:14:42 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H3 200 inbox-v2_48b3046e5658d067d380731acb25edd9.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 16 KB
5 KB 29ms
29ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_48b3046e5658d067d380731acb25edd9.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: d37545bbfbab30b44e51e630172af7d5d8a717afe66642b3e8eba0f6e1666872

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 17:10:50 GMT
content-encoding: br
age: 237832
x-guploader-uploadid: ABPtcPoJXOkqwu9UqNLQXguspEUCTQtDYeOWXaS8vWKq86ulQRPiqSrzHgiITu0X8fACI2rOicaMfqN7uuokZZ4xPSEwVmkOzhZM
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4862
last-modified: Wed, 29 Nov 2023 16:43:28 GMT
server: UploadServer
etag: "e08d76c0eee63d930afa55862092fe13"
x-goog-generation: 1701276208654351
x-goog-hash: crc32c=om6Z6Q==, md5=4I12wO7mPZMK+lWGIJL+Ew==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 4862
accept-ranges: bytes
content-type: text/javascript

GET
H3 200 sms-v2_59133b5ff2491255abf0da3a6c439b40.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 3 KB
1 KB 31ms
30ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/sms-v2_59133b5ff2491255abf0da3a6c439b40.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 7d6b2e34f8baa2cbb0d0352ba4401894ca78bd0e98a8f0259798be00d3f9f4ec

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 19:41:40 GMT
content-encoding: br
age: 2302382
x-guploader-uploadid: ABPtcPrkyg9jgW3eYmhV9Pfs8LQ1tXqx-wFBfllI-dE0gYd8vNcm3KFSGlGgFLHcrPCwtkQcbAfqZNwWCnFyXYnySo44Xg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1301
last-modified: Mon, 04 Dec 2023 15:20:23 GMT
server: UploadServer
etag: "fc8b1adafd5fdfc3a8542a947659bc4f"
x-goog-generation: 1701703223576805
x-goog-hash: crc32c=pCs8WQ==, md5=/Isa2v1f38OoVCqUdlm8Tw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 1301
accept-ranges: bytes
content-type: text/javascript

GET
H3 200 onsite-v2_5631bf90701659009118a89f964ae570.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 16 KB
5 KB 29ms
29ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_5631bf90701659009118a89f964ae570.br.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: eddc11d8be0ae5311acc08d5f2ebe7ff9426384f6408ecbb56abbd7fb5e03743

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 10:25:26 GMT
content-encoding: br
age: 175756
x-guploader-uploadid: ABPtcPqKbnDJF6De5Sgf9v_P66qWZz5tlit_NmD7TFD70k91pxFGQrvxewbOs96ULIBLQwxYTyxVqkp4XN8ky0IiW9MzzQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4962
last-modified: Wed, 29 Nov 2023 16:43:42 GMT
server: UploadServer
etag: "801d41813e7b11c4986b4ca00307283b"
x-goog-generation: 1701276222542985
x-goog-hash: crc32c=+KL22A==, md5=gB1BgT57EcSYa0ygAwcoOw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 4962
accept-ranges: bytes
content-type: text/javascript

GET
H2 200 noop.js Show response
www.paypalobjects.com/muse/ Frame EB8F 18 B
209 B 121ms
121ms Fetch
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/noop.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (daa/7CE2) /

Resource Hash

0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.paypalobjects.com/muse/analytics/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
paypal-debug-id: 7a0cf3d2e3852
dc: ccg11-origin-www-1.paypal.com
content-length: 18
last-modified: Sat, 13 Feb 2021 00:26:56 GMT
server: ECAcc (daa/7CE2)
traceparent: 00-00000000000000000007a0cf3d2e3852-095f3c1a0a370fa4-01
etag: "60271cd0-12"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Mon, 01 Jan 2024 11:14:41 GMT

GET
H2 200 ts
t.paypal.com/ 42 B
245 B 123ms
122ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1704107682447&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Mon, 01 Jan 2024 11:14:42 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: aacba039a6317
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-bur-kbur8200072-BUR, cache-yyz4536-YYZ
pragma: no-cache
correlation-id: aacba039a6317
traceparent: 00-0000000000000000000aacba039a6317-7b9f934162119077-01
x-timer: S1704107682.462851,VS0,VE101
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 01 Jan 2024 11:14:42 GMT

GET
H3 200 jquery-3.5.1.min.js Show response
assets.bounceexchange.com/assets/bounce/ 87 KB
31 KB 28ms
28ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 17:07:04 GMT
content-encoding: br
age: 324458
x-guploader-uploadid: ABPtcPrjEn1nlRhdDgmLVYf-jnuQbDK6Y2TwLxsiEzI3zjTTAbrdJk-l_9dpIpFZ-Sdg4A63J5i387QknSfE209jZWELcA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31571
last-modified: Wed, 13 Dec 2023 20:28:32 GMT
server: UploadServer
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary: Accept-Encoding
x-goog-generation: 1702499312244758
x-goog-hash: crc32c=W9o9Ng==, md5=3F5/GMjTasHT1HU6h8mNCg==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 89476
accept-ranges: none
content-type: text/javascript; charset=UTF-8

GET
H3 200 local_storage_frame17.min.html Show response
assets.bounceexchange.com/assets/bounce/ Frame F278 2 KB
969 B 31ms
30ms Document
text/html 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: none
access-control-allow-origin: *
access-control-expose-headers: etag Content-Type
age: 707974
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public,max-age=31536000
content-encoding: br
content-length: 938
content-type: text/html; charset=UTF-8
date: Sun, 24 Dec 2023 06:35:08 GMT
etag: W/"fc893948c3efc689b5b19d8a77958e23"
last-modified: Wed, 13 Dec 2023 20:28:30 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1702499310379960
x-goog-hash: crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2408
x-guploader-uploadid: ABPtcPrrjf51rJTPbRGJeJeVnWFTnMGU_qYYPNinYzbsMxuxfOeVg3msOyX7nFR5JXtLLhJDM65IBCGBV1CGDa0Ej5LP2cpjgh0T

GET
H2 200 script-tag.js Show response
cdn-scripts.signifyd.com/api/ 8 KB
3 KB 111ms
29ms Script
application/javascript 3.162.3.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.3.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-3-47.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 613a0081b64a7df6a20f9ba46cd384e4061e288f439ba8755cd664fbad3177c8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:50:52 GMT
content-encoding: gzip
via: 1.1 05b4905f6074a994b5e52b7e0ee5c01a.cloudfront.net (CloudFront)
last-modified: Wed, 13 Dec 2023 10:00:02 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-P2
age: 1431
x-amz-server-side-encryption: AES256
etag: W/"615c232b2321c7908499921b3adc8138"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1800
x-amz-cf-id: MBffwNtiyEbXtOOvWFkA1JVav7KP5ZtAvheofX5Ax1oZEhG5YoRpjg==

POST
H3 200 p
tr.snapchat.com/ 0
16 B 65ms
65ms Ping
text/plain 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/p

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 01 Jan 2024 11:14:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via: 1.1 google, 1.1 google
server: API Gateway
access-control-allow-origin: https://www.elfcosmetics.com
x-envoy-upstream-service-time: 1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 exist Show response
srm.ba.contentsquare.net/ 2 B
94 B 334ms
111ms Fetch
application/json 54.154.97.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://srm.ba.contentsquare.net/exist?v=13.76.1&pid=1926&pn=1&sn=1&uu=53a5de20-0b47-a062-b01d-588c7acf0516
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.97.89 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-97-89.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 01 Jan 2024 11:14:42 GMT
content-length: 2
content-type: application/json

GET
H3 200 ct.html Show response
ct.pinterest.com/ Frame 6F5C 565 B
516 B 43ms
43ms Document
text/html 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/ct.html
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_256_GCM
Server: 151.101.64.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443";ma=600
cache-control: max-age=86400
content-encoding: gzip
content-length: 323
content-type: text/html; charset=utf-8
date: Mon, 01 Jan 2024 11:14:42 GMT
pinterest-version: 8c23f27d55c77c9c78a5d022d53a766b1295cc23
referrer-policy: origin
x-cdn: fastly
x-envoy-upstream-service-time: 0
x-pinterest-rid: 1728899339808477

POST
H2 200 graphql Show response
www.paypal.com/targeting/ Frame EB8F 446 B
1 KB 384ms
382ms Fetch
application/json 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql?disableSetCookie=true

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

961313b8877e8fd6ced7c8d34fccd067b72371b8c5dd9a6891e260722015a749

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; img-src 'self' https:; script-src 'nonce-ovJIBDsHj3qufCJovyaunqFC+IFetqvoJu/SYuwPU+4Tl9Q3' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypalobjects.com/
disable-set-cookie: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-ovJIBDsHj3qufCJovyaunqFC+IFetqvoJu/SYuwPU+4Tl9Q3' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
disable-set-cookie: true
date: Mon, 01 Jan 2024 11:14:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS, MISS
paypal-debug-id: f204435ceb418
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200157-BUR, cache-yyz4583-YYZ, cache-yyz4583-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f204435ceb418-0b5704636ae68d50-01
x-timer: S1704107683.786185,VS0,VE360
etag: W/"1be-UUY2uS/fxYyc2urimYqXBCz7aug"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 0, 0, 0

OPTIONS
H2 204 graphql
www.paypal.com/targeting/ Frame 0
0 199ms
199ms Preflight 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql?disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,disable-set-cookie
Access-Control-Request-Method: POST
Origin: https://www.paypalobjects.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,disable-set-cookie
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
date: Mon, 01 Jan 2024 11:14:42 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f2044351c4802
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f2044351c4802-ab9a09a4f025f7d6-01
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-served-by: cache-bur-kbur8200088-BUR, cache-yyz4568-YYZ, cache-yyz4568-YYZ
x-timer: S1704107683.586416,VS0,VE178

GET
H2 200 company_toolkit.js Show response
cdn-scripts.signifyd.com/api/ 4 KB
2 KB 30ms
30ms Script
application/javascript 3.162.3.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.3.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-3-47.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 10:51:24 GMT
content-encoding: gzip
via: 1.1 05b4905f6074a994b5e52b7e0ee5c01a.cloudfront.net (CloudFront)
last-modified: Tue, 30 May 2023 10:18:44 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-P2
age: 1399
x-amz-server-side-encryption: AES256
etag: W/"2c3950f122b3977df61b0e077aaa92c8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1800
x-amz-cf-id: hL1URF-izhq3oM-swAWFicPezh3B9PdcStmo2FT-2XS20acHJzncVw==

GET
H/1.1 200
OK yrknelx9e9m0w5qn.js Show response
imgs.signifyd.com/ 95 KB
13 KB 297ms
94ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/yrknelx9e9m0w5qn.js?pk9eezqmpfm65c0k=w2txo5aa&6sjoh1mwhfn8v7ob=LzY1ZDBlZjA5NjcxYTgyNzRjMGU3NWM3MzU0

Requested by

Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

d1dae85dfe1192a8ca15eeda906c9f12a199e9ab6a68d82bc27443d99f4536d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 11:14:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: CP=IVAa PSAa
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK BGIjUOh9RAk2_WSj Show response
imgs.signifyd.com/ Frame 0E5E 272 KB
46 KB 101ms
100ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/BGIjUOh9RAk2_WSj?d03f0c32a0aa4059=6XpJKa7Ji62T2Ltn0BPFJefUw6VU-Jo3egyFsAGrGD6hoWb_09i1mqop1OmuHrsctFyhTFcFuSOHI9h7-VuErUXd1Rh2BPly-mlsSod7CvVwq2AwmQ3NfUwnT5vkhTU3f4SWDrVkIqOF-ev8DtjAmcFOsnjPgk4wU342MHBHee_TA5prB9HC_fE8J9MIcqSOu_VmyE53VR5BmcMt&jb=3d332e2660736d7d375d696e6e65757b2e6a7167375d6b646c6d77712f303833392c6a736a7f354362726d656f2c6a73683741607a6f6f6d2f38323b3a32

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/yrknelx9e9m0w5qn.js?pk9eezqmpfm65c0k=w2txo5aa&6sjoh1mwhfn8v7ob=LzY1ZDBlZjA5NjcxYTgyNzRjMGU3NWM3MzU0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

fcefb8d0ca0fa65706a41f286cd50df3e42ce6e949e5ec09871700b5390e0eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 11:14:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
tmx-nonce: fa4a1aa5fc9cc978
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=99
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK ad5sR4UdGSTGH8k7
imgs.signifyd.com/ Frame 0E5E 81 B
475 B 252ms
83ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/ad5sR4UdGSTGH8k7?faaed8f37df388e2=AKyr3NtTbARRATxyaPQwJNYDtSTskcVz05hcSWvkFCZ2BwdDUH_eOZItpvWV71C3dDT1I_jgW9ZQCXKkl9a3NBtPVb_Q-bjzHKzwDlNnGjwpQr16ON8k0s6ylCtzaIPQq_x0LmeblxeokL_RaqIXLbEJMejn8F9GvlqJk5w

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 11:14:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK E10rt33uH1wk0nKE
imgs.signifyd.com/ Frame 0E5E 81 B
475 B 251ms
84ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/E10rt33uH1wk0nKE?4bba364376e09e29=RKuzHlLTRHpg0llp5Y1P6GljA0fwoauLrMV_dRTgOraXCgmqst2EYlKK6qZDw9vaaXUCNyBiIF61nd2-2nqOQI8tqLEiTtuwx8aMVJ8f7uj7J-OpA36WMVtGUh5DJu9bOuv5_hxf9DB5IW9LV2-5jNh3TJTNdt833PhZS1k

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 11:14:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ts
t.paypal.com/ 42 B
254 B 120ms
119ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfo&cust=YWY3WQ4PDF8KQ&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&unsc=6&identifier_used=DFP&e=im&t=1704107683164&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Mon, 01 Jan 2024 11:14:43 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 8a9ebc8461d1c
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-bur-kbur8200023-BUR, cache-yyz4536-YYZ
pragma: no-cache
correlation-id: 8a9ebc8461d1c
traceparent: 00-00000000000000000008a9ebc8461d1c-a63cbbf3a81aa6d6-01
x-timer: S1704107683.174267,VS0,VE99
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 01 Jan 2024 11:14:43 GMT

GET
H2 200 c Show response
ids.cdnwidget.com/ 448 B
785 B 124ms
65ms XHR
application/json 2600:1901:0:56e0::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=176001186&GCS2=Y2E1MmYzYWItNzBlNi00MWRmLWIyY2UtYjVjOWM1ZDJjZjUxLmxvY2Fs&pe=false&wsid=4142&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Atrue%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A4142%2C%22loadID%22%3A%22rIFpHqc6vWkX05l%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A6%2C%22IDStageStart%22%3A6%2C%22netComplete%22%3A143%2C%22obsReqpage%22%3A399%2C%22obsReqview%22%3A401%2C%22obsReqdata%22%3A404%2C%22IDStagePrefire%22%3A404%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A-10%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%228926274271492810135%22%2C%22visitid%22%3A%221704107682508156%22%7D
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:56e0:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: f201f5eacf06809ad69823ffdba3e639d27fab6546d7a4870908f57bc35aaa5d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:43 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 448

GET
H/1.1 200
OK clear.png Show response
imgs.signifyd.com/fp/ Frame 0E5E 81 B
536 B 272ms
90ms XHR
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/clear.png

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/BGIjUOh9RAk2_WSj?d03f0c32a0aa4059=6XpJKa7Ji62T2Ltn0BPFJefUw6VU-Jo3egyFsAGrGD6hoWb_09i1mqop1OmuHrsctFyhTFcFuSOHI9h7-VuErUXd1Rh2BPly-mlsSod7CvVwq2AwmQ3NfUwnT5vkhTU3f4SWDrVkIqOF-ev8DtjAmcFOsnjPgk4wU342MHBHee_TA5prB9HC_fE8J9MIcqSOu_VmyE53VR5BmcMt&jb=3d332e2660736d7d375d696e6e65757b2e6a7167375d6b646c6d77712f303833392c6a736a7f354362726d656f2c6a73683741607a6f6f6d2f38323b3a32

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, w2txo5aa/fa4a1aa5fc9cc978lzy1zdblzja5njcxytgynzrjmgu3nwm3mzu0
Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 11:14:43 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 01 Jan 2024 11:14:43 GMT
Server: Apache
Etag: 7b5efc06413a4948810853509f7adb7b
Content-Type: image/png
Access-Control-Allow-Origin: https://www.elfcosmetics.com
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Sat, 30 Dec 2028 11:14:43 GMT

GET
H/1.1 200
OK ztvZhQBgtEaS8oet Show response
imgs.signifyd.com/ Frame C226 90 KB
13 KB 95ms
94ms Document
text/html 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/ztvZhQBgtEaS8oet?2232ff0081a09550=wXebYNz7vwg4RHDlO9x_iNeZEOoglZGVN_tOgqTDYBfU5XXmLFSqjpouuKBPR04Yfyqqng-ZjDMWxeIfws2r6hCzKz5jcwNTQI9f9L_dp1kK_W8ABIX3RsCLlTaEIqmEW9bcDfETAo28UwCi-2DmvEJ8QOcyE9yKVcyEDp_KBhqjT-GDbPVYhdQ5MWwSZTC7z9pxXNQcZH5zihjsc-s

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

32660d1a2a1dafdb2293b82bc54755750227ae9d4ee2cc488d1e06e8c47e2a59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Mon, 01 Jan 2024 11:14:43 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=98
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
No Content cDeYQip8fTCapiLz Show response
imgs.signifyd.com/ Frame 0E5E 0
387 B 103ms
83ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 11:14:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK m4uIH8y8jU-ihaO_ Show response
h.online-metrix.net/ Frame BA1C 103 KB
15 KB 291ms
93ms Document
text/html 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/m4uIH8y8jU-ihaO_?6c0e878a605df887=RZg31Zjk97a-L6R-v7kn-qpO1XJ7yRTN_myYkGpZB33WjW1IqvC7yeAn2GbF0qkx01NW5gtJfsnqQM1HWzX48mHgdEP6CRNvwip0RM3xCSLyAqaF_RQ0os9HIaAwkht-cPimQk-kK5EVYO1AYtdj6IMe1A-Vp06Ly_zYKOlLeVAHHq1GiIypj-st9YkE_m5jHexoEsDSuBx4r36RLpli

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

a-sac.h.online-metrix.net

Software

Apache /

Resource Hash

d676c6b24968000adf563d3bda605abbe7c9aeb2d60e9e0f1dee1de981792c8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Mon, 01 Jan 2024 11:14:43 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 0UFqW8LjLxkHztu5 Show response
imgs.signifyd.com/ Frame 9037 90 KB
13 KB 87ms
86ms Document
text/html 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/0UFqW8LjLxkHztu5?939c59a10acec351=2npkdM5kmXN9Hk-B-2CIsEjG_JK7mpin7oVxaOMmf09fSgjWoBiHjvMuHrTpdZ7KzVGbTN7p_kKwF5Bai5AAMLLuKQUyOQHqtxNnE9y7Okn7RdCurLljc_rErmWO8Dl32CHdzQ2mW0IwrqCOnrKzdhpIbRnJn6P223AyWyIcsdJqXkPftUxVPuxUZr6JFOz82WXgm2xOBiag38FlQqON

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

6265e8e75cb7dd72fe247f2e4bed9956e8e258982b36958c39d4fbfcf11a4f12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Mon, 01 Jan 2024 11:14:43 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
204 cDeYQip8fTCapiLz Show response
imgs.signifyd.com/ Frame 0E5E 0
218 B 178ms
92ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/cDeYQip8fTCapiLz?5c1984f8e50df76a=G0hQfimyfmFnfRfPrCo7S_AuUcDNNELKFuxWa1CzsFVz77ZlenpdTBPfGhdT88tGXQGOtoggeqGfKD5SECxQ92Wbgsi3LiyBbIvX8kl1rLuMfEG11YEAqZKs_9INiJvXifUmnvJcbVlEiQmIGMHldpJqTJE&ja=39323c382c266135273c30302c703f382e663f393c3a3272393030322c636e3f393c3030703b3a303a267170733730783a2c66787a3d33243b3c323a243332323a2e3934383a2c313a3a382c3b363238263b32303a26333e38302e39383a3226382e302467763563303232616a696c633d37666c6c6e66396f6b3a3c3931363f3a3c603369356124676c35362e79636435383c2666683f607e7e70732f39432d3a46273a4c7d757d26676c64696d7b6f6d7e69637b246b6f6725304e6965736d6f7e6b6b2563706167636c6b64712672663f3b2478623d37306c3a386b61346a696c62653b3b316a3f333a3f6b6f326e3b60646038663c2460623d37696f38653832636b323c34376e3b316b3d37366e393e37693c3461606e66392462796f3d5f6366646577712d383a31312c60716a35436a7a6567672f3a3231303a246271677f3d5761646c6f7d7324627968753d496270676565246662693f3e2e6c646f373a2e6c657e703d382c7c7a6e3d526969636669692f304e406f6c67667f6e7f2e6f617662703536383a336439693a626f63323a6f3c63633f3c32383032636c3b3f373e383366663e37303a393e31643e6f69613834666b333e6166686e353a3b313139333c632c6c703d6a7e7678712d3941253a4c2d324c77757f246f6c66696571656d746b6b7924616565273244696d7b6f6d7e696325697a6967696c6966792670377a6e7d6f696c576c666379602735476c6364716d2b706c7d6d616e55776b666e6577735567676c61615d78666b7b6f7a2735476c6364716d2b706c7d6d616e55616667686f5f6169786d6a6974273d4f6c63667b67217266776f6b6655717561696374636d672d3f4f666166796729786c776f63645d79606d63697d637e672d3f456669667b652b706e7d6d636e5f786f6364786c63716f78273f4d64616e79672972647f676966557e6c695f72646b7365722f3f476e696c716d2b7a6e7f6f6b6e5d6e677e63647c72253d4f6e61667367297a66756763645d7b7e675d7e636f756f7a2735476c6364716d2b706c7d6d616e556a637e6b2f35456c6b6e7b6d26656455693f7d6d60676e5d676a45442f32303924382538302a477a6f6e47462f30384d53273a3a382c3a2d3030416270676f617f6d295f6f6a47462530384d46534c2f38324d5b2530383b24322f3a32284d7a676645442f32304d592d323a474e5b462f32304f59273a38312c382f38324960706f6f6377652b5f6f624b617e5f65684b6b7c2f3830576f684544494e45444f556b647b76616c69676c5d6978726171792d33482530384f52545f686667666c5f6f61646763722d31422738324d5a5c55636f64657a5f6875646e6f785f686b6664576e6c6d697e2f31482d3030475256576464656174576864656464273b482f32304f5256576e72636f556e677a7c6a253148273a324d52545f7b6269646f725d7c6f727475786f5d646764273b482f303a4d5a545d7e6770767d78655f6b6565707865717b63656e5f687a766b2d33402d383a47525c5d746772767d706d55636f657a7a6579736b67645572677e69273b4a2530384f5256557c6778767f706d5d6e636c746d785761646971677e786f706369273b4a2530384f5256557b5047402f314a273a3a4f455b556d6c6f6d67667e55696e6e6f7a577d696c7c2f39402f3a324f47595d6e6067557265666e6d72556d6b78676b70253948273a384f475b5579766b666661706e5d6c677a6376617c637e657925314a2f38304f4f595d7c6d78767d786f5d6c646d61762f314a273a3a4f455b557c657274777a6f55666c656b765764696c6d6b7827394a27323245475b5d7c6f78747d786d5f62616e6e556c6c6f6b7e273b4a253038454f51557c6778767f706d5d606b6c66576c646f6b745d6463646561782f314a2d3232474f595d7c6d707467725d69707a6b795f676862656974273b482f32305d4f404f445f6167666570556a7766646f705764646561742d394a253830554d484d4c5f69656f787a65717b6f6e5d7e6d7a7477786757637b7e63253b482d323a57474a4d465f636567727a6d73716d6e55766f707675706f5d6d766b2f33422d3838574f42454455696f6d7a78677b7b6566577e6f7a7e7d70655d6f766b332d3942253a3a5f4548474e5769656d70786f717b6d645d7c6f72767f7a675f7139766b273b482532385d4d424d4c5d6b656770726f79716d6c5f766d727e77786d5d73317e6157717a6d62253b482d323a57474a4d465f646f68776f577267666e6f706f7a5d696c6c6d2d314a2f32305f4f4a47465f666d7a7e685f7e6f7a7c7d72672d39482738385545404d4e57667a6b775f6a7f6e666f72712d394825323a5d474a4f4c5d64657967556b6d6e766f7a7c273b482532385d4d424d4c5d657f667469556e70697f31342e6d665d62353166643f666e643c3d34306c6e6b343a37673e386865306f3d366c3a35373c3c3b323e6c36323733247f65647c3d49667e6d6c2f32324164692e267d6d6e7a35496c7c6f662738384b726b79273a32477a656e4f462d323a456c6f636465266969663539&jb=393f3d2666713f456570696c666b273a4e352c382f3832225f6b6e6665757b273a3a4e542d3838313a2e322d394825323a5d6b663e34273b482f303a7034342b2f303843787a6c655f6f6a4b6374273a4c3f33372439342d3a302a43425e4f462d3043273832646b636f2532384d6d63616f2b2d383a436878656f6d2d324439383a2c3a2634303b332c3930312f32305b6b6e617869273a4c3f3337243934

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 11:14:43 GMT
Strict-Transport-Security: max-age=31536000
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK O84o76-g5CN0CA6n
w2txo5aad22w3so7fqzbamozr6kxoxyicgqcq4jgfa4a1aa5fc9cc978sac.d.aa.online-metrix.net/ Frame 0E5E 81 B
438 B 824ms
83ms Image
image/png 192.225.158.3
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w2txo5aad22w3so7fqzbamozr6kxoxyicgqcq4jgfa4a1aa5fc9cc978sac.d.aa.online-metrix.net/O84o76-g5CN0CA6n?79c8e8dd78e7ebc1=uniOeRSvcWAVHqFmUN1giBwRk442G9jP6Izoy9zZPdQ3buyswXx7wjxrkJvvaWmmjQFqSZuPK62jQE-IQi8-wxrzS3hpTmE2v3OghNuuk157XqV8JZVOt4vwP9s-oY1GbmcWsygKOE5Gkw2TLyuGBxbgGc1pS_1iYXu6

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.158.3 , United States, ASN30286 (THM, US),

Reverse DNS

d.aa.online-metrix.net

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 11:14:44 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 lookup Show response
pd.cdnwidget.com/ 49 B
169 B 143ms
80ms XHR
application/json 34.149.130.207
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pd.cdnwidget.com/lookup?deviceID=2aLpOk0jVpEbseZpCrG7CQrav85&bxwid=4142&bxdid=8926274271492810135&visitID=1704107682508156&enableUID2=false
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_8aebf97cc6bdaca1cfc56940afdbc7d5.br.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 207.130.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 01 Jan 2024 11:14:43 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49
content-type: application/json

GET
H/1.1 204
No Content vreS95mAIKyvDMmy Show response
imgs.signifyd.com/ Frame C226 0
387 B 84ms
84ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/vreS95mAIKyvDMmy?5e3418369408c6cc=lRvNTf0AbQH2si21dZGxex48xVSAFVaKoEzwtUraOQCNrM1mZyBQR02tV9se2U7q2bK1yfdN-U5ttiDo_ytVr2eaRzYF45vmj-CCbchEucmCux6QVbMJTe2FblNq-3_0-u3nq9EZ4gM3WnIn_NCMhNY0w0Q&jf=3b3c2e6c79623f6a3f3c64666e3267393c34643c3368636b6d3a663132333c673a6833313e3e3f

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/ztvZhQBgtEaS8oet?2232ff0081a09550=wXebYNz7vwg4RHDlO9x_iNeZEOoglZGVN_tOgqTDYBfU5XXmLFSqjpouuKBPR04Yfyqqng-ZjDMWxeIfws2r6hCzKz5jcwNTQI9f9L_dp1kK_W8ABIX3RsCLlTaEIqmEW9bcDfETAo28UwCi-2DmvEJ8QOcyE9yKVcyEDp_KBhqjT-GDbPVYhdQ5MWwSZTC7z9pxXNQcZH5zihjsc-s

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imgs.signifyd.com/ztvZhQBgtEaS8oet?2232ff0081a09550=wXebYNz7vwg4RHDlO9x_iNeZEOoglZGVN_tOgqTDYBfU5XXmLFSqjpouuKBPR04Yfyqqng-ZjDMWxeIfws2r6hCzKz5jcwNTQI9f9L_dp1kK_W8ABIX3RsCLlTaEIqmEW9bcDfETAo28UwCi-2DmvEJ8QOcyE9yKVcyEDp_KBhqjT-GDbPVYhdQ5MWwSZTC7z9pxXNQcZH5zihjsc-s
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 11:14:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

cs
tags.rd.linksynergy.com/
Redirect Chain

https://idsync.rlcdn.com/458359.gif?partner_uid=ad4ebe8d-bc74-4488-a7a2-b0d2bfcd5084
https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGFkNGViZThkLWJjNzQtNDQ4OC1hN2EyLWIwZDJiZmNkNTA4NBAAGg0Io73KrAYSBQjoBxAAQgBKAA
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=ef4b429ce17f00a39c3adec7f2d14aad761545dc639204545734046bbfa2eaae6ac34734d8e453ee

37 B
293 B

36ms
35ms

Image
image/gif

34.98.67.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tags.rd.linksynergy.com/cs?ns=lr&uid3=ef4b429ce17f00a39c3adec7f2d14aad761545dc639204545734046bbfa2eaae6ac34734d8e453ee

Protocol

Server

34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.67.98.34.bc.googleusercontent.com

Software

Resource Hash

bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-type: image/gif
date: Mon, 01 Jan 2024 11:14:43 GMT
via: 1.1 google
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37
x-samesite: secure

Redirect headers

date: Mon, 01 Jan 2024 11:14:43 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://tags.rd.linksynergy.com/cs?ns=lr&uid3=ef4b429ce17f00a39c3adec7f2d14aad761545dc639204545734046bbfa2eaae6ac34734d8e453ee
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 204
204 1V52ploMvcpqV4UF
imgs.signifyd.com/ Frame 0E5E 0
401 B 135ms
94ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/1V52ploMvcpqV4UF?217d89bc3ab12065=gtDxmENh6DdR0qlM8z1r3tFJKOg9buj2ZhpQREfNIS5rtUOwPwrM5xsIOEt8kD_oOyKTNDT83lUc-cJfshM3yUJFdlF0jLkW3uzARUAQtMQs4US0RqsK-pGctnIAlpCwuNVAKCmq1D_fsimD6eRYSkzgMg_vKIUB4BM3_E9-V4awpHaWai6nNF7pzbGoMyR_sJ29mwgX5vmFfmlqA0s&jf=3c3b3c26796966577864643d7e6e70577b477a38525e334f4667594c7d686a482e796964576e69746f3d333f3a3e31303d3c3a3b2e736b6c557e7b7a6d3f776768386d616c7961267b636c5f61657b35393a3539393a333b3836323f386b3a3c3c3a636739663830383b303638323a6132363630696f33643a3932393837323b3e38323a383661343b376a663f6933366c3d6c363e33663c333234383f3a373e6c30673f6f3261333b3466673c346e646e3b646431683a333e32606a333839373b6961693038643c3f69643e6a633667396139606b3b64333d3869343f31633c3a6861353a3e31396e30303f3d3f35323035303039356a616d6b386439383f646e31353a323a2673636e5d7b61673f3b3a3e363a3a3030376e673b673c6b616639326b373339673b3d3832393c68633b3a35676c333e35686a30303269646b323f3e30346d326d303b653b31696f3464386b303f306263383838323c6a3538356f323b643839366530336a333a37643d32383239383b376b3d363b6b6b6e353c6c6665343d356b316d3930323f3f6a663e3034396b3a6236393c312e7b69647a373a

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 11:14:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=100
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 init1.js Show response
api.bounceexchange.com/bounce/ 125 KB
22 KB 123ms
63ms Script
text/javascript 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/init1.js?wklzs=1151&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHYAGAFn2MIDYAOAZgFYq7NgAvEKK44zAdwCmAIxypgAgPqoAJlHKkATJgBOAnCAA2cNBgLdiAD3wKeKgTAHLVyqNgCGGjagQBzCXGUaoAC2DAADjgApHQAgkEKAGIRkXxxAHQCGjBIIDgAtgJoSDjxqekxqRlZqEgAtEjKqOnODjiYAG6oosASqSAA1qgCUEGEAEIRChr+QyHhCgq+AcEKDGERDFGLUXF8iclFmdm5+SuRWyXlldW1GrMKEQDCQ8pjC5NjhAAi2CCd3b0DQ9Iy9xMKGgATgUVAUhEUhHwpBBNAo+EYYwUN0mTWk-yIZAo1Boc2IcKY1yGDX+fUGkw0IBcLgE0ikCH+MDqAiJkwEDUsEkp1Np9MZzNZCiQdmUrQAjsAAJ7-YiC4WiiQNBxwFmPMKy5FDHBwIQ1Py8jAtVWXMJM86qlHDKk0unOKTSAQINAwbrotWhM04C1DeWtL3AfnmuUigPuz0sl6C6QuSKoZQ4YAAGRAdjdJtCwGUKsF3hF0gAks9SZMFHZE-4APKV7x0ADKwCuGgA0gBNAz5xNaAAK0gAcqEABoaDWXTWTdQwYCF4uTMuVjrEMAANX8AFERAIAFr+K7KADihCuEGUdgaNAYSMt0dJ30mzS7qiaIDgOCuL9AmTuYYFY4UzVrOo4CcQiWIGXrBkg3iSMAFzjJi5CULQjDMH0RYvI0Io4AA2tyNr0gAurAzIYfGWHspyuG8s4hHhiR2G+hIEqSoRvBKqRDFKloAgsXRWH+MoIB0vxpTcUR5q8fxgkSAgdiZDRxFsdhdoJiASAdPJ4mKVh2q6mI4h0oaYiibRWntF0kjpIJDgSPxaiOsAGlerxlG2gg9r2agLq0o5Ai8Qx-o+RJ0j+BIOAdHAgWmSGkWYXxj6heFkUOjAWEccqomsclOHWlRbkyB5XnSEl5ipSGoVZIFZndBIoAgFyIo0mJTlCP4UC8FkrVYQARL6XUADQ9XY4guCAyiSv1PVQWpz7ABN3ggJkE2SdIcAoBNXoipBXX4Zg-gwbY+T+E4djIJIMAaHYLi2A0ua2Lmyi2rIpbllWFY1vWjatu2nZwD2-ZDrwE6tDIUDPfOi4ruuXrbruB5HieZ4MEAA
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: 6149c98b22bcd6f31b55f77695190cc2c57cc3f934b24adebe4946b62580b3ac

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:43 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 01 Jan 2024 11:14:43 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 26
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H3 200 creatives-base-styles.a53944a2.min.css
assets.bounceexchange.com/tag/css/ 37 KB
6 KB 29ms
29ms Stylesheet
text/css 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/tag/css/creatives-base-styles.a53944a2.min.css
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 19:41:39 GMT
content-encoding: gzip
age: 2302384
x-guploader-uploadid: ABPtcPoeSusRxZIcUp_x_oH-4vS07wUtiVtCUR-P6c8vmFZ4ZiwtfXCv5bLKTig_smAW9H8TNiZqPz3PsjXyBotqjBxG19VlLxpB
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6053
last-modified: Tue, 13 Dec 2022 17:12:22 GMT
server: UploadServer
etag: "54f61bdcbfb6f81427c8a6803f48b02f"
vary: Accept-Encoding
x-goog-generation: 1670951542233151
x-goog-hash: crc32c=lLRhfg==, md5=VPYb3L+2+BQnyKaAP0iwLw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 6053
accept-ranges: bytes
content-type: text/css

GET
H2 200 visit
events.bouncex.net/track.gif/ 42 B
165 B 39ms
37ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoB1ETAEwIDuYNgDkAKmwCMzFpQDMAITbdMANgAs8pdWYAPDQEo2AQQAOp0gk4IARgGkoNBnIDsjOarbs7ACTF4AGRoAYTZSEABrBDYAcQQAYwiCIx1ggAskAgBbaLpJHRZGVWYAThLGfJK2AGUUADMUJBAneld3VQAyUAgYJAQ65D6kHC7wKGgKPh40U3QEWCRSHDTISFNhalbjGno6HboBQ8YEUjr4gjAcyBB4sEZzrP3ac8uEa-iAWnimrJ4UUjAox60D6YAIpFg1wImF0OEkxWYQPGoPBkJA0IAnnCdIjuuN4vBINlgI0QCgbJYwDhKC5tNRSAQ0BheAB9Hg0ajybbUagNAG5TnUUI8hDAZAshlMhCs9k8rkcvmIDkhDnxRqQFkAR0gGOVcm5OmVQtV6pZJIhAvlPNYcuNPNMmVZDpulv1Cv+SttwuoDoIrMwKByeoNistduoPBZYCJiWD7v5Ru9YFgNl+q2lLOhPVdIY9Ye95wIERACBZWT9-xZDoQiGwcZ5ocTHMlzLZmDZvCw1zqJd49d5eabPLVSA1iEg-cbXo5pl4pijEVgk8H0+H6uXCdXPr6wAXS7lbobK85LgAIkiYIXiwhqbSObwQH2DwaABwlaiqagudRfyTqd8vtIkhyPQQ7UKAT6cvqkguMw6jSC4qgvh49AvvQ9CSCqPLAHGd5nlh1C8GgtAgEg0YBAQKCQVykBILAuTemkjS8AAkqe-bUCgASmAA8rxaRyNUkDBKQdgAJq6CxAQQgACrwIjGAAGqQNqCkmBB1JAbEcVxvERMwABWABqpgAKI2IgABapjBEgMQuMEACKqDAGhYFEbhdLgDJO7ovAwSEtkyDBlO3rgNUKZgN8IA2MFz6hSa8RpKWkAbFBxgwXBCFISBqhyDS7HhnUwATs+mXwcwiHIQRKAEMGNreqQpj9isawbFsTxPIcAjHKcLxXDcdwPE8-VvDcXw-H8AJgSgaVcg1HLAKYOFlQR1GHoRYFIP2YHxCVwbldl1XhhA63GB8mHhmg3zBnIC08o8z73fS+1lbBFVVfl4ZqlkswgGgmBzW6d48tQ8KSCU6gvp5i0relz2kK96WHZVOUFQR1CuKoJTATD2Fw-NBGI6VyPvUd+X4ZT57wMgczYNANiZEIyA4OkmQ5B0NOoBg9NimR6KYNiMgyMUZQVNQJSc4g3NdtAFgoJAdQEEgWQ4Co-BCFIiJc3TMCdqA8RvBipg3p2YARESpgdAS0ZBUg0BMVF0J85A0o4IiGAENA5ywNgSAYucnY4AAqtUHSe97BC+7RAd+ggcgh9UxjhwgXs+37GIBjkIeYFA0o1JACs1inXt9GgAs4CIYklyCCDl9CWc3iICACGwYnKxENfxFAWIKLAdR8gQNemBchekIHN5-jo1Bd9C1yYF2E+V8n5ZB4iAi2Nmj44PBP4XtvKOfaoqHoZIHT6y629vh+X4-i4f4AUBIEdLMGCgC3B8dIgmr0Zghvb4ieI4QuzXByNGQMpg4Rk1Rshe+Z8gElmwCgUwIA+YQGhDgQuaA5Dn1FC6HAvAv5RyQIbHAG8bAdF1jgLmRDNIdhwJxbiPF9LGTMhZBA1lbL2Sci5NCHQmJIBlLwBhuk+I8QEkJES4lJLSVgHJBSylmBAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:43 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H2 200 pageview
events.bouncex.net/track.gif/ 42 B
97 B 44ms
43ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdBOgGYDGA9oQLYS4YHQk26963PgKEBaDqhi8YAOxDpCAMlCRYCRB2SFcXXlBAKQAI3QRCmYgHYAQtSrouYSABMA+itdklFRUbGqEEAFUAMKu0BCoPu6eEL7+wYGuoeoR6dGuHOa4PgCOuACeARSuAAyRMcEFqEVm6Mg5VBnBtbn1VMCoXL79Qu2dIWGjecH9gz6q-JVB49l1rio+RlwcANaLmROrwYTIlkr4KT5cyoQwuKNVwVnhh1TcXNtwPryDaj79thBlLg9o8Dj1XElvH5lH4vIDBGw4F4QctnuCGoUNgIUU9Jr1gF5gBttsgcWCOlNXoUySt0X1UNBiaT0g9UaMHAARLTgaBwJBvD62GAALwgmAAbABWAAs3J0fP0IGUVyEahw+CInTotEY8BY7Ek-EEwlEJgkPCNsnkihUYTlvL0As+xi4iXMkEwuPtun5XHezrKwDFpGA6m9CqdEA2IrFkuqAEYqBoxMB9LxgJhqsmTKncBw2Jns+mUIQM1mU4gwMAyxpvnDC-AIJYbncYF5MNL49Kk7AW23MPGHNVO9UHOKABykKXjyWS+MaOGwDgQfvjgCcVHFVAc3YcXY34-jCdIkvDCH78-CxTaymXF+T6DgQME-CMIHTA6HI7Hk73so4j7wiAwAwFA8Q3FcmC4OApALryy6YF4GiEFwaAIY2lgaDyQKYIY8TIVwbBFP2VAgAAMsAADy2zVAAVgAasAACizYQAAWsAUSoAA4g4UQAIqoCAUAzho2DmKk7akRRlFUdgpAAMq4FE6AANIAJoAB4AJJka0AAKXgAHLkAAGug1RAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:43 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H/1.1 204
204 bX2lZx_voc0dGL65
h.online-metrix.net/ Frame BA1C 0
400 B 94ms
94ms Image
image/png 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/bX2lZx_voc0dGL65?fe939ea52f02ec77=SvIgE6fgEjmKe4_z2fXT3-GQfLnILA3rQGub0VzmMepTu7Gz8ZF28KvNbQcvr-CCjcGVZGL_4NNCb72yLUtQyIEzhGhgsFg2zbToRLAmwXtTbgEpDUbV-llFvDJA5LKuRQJ39d-gPcce2cwbPRLs-pvkmVFtqpwYnBTtj7tfDAibh7mXrO6aokzOAkZVI6arlURUtulgJuAYvtWUYhE&jf=3c3b3e26796966577864643d7e6e70573f3964386373555b5e764566387741502e796964576e69746f3d333f3a3e31303d3c3a3b2e736b6c557e7b7a6d3f776768386d616c7961267b636c5f61657b35393a3539393a333b3836323f386b3a3c3c3a636739663830383b303638323a6132363630696f33643a3932393837323b3e38323a383662376e323b64306834353d6e38393935376a3c6e33643e3c34696b6263386c6c60383b3b64673c3639603e3b376330326d666931663b683c33643c68613f6d36306d6e3e643a386433376b346e36693266656c3339346f63666b6c6b61336e3d313b6c32633f3e6c33693e3463373f3b3f6338693763316e3d333b38333b333f2673636e5d7b61673f3b3a3e373a3a3031323a646e643f6836333a6b30333864643e3d3d61613e6b636a3d64613e6e3b643b6a676235383b31376a3c31393a383d353f333a6a3f3e37303b32643b38643b6c3f3a3038383532346f363e36386b3738393e3c66393666383c6831656e3e3a3a6b63616c323e33323f3a34353b3138366d3230373a323b313263376d69393636336f313b6b2671616c783f3b

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

a-sac.h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://h.online-metrix.net/m4uIH8y8jU-ihaO_?6c0e878a605df887=RZg31Zjk97a-L6R-v7kn-qpO1XJ7yRTN_myYkGpZB33WjW1IqvC7yeAn2GbF0qkx01NW5gtJfsnqQM1HWzX48mHgdEP6CRNvwip0RM3xCSLyAqaF_RQ0os9HIaAwkht-cPimQk-kK5EVYO1AYtdj6IMe1A-Vp06Ly_zYKOlLeVAHHq1GiIypj-st9YkE_m5jHexoEsDSuBx4r36RLpli
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 11:14:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 18 KB
18 KB 29ms
29ms Image
image/png 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 17:25:04 GMT
age: 236979
x-guploader-uploadid: ABPtcPoO44dhZ6C-dIHLmvK6rbJ9SChGCnJxkENliIdUgiGxGoNIwDH86cBBEYyr6uWZvK51dNgt3z1tXIebifZBIqIblQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18352
last-modified: Tue, 25 Aug 2020 15:57:40 GMT
server: UploadServer
etag: "59a941c096f98029341d8c56b7b89113"
x-goog-generation: 1598371060392963
x-goog-hash: crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 18352
accept-ranges: bytes
content-type: image/png

GET
H3 200 7fe61b61deb67574fcbd423f591430a3.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 72 KB
72 KB 35ms
33ms Image
image/jpeg 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/7fe61b61deb67574fcbd423f591430a3.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: be699ffd6b1fdc6facf4666ddbff72e6903bc7ee85f7b271dcfd1a3b18fe00dc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 19:45:28 GMT
age: 2302155
x-guploader-uploadid: ABPtcPq6d0icLZpIDSItRwjNtaTOlnOgNXMPnDtii-2irGnd-1raucyR0n-bnalAeCXxtATmJZTOONI50Pxjh3kvhRfWAw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73525
last-modified: Tue, 31 Oct 2023 17:11:44 GMT
server: UploadServer
etag: "7fe61b61deb67574fcbd423f591430a3"
x-goog-generation: 1698772304840828
x-goog-hash: crc32c=itwfgw==, md5=f+YbYd62dXT8vUI/WRQwow==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 73525
accept-ranges: bytes
content-type: image/jpeg

GET
H3 200 21acb0e87b74f5d66b46f5abbdfdae5d.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 34 KB
34 KB 56ms
55ms Image
image/jpeg 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/21acb0e87b74f5d66b46f5abbdfdae5d.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: c30b3c8f59aa0a8a6b4a286bee5ee71142b349231f200a3d8a8b1439f10c0cff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 05:06:50 GMT
age: 1058873
x-guploader-uploadid: ABPtcPprMCX4219WawjdfK7BfhZG-h43NzAiRLV6KifsMvUAm7oGEtIJyQI18dLQ3oWq6qceUNBpX9Gf7tMzXQJa2IjS-g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35063
last-modified: Wed, 01 Nov 2023 17:15:09 GMT
server: UploadServer
etag: "21acb0e87b74f5d66b46f5abbdfdae5d"
x-goog-generation: 1698858909771820
x-goog-hash: crc32c=ojJAOQ==, md5=Iayw6Ht09dZrRvWrvf2uXQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 35063
accept-ranges: bytes
content-type: image/jpeg

GET
H3 200 2d76399daf4b42a8a1789b981554960f.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 43 KB
43 KB 66ms
65ms Image
image/jpeg 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/2d76399daf4b42a8a1789b981554960f.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 4b412e122fd548bc6bf3a4bb81438a5a86dd8aadeae74a013dcd1a0c10f2ebca

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 19:45:28 GMT
age: 2302155
x-guploader-uploadid: ABPtcPrV0lTrdvD4Nse-2dVpmM5C7PZEyEFTWMlDgn4-Lyl8eg0nw9VldbBxvZVd8dtDnwAU2nlepo4XOSsil189bglAFg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44310
last-modified: Tue, 31 Oct 2023 17:01:36 GMT
server: UploadServer
etag: "2d76399daf4b42a8a1789b981554960f"
x-goog-generation: 1698771696675921
x-goog-hash: crc32c=0f/E0Q==, md5=LXY5na9LQqiheJuYFVSWDw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 44310
accept-ranges: bytes
content-type: image/jpeg

GET
H3 200 077fb7636e1876128516799bc11f63f5.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 50 KB
50 KB 44ms
43ms Image
image/jpeg 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/077fb7636e1876128516799bc11f63f5.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f445b2f3037ecfea6eb43c2eb344c2ed2f24c58a9880c2aa5aaf328d012df607

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 31 Dec 2023 12:11:39 GMT
age: 82984
x-guploader-uploadid: ABPtcPrtBfBrdw5zV9t5Mae1jiTWXsrJCG-3XQbYXi1gP0jnX9wkqYbI8OuLuFmITQLGE_I6PNsbWhe1WITEsnbx5_xdxA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51556
last-modified: Tue, 31 Oct 2023 17:01:59 GMT
server: UploadServer
etag: "077fb7636e1876128516799bc11f63f5"
x-goog-generation: 1698771719473549
x-goog-hash: crc32c=IwEB3w==, md5=B3+3Y24YdhKFFnmbwR9j9Q==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 51556
accept-ranges: bytes
content-type: image/jpeg

GET
H3 200 aad294f617411e0fd0ad3a2b05a5ae0d.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 57 KB
57 KB 80ms
80ms Image
image/jpeg 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/aad294f617411e0fd0ad3a2b05a5ae0d.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 6f34262b9a0345ac42b2d8d30b29c919a72d2c5bc789b0d5548cb41e2576df78

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 01:39:33 GMT
age: 380110
x-guploader-uploadid: ABPtcPpC9qVKoODRlzeRUNkE9kN0mcddssNDCAy8o8ZXIMa5RwOESYVFnOjirHZfoHuOOYb0iTdnacn1D9WFgs0go7OZOA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58088
last-modified: Tue, 31 Oct 2023 17:02:17 GMT
server: UploadServer
etag: "aad294f617411e0fd0ad3a2b05a5ae0d"
x-goog-generation: 1698771737010712
x-goog-hash: crc32c=zHWrCA==, md5=qtKU9hdBHg/QrTorBaWuDQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 58088
accept-ranges: bytes
content-type: image/jpeg

GET
H3 200 949ca8ee3c54e911de817865524ddb08.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 64 KB
64 KB 83ms
82ms Image
image/jpeg 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/949ca8ee3c54e911de817865524ddb08.jpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: b734645b3b1ff2f0daafc3b1f558a0418f557f893cfd737f569654b024260953

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:35:43 GMT
age: 2039940
x-guploader-uploadid: ABPtcPoTT-g73Q6w_FuasCJ_PiJoJX1xP-4w8Iub3LlwpcSAJoQvrcI0RJxkPfAFfz7sLARj41yY6uXHsFCZ7Z1iGPY0ylZxFLEA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65413
last-modified: Tue, 31 Oct 2023 17:02:40 GMT
server: UploadServer
etag: "949ca8ee3c54e911de817865524ddb08"
x-goog-generation: 1698771760157666
x-goog-hash: crc32c=05n7iQ==, md5=lJyo7jxU6RHegXhlUk3bCA==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 65413
accept-ranges: bytes
content-type: image/jpeg

GET
H3 200 16f45df19355361dc1c101036c0035b0.png
assets.bounceexchange.com/assets/uploads/clients/3258/creatives/ 2 KB
2 KB 82ms
81ms Image
image/png 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.bounceexchange.com/assets/uploads/clients/3258/creatives/16f45df19355361dc1c101036c0035b0.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 04:15:52 GMT
age: 1666731
x-guploader-uploadid: ABPtcPrPA6WV_SHWe8EPba0HeniolRQLrInWjcYfU88v_ObHWMUFSOrn2TN5oIwyZ2fu0lzKc3Vl0H_LXPLYL8vz5zTJEg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2419
last-modified: Thu, 01 Apr 2021 03:01:32 GMT
server: UploadServer
etag: "16f45df19355361dc1c101036c0035b0"
x-goog-generation: 1617246092060079
x-goog-hash: crc32c=pklVBw==, md5=FvRd8ZNVNh3BwQEDbAA1sA==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 2419
accept-ranges: bytes
content-type: image/png

GET
H/1.1 204
No Content cDeYQip8fTCapiLz Show response
imgs.signifyd.com/ Frame 0E5E 0
387 B 92ms
91ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 01 Jan 2024 11:14:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 eligible
events.bouncex.net/track.gif/ 42 B
95 B 38ms
37ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7AAYALHKUKAbAA4AzAFZNusnACO8sqRB8AdpwD6EYFBxlRPAA4EIIG05wATLpaAJxyxlAsqMiYOAgsNjEAHmQEIJh2OABWUGQ8TMCxSmQA7phIEJyY-moqAWSMUJX+iqrqWnqa+tr6+nIUDBAx-tohAZoBCnUKcipj2urh+mRe6YyYJS2WmKZwGcPAgW5EEBmcnBB8UJwEnvLKaho6uqOax6d2BB4Q9NhNTDYcDcQMZCowYjhgJYmHgHP4AgQADIeADyAGslFkAGoeACiSEwAC0PGxUABxBRsACKqAI9B6ZHEBFQwEchwRyJRqPEuhgnDYRAA0gBNJIASURRDg1GAADkAIIADSISiAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:43 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H2 200 pop
events.bouncex.net/track.gif/ 42 B
95 B 37ms
36ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/pop?wklz=A4e2C4EMGMBcEsBukEgHYF4EFsCmAnAMgHNcRxoQBXNWfAT0oBNcMBVAZRLPH12PjoMAOQCa3cpVrw0uWs1bCAgoSoBHDAEZC0SNmCR4xNPCYYATAGYA7ADYAnJsuEAztXzRWAI2ppPAD0JIUloMACsXQmwQFgwABkIAd1wvF3hYXFMMABZNbPNCRHg0hDNNazjcuLsADktbAFYahobtFiLPLJr7c1tza3zrPJ6azTinBsIDUiLcRKztF1w1KjlOs2doABt4OVgcXBdYPWAtCqray26anR29yGAkAjShY+JndvhPDCZXEAAzWAAfSy5kgABlgAB5ADWcTCADVgABRVK4ABawAAwvgAOLWLEARXwkEQzUIAAtIPgmCCzGDIVDoRTLBxYFitgBpUT+ACS4K2VAACkxlAANLZxIA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:43 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 34ms
33ms Image
image/gif 2607:f8b0:4004:c07::71
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1434288175&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Wunderkind&ea=Wunderkind%20Impression&el=SMS%20Opt-In%20-%20Entrance%20-%20Combined%20(Email%20THEN%20Type%20Text)%20%7C%20Entrance%20%7C%20Desktop%2FTablet%20%7C%20Unidentified%20%7C%20Test%3A%20Creative%20-%20GIF%20v%20Static%20%7C%20CCC%20%7C%20Single%20Build%20(2376912)%3A%20Overlay%20-%20variation%20-%20Combined%20(Email%20THEN%20Type%20Text)%20%7C%20Entrance%20%7C%20GIF%20(2376913)&_u=aHDAAEABAAAAACgAIAC~&jid=&gjid=&cid=741843828.1704107680&tid=UA-432816-1&_gid=1856746597.1704107680&gtm=45He3bt0n81WL3STMXv896608294&gcd=11l1l1l1l1&dma=0&z=443588436

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 04:47:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23242
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 dvar
c.contentsquare.net/ 0
319 B 40ms
40ms Image
text/plain 100.24.241.105
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/dvar?v=13.76.1&pid=1926&pn=1&sn=1&uu=53a5de20-0b47-a062-b01d-588c7acf0516&dv=H4sIAAAAAAAAA5VOywrCMBD8lSEnPYj33jTGB6KXRjyWtF1lMU1LuxbF%2Bu%2FuL3gZ5sEM8zGnVXE9FrZtSk5UY%2BaawBF%2B787w747g6SVzTHBJ%2BpAqUrqh4SFtt%2FShjCRqXBLXlIRvrAuTVgbJYHsKwiNhgd1hixG5qK40t9Yq5pzukbB%2BcqxNZv56oIPm%2BwNXTL7jvAAAAA%3D%3D&ct=2&r=127115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.241.105 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-241-105.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:43 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H2

200

hash.gif
pix.cdnwidget.com/
Redirect Chain

https://pix.cdnwidget.com/redirect?CID=2aLpOpOh3StClKYxILluPdNAXl0&DID=2aLpOk0jVpEbseZpCrG7CQrav85&v=&iv=&deviceid=8926274271492810135&visitid=1704107683658551&wsid=4142&apikey=2^HIykD
https://pippio.com/api/sync?pid=5749
https://pix.cdnwidget.com/hash.gif?md5=none&sha1=none&sha256=none

68 B
626 B

56ms
55ms

Image
image/png

34.149.254.212
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.cdnwidget.com/hash.gif?md5=none&sha1=none&sha256=none
Protocol: H2
Server: 34.149.254.212 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 212.254.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 11:14:44 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

date: Mon, 01 Jan 2024 11:14:44 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pix.cdnwidget.com/hash.gif?md5=none&sha1=none&sha256=none
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 202 graph
idr.cdnwidget.com/ 0
100 B 122ms
57ms Image
text/plain 34.149.130.207
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idr.cdnwidget.com/graph?cookieID=2aLpOpOh3StClKYxILluPdNAXl0&deviceID=2aLpOk0jVpEbseZpCrG7CQrav85&bxdid=8926274271492810135&bxvid=1704107683658551&bxwid=4142&gm=true&apikey=2^HIykD&loadID=rIFpHqc6vWkX05l
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 207.130.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 01 Jan 2024 11:14:44 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 32 B
49 B 57ms
57ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4

Request headers

Referer: https://www.elfcosmetics.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 Jan 2024 11:14:43 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32

GET
H3 200 id_sync
events.bouncex.net/track.gif/ 42 B
60 B 39ms
38ms Image
image/gif 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2aLpOk0jVpEbseZpCrG7CQrav85&source=web&agent=cjs&deviceid=8926274271492810135&visitid=1704107683658551&websiteid=4142&pageviewid=1&sequenceid=3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:44 GMT
via: 1.1 google
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
54 B 42ms
41ms Ping
text/plain 2001:4860:4802:36::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je3bt0v879088318&_p=1704107678608&gcd=11l1l1l1l1&dma=0&cid=741843828.1704107680&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&dt=&sid=1704107681&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&en=scroll&ep.page_type=content&ep.page_environment=production&ep.page_country=US&ep.page_language=EN&epn.percent_scrolled=90&_et=78&tfd=11714
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 01 Jan 2024 11:14:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfcosmetics.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/

Domain: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=1477341143591;auiddc=45982039.1704107679;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?

Domain: 10742279.fls.doubleclick.net
URL: https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7748974885090;auiddc=45982039.1704107679;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?

Domain: analytics.tiktok.com
URL: https://analytics.tiktok.com/api/v2/monitor

Domain: www.paypal.com
URL: https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Verdicts & Comments Add Verdict or Comment

190 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

90 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sc-static.net/scevent.min.js	1970-01-20 17:23:14	Name: X-AB Value: b0abdf9f9dff4cfeb2717a9960d575ec
.elfcosmetics.com/	1970-01-21 02:07:23	Name: _pxvid Value: f34fd9e3-a896-11ee-a1c7-4b8cad4d353d
.elfcosmetics.com/	1969-12-31 23:59:59	Name: pxcts Value: f34fe581-a896-11ee-a1c7-95126f2ab497
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: initAuthComplete Value: true
.elfcosmetics.com/	1970-01-21 02:57:47	Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57 Value: %7B%22g%22%3A%22f72b47de-babb-5e44-9f1b-a9a5974f0165%22%2C%22e%22%3A1704109478628%2C%22c%22%3A1704107678629%2C%22l%22%3A1704107678629%7D
.elfcosmetics.com/	1970-01-21 02:57:47	Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57 Value: %7B%22g%22%3A%22c560cd9a-d795-0f0b-0d5d-d63f6c2d6d6d%22%2C%22c%22%3A1704107678632%2C%22l%22%3A1704107678632%7D
.elfcosmetics.com/	1970-01-20 17:21:49	Name: _dyjsession Value: x7ymn8sny0am4esoihfq3zv8y2zmymgo
.elfcosmetics.com/	1969-12-31 23:59:59	Name: dy_fs_page Value: www.elfcosmetics.com%2Fcosmetic-criminals
.elfcosmetics.com/	1970-01-20 17:21:50	Name: _dy_csc_ses Value: x7ymn8sny0am4esoihfq3zv8y2zmymgo
.elfcosmetics.com/	1970-01-20 18:04:59	Name: _dy_c_exps Value:
.elfcosmetics.com/	1970-01-20 19:31:23	Name: _gcl_au Value: 1.1.45982039.1704107679
www.elfcosmetics.com/	1970-01-20 17:31:52	Name: FPC Value: 2339fd0c-cfe9-4c1c-b192-e9a27ff6cb62
.elfcosmetics.com/	1970-01-21 02:07:23	Name: _dy_soct Value: 647796.1248068.1704107679.x7ymn8sny0am4esoihfq3zv8y2zmymgo836603.1652212.1704107679837245.1654610.1704107679*861617.1750272.1704107679
.dynamicyield.com/	1970-01-21 02:08:50	Name: DYID Value: 7408421633541709471
.elfcosmetics.com/	1970-01-20 18:04:59	Name: _dycnst Value: dg
.elfcosmetics.com/	1970-01-20 17:23:14	Name: _gid Value: GA1.2.1856746597.1704107680
.elfcosmetics.com/	1970-01-20 17:21:47	Name: _gat_UA-432816-1 Value: 1
.elfcosmetics.com/	1970-01-20 18:04:59	Name: _dyid Value: 7408421633541709471
.elfcosmetics.com/	1969-12-31 23:59:59	Name: _dyfs Value: 1704107679623
.adsrvr.org/	1970-01-21 02:08:50	Name: TDID Value: 229c18f2-90cb-493e-9992-e8fbf24ec4b8
.elfcosmetics.com/	1970-01-20 18:04:59	Name: _dycst Value: dk.w.c.ws.
.elfcosmetics.com/	1970-01-20 18:04:59	Name: _dy_geo Value: US.NA.US_NY.US_NY_Buffalo
.elfcosmetics.com/	1970-01-20 18:04:59	Name: _dy_df_geo Value: United%20States.New%20York.Buffalo
.elfcosmetics.com/	1970-01-20 18:04:59	Name: _dy_toffset Value: 0
.elfcosmetics.com/	1970-01-20 17:21:48	Name: _px3 Value: 8982e3df90e0b6d1dfa869a9d1880dec61adbb1f45ca8ca5b5e07e9a770bff40:4sxQuVIe5IoIrPi1m5+oHi9E6GBsJSWiDquHX3fgF+uehyvAhAXXREWFgExqN32AjYoKX/oWk1mCTaEekP7mnA==:1000:8v5W9UFGliqpN+bYplw4OsSqwrpDCacyzUAQo3XERH5mKv0ui5yTmZ9N+ginrmedJcrLXB9CWWmmZaK1CCIYTAoArLCoGlKlwz/CdsoSvHSJ8SfJMfYjNcpsNLDvfvYN6BMHpdwM8giOhY64QB9cU56zmu0G6SPTrJOcIrd834vVDnDe3TMENpdyp9cPwwQ3Fw48YXfziaKbndXKjXf5QKRrTnZ+wGgVanYSJ6ybrs4=
.adnxs.com/	1970-01-20 19:31:23	Name: uuid2 Value: 292962642707206150
.elfcosmetics.com/	1970-01-21 02:07:23	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Jan+01+2024+01%3A14%3A39+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=08325c69-ae50-4078-85e9-67291dbd95a9&interactionCount=0&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&groups=1%3A1%2C2%3A1%2C3%3A1%2COSSTA_BG%3A1%2C4%3A1%2C5%3A1
.adsrvr.org/	1970-01-21 02:08:50	Name: TDCPM Value: CAESFwoIYXBwbmV4dXMSCwjcv-GSnLHFPBAFEhkKCnJpZ2h0bWVkaWESCwiI5eGSnLHFPBAFGAUgASgBMgsI9LC2vbKxxTwQBUIPIg0IARIJCgV0aWVyMhABWgczZnRmbmgzYAFyCnJpZ2h0bWVkaWE.
.adnxs.com/	1970-01-20 19:31:23	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2GVVk=Hfj!]tbP6j2F-XstGt!@DnD$si7@
.pointmediatracker.com/	1970-01-21 02:08:50	Name: c Value: 4f56814b-c2dc-4ef8-b088-629c9802703b
.yahoo.com/	1970-01-21 02:07:45	Name: A3 Value: d=AQABBJ-ekmUCEE523VvE-jt3y5eV_s0wcb4FEgEBAQHwk2WcZdxH0iMA_eMAAA&S=AQAAAuUQRgyBD1fgn2bRr5R6Ixo
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: scapi Value: prd:46f2eb27-bcd5-443b-87ba-997575292d69:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjQ2ZjJlYjI3LWJjZDUtNDQzYi04N2JhLTk5NzU3NTI5MmQ2OSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDEwNzY0OSwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsYnhLa0t0R2tIQVJ3S2xJbHFZWWxibEc6OmNoaWQ6ICIsImV4cCI6MTcwNDEwOTQ3OSwiaWF0IjoxNzA0MTA3Njc5LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1NzcyNTk2MDU0MzU4MTc0In0.8AMajv09XHUXbBwGqgrXZ1r-XQaowetHUa-mG7pPMJbGoGv2ti0B5jSt0RJYwfgmrhVuXYZZ-b2C-YuQCFyzbA
.undertone.com/	1970-01-21 02:07:23	Name: UTID Value: 029ab8dd7e06441f93431395bb5f65db
.undertone.com/	1970-01-21 02:07:23	Name: UTID_ENC Value: 5jtoxgihk6pv77v11elznly3
.analytics.yahoo.com/	1970-01-21 02:07:23	Name: IDSYNC Value: "1769~2fxn:19e0~2fxn"
.bidr.io/	1970-01-21 02:50:17	Name: bito Value: AAHVVU7LJT0AAe9Q0EiEfw
.bidr.io/	1970-01-21 02:50:17	Name: bitoIsSecure Value: ok
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: dwsid Value: iZ4l7d6zJh0Twfd8WJXrowiP526JvDKNHfihwb8usDmRSRv-7Y8U0iOe8mhbq2Mi3O7zp7YxScLjBO78bR15zg==
www.elfcosmetics.com/	1970-01-20 21:40:59	Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92 Value: ablbxKkKtGkHARwKlIlqYYlblG
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: __cq_dnt Value: 1
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: dw_dnt Value: 1
.hb.yahoo.net/	1970-01-20 21:40:59	Name: visitor-id Value: 3471092806634755000V10
.hb.yahoo.net/	1970-01-20 17:41:57	Name: data-ttd Value: 229c18f2-90cb-493e-9992-e8fbf24ec4b8~~63
.doubleclick.net/	1970-01-21 02:57:47	Name: IDE Value: AHWqTUkQAfrKtwsFbBudQuO-9rCFYc21zJj-JqU37502lX-Iu0JYG--uR_93ztUm
.elfcosmetics.com/	1970-01-20 18:04:59	Name: rmStore Value: dmid:9097
.tiktok.com/	1970-01-21 02:43:23	Name: _ttp Value: 2aLpOXyXsfcEx9Rz7BRc2jXpABo
.elfcosmetics.com/	1970-01-21 02:07:23	Name: hero-session-efcf9631-4c6b-4874-9f76-51f71464249a Value: author=client&expires=1735643681470&visitor=8fbe49ed-2a49-4c51-a3c3-74a46398e14a
.elfcosmetics.com/	1970-01-20 19:31:23	Name: _rdt_uuid Value: 1704107681484.369baed3-2fc5-466d-acdc-1f73de2fe59f
.elfcosmetics.com/	1970-01-21 02:51:34	Name: _scid Value: 64c3fa79-6ca1-431b-a3ba-10e4de6cef2e
.elfcosmetics.com/	1970-01-21 02:51:34	Name: _scid_r Value: 64c3fa79-6ca1-431b-a3ba-10e4de6cef2e
.elfcosmetics.com/	1970-01-21 02:57:47	Name: _ga Value: GA1.1.741843828.1704107680
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.currency Value: USD
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: sid Value: sZTFDBIHq7A4hIzwlaCM1jCFB49FCL8gNr0
www.elfcosmetics.com/	1970-01-21 02:07:44	Name: _dyid_server Value: 7408421633541709471
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.InternationalUser Value: ""
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.location Value: US
www.elfcosmetics.com/	1970-01-20 17:23:14	Name: currentLocale Value: en_US
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.sessionid Value: ablbxKkKtGkHARwKlIlqYYlblG
www.elfcosmetics.com/	1969-12-31 23:59:59	Name: esw.LanguageIsoCode Value: en_US
.elfcosmetics.com/	1970-01-20 17:23:14	Name: _uetsid Value: f5be3e30a89611eeab885bf710c56104
.elfcosmetics.com/	1970-01-21 02:43:23	Name: _uetvid Value: f5be7fc0a89611eeb6046b30b4158240
.elfcosmetics.com/	1970-01-21 02:57:47	Name: _ga_ZLYXLXNDL8 Value: GS1.1.1704107681.1.0.1704107681.60.0.0
.elfcosmetics.com/	1970-01-21 02:51:11	Name: _cs_c Value: 0
.elfcosmetics.com/	1970-01-21 02:51:11	Name: _cs_id Value: 53a5de20-0b47-a062-b01d-588c7acf0516.1704107681.1.1704107681.1704107681.1558384338.1738271681709
.bing.com/	1970-01-21 02:43:23	Name: MUID Value: 2B223902A83565F83D782AFBA93264BF
.bat.bing.com/	1970-01-20 17:31:52	Name: MR Value: 0
.elfcosmetics.com/	1970-01-21 02:43:23	Name: _tt_enable_cookie Value: 1
.linksynergy.com/	1970-01-21 02:07:23	Name: rmuid Value: ad4ebe8d-bc74-4488-a7a2-b0d2bfcd5084
.elfcosmetics.com/	1970-01-21 02:43:23	Name: _ttp Value: 6AegF0QCdBy2BQSg2kJTEmTchtA
.pinterest.com/	1970-01-21 02:07:23	Name: ar_debug Value: 1
.elfcosmetics.com/	1970-01-21 02:07:23	Name: _pin_unauth Value: dWlkPU5EY3hPVEkzTldZdFlXVTNaQzAwWTJJNUxUZzVOREl0WW1FeU5XVmlOR0kxWmpJMg
.elfcosmetics.com/	1970-01-20 19:31:23	Name: _fbp Value: fb.1.1704107682216.770428995
.snapchat.com/	1970-01-21 02:43:23	Name: sc_at Value: v2\|H4sIAAAAAAAAAE3GwRHAIAgEwIqYOSIo2E3MYRUWn6/7WoBVji3hpNiXTdLosmu1FZ3+Jo4apg6YYvR4zlX80k4A+EAAAAA=
.tapad.com/	1970-01-20 18:48:11	Name: TapAd_TS Value: 1704107682490
.tapad.com/	1970-01-20 18:48:11	Name: TapAd_DID Value: 920c376d-c92f-4029-bfd6-decd5bfa9144
.tapad.com/	1970-01-20 18:48:11	Name: TapAd_3WAY_SYNCS Value:
.elfcosmetics.com/	1970-01-20 17:21:49	Name: _cs_s Value: 1.5.0.1704109482742
.elfcosmetics.com/	1970-01-21 02:51:34	Name: _sctr Value: 1%7C1704103200000
imgs.signifyd.com/	1970-01-21 02:57:47	Name: thx_guid Value: d0cf4758726b880ef32f01773ae09803
.cdnwidget.com/	1970-01-21 02:53:28	Name: __3idcontext Value: {"cookieID":"2aLpOpOh3StClKYxILluPdNAXl0","deviceID":"2aLpOk0jVpEbseZpCrG7CQrav85","iv":"","v":""}
.elfcosmetics.com/	1970-01-21 02:50:35	Name: __idcontext Value: eyJjb29raWVJRCI6IjJhTHBPcE9oM1N0Q2xLWXhJTGx1UGROQVhsMCIsImRldmljZUlEIjoiMmFMcE9rMGpWcEVic2VacENyRzdDUXJhdjg1IiwiaXYiOiIiLCJ2IjoiIn0%3D
.rlcdn.com/	1970-01-21 02:07:23	Name: rlas3 Value: zpdAVqG+4ijrVyG5fot0371w8D2kfmEomIBCTXeQAlE=
.rlcdn.com/	1970-01-20 18:48:11	Name: pxrc Value: CKO9yqwGEgUI6AcQABIGCOTrARAA
.linksynergy.com/	1970-01-21 02:07:23	Name: icts Value: 2024-01-01T11:14:43Z
.bounceexchange.com/	1970-01-20 17:21:49	Name: bounceClientVisit4142c Value: %7B%22vid%22%3A1704107683658551%2C%22did%22%3A%228926274271492810135%22%7D
.elfcosmetics.com/	1970-01-20 17:21:49	Name: bounceClientVisit4142v Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0ApmAGYDGA9igLYUICWtKZDTRDzrDgFpaAJzZM2AOwCGYFCAA0IUTBBKQbFAH0A5vW0oKKFG3pSY1OUeVa9EQ8dPnL1igF8gA
.pippio.com/	1970-01-21 02:07:23	Name: did Value: wrvXcg9hoeXKD5j3
.pippio.com/	1970-01-21 02:07:23	Name: didts Value: 1704107684
.pippio.com/	1970-01-20 18:48:11	Name: nnls Value:
.pippio.com/	1970-01-20 18:48:11	Name: pxrc Value: CKS9yqwGEgUI9ywQAA==

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://www.elfcosmetics.com/cosmetic-criminals(Line 362) Message: Access to image at 'https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_ Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://connect.facebook.net/signals/config/1638306756445368?v=2.9.138&r=stable&domain=www.elfcosmetics.com(Line 146) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
ads.undertone.com
adservice.google.com
alb.reddit.com
analytics.google.com
analytics.pangle-ads.com
analytics.tiktok.com
api.bounceexchange.com
api.ipify.org
api.usehero.com
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.usehero.com
cnv.event.prod.bidr.io
collector-pxxt4gy2ig.px-cloud.net
connect.facebook.net
cosmeticscriminal.com
ct.pinterest.com
data.cdnbasket.net
elfcosmetics.a.bigcontent.io
events.bouncex.net
evt.undertone.com
external-api.jebbit.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
hb.yahoo.net
ib.adnxs.com
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
js.cnnx.link
js.jebbit.com
match.adsrvr.org
page.cdnbasket.net
pd.cdnwidget.com
pippio.com
pix.cdnwidget.com
pixel.pointmediatracker.com
pixel.tapad.com
px.dynamicyield.com
qoe-1.yottaa.net
s.pinimg.com
sc-static.net
sdk.iad-05.braze.com
secure.adnxs.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tags.rd.linksynergy.com
tr.snapchat.com
tr6.snapchat.com
ups.analytics.yahoo.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aad22w3so7fqzbamozr6kxoxyicgqcq4jgfa4a1aa5fc9cc978sac.d.aa.online-metrix.net
websdk.appsflyer.com
www.elfcosmetics.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
analytics.tiktok.com
cdn-fsly.yottaa.net
www.paypal.com
100.24.241.105
107.178.254.65
13.225.195.100
142.251.163.148
142.251.163.149
151.101.129.21
151.101.193.140
151.101.194.133
151.101.2.133
151.101.64.84
151.101.65.35
172.253.115.156
184.27.13.189
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
2001:4860:4802:36::181
204.2.133.170
204.2.49.63
204.2.50.18
23.15.9.48
23.212.251.214
23.222.5.91
2600:1408:c400:38e::1931
2600:1408:c400:59::17d5:9e04
2600:1901:0:56e0::
2600:9000:215f:b800:11:85b0:d600:93a1
2600:9000:21a2:2400:a:7914:b00:93a1
2600:9000:269f:3400:15:ad21:c740:93a1
2600:9000:269f:5800:13:d6f4:3240:93a1
2600:9000:26a0:4e00:a:b89d:a6c0:93a1
2606:4700:4400::6812:2a49
2606:4700:4400::ac40:9b77
2606:4700::6812:83ec
2607:f8b0:4004:c07::71
2607:f8b0:4004:c09::63
2607:f8b0:4004:c09::9a
2607:f8b0:4004:c09::9d
2607:f8b0:4004:c1d::61
2620:1ec:c11::200
2a03:2880:f07d:0:face:b00c:0:3
2a03:2880:f171:81:face:b00c:0:25de
2a04:4e42:400::396
3.161.213.114
3.161.213.35
3.162.3.47
3.220.158.64
34.102.147.248
34.111.113.62
34.111.8.32
34.117.254.15
34.117.86.137
34.120.253.250
34.149.130.207
34.149.239.87
34.149.254.212
34.200.65.202
34.226.48.45
34.98.67.3
34.98.72.95
35.190.10.96
35.190.43.134
35.244.154.8
35.71.131.137
44.215.235.184
52.204.189.63
54.154.97.89
54.157.127.36
54.192.51.57
54.230.48.245
64.185.227.156
68.67.160.186
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
06d60ef187331c4a34bd69bb33e30cb0915a06509dc038a0e7c44a53891db495
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
19b9a6628fa003af26766ce1578420be5068227a572c78f0e20b53e2f2fc1886
1a09824b6d7bbd0f5e82a23d14da408abfba60d02f5bdb48309d3ab6ca61bb1f
1a1fe89f11a11d89299028b565a99569e2aa5df3055ce514ba4dec2a8f0fe4fa
1bfd87b509bdab30b8c516142578d5ba9dd60d2254bfeb0c94419d8e944bd433
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
2125f1a011cbd591338ae3c896d3b5b6ad80930fe86493af4518510ede5795cf
27c2b549e5a8c790671c751928917df02e62ab94e7d0c038a19c6ce4d561cb17
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2c8574ba42424a1dcf02c58fda5e3482e2262e0b0dddd09e5935bd94e5eba03e
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5
30766af54516bbc623c690d7506f7d86b6c987acbcc1229debb7dff8f463459b
30ca5a7ae3f12eb7d187d400d8c23903395c7e9c3fa7f85cb742785af28f2c81
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
32660d1a2a1dafdb2293b82bc54755750227ae9d4ee2cc488d1e06e8c47e2a59
32d03ede47d6e1a7828455f946dd874cefe88cc0afae1b764b3463284d04b5a9
33018e0e7c93bcdf7248c1dafe3f43352bd0f0dd90830863918942488b085459
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
38d57ae71528afe2c0bdaee495f8b2268db5db0be10684a10240a32c58e2f925
3914e51c83eae4ff2aa8059effc381051b5efcbe579a2e0868c8c8d65f738834
39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c
3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b
3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
406c93b0692878bad84a4f34065184d023ac12f1b92d9cb0398642fb0de45c2d
40bf361efafc0be284d70e1b728fef7191e1158ac3e6a28b593c735f4f81dbea
43654211e823006c972c9fdd750bcb4719f93a25bd75e3d01efc0e276158ce87
43b24ab1dd1d38d82c01f58b737a381ef12a755fdc090b6b72802a25ac7445f3
46e7f9c795cdb3ace0a608ba26b11459c3a2f73824aff309043521e91be78f56
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4b412e122fd548bc6bf3a4bb81438a5a86dd8aadeae74a013dcd1a0c10f2ebca
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b86e4366d724a208a2cabc76612e12322b6ac17447ae4ed8ab268fd097ba266
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f770b32793546ad41060cc03c06e4a744b10e9ae4af0b2b0522cfcf1fb33285
54ec9eb13dc5e72cc114e01b65fde280da3fc964e945b29ab445d6d3b0a0c21a
55788c5128dfe492550d4be991c50248941d9231a1abe334a97dc8951685aab7
57e461c9b78558e62478cca713658387eaf54afe6ae0a8128ee38e5846b4d6d8
5930c52386428cfc5a608b256ce54b1688495c985d54500dce5b7cc18af7d01c
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
60cc60a6fcbd230def379432395199b585791ed521e2e5f595369a2193e617fb
613a0081b64a7df6a20f9ba46cd384e4061e288f439ba8755cd664fbad3177c8
6149c98b22bcd6f31b55f77695190cc2c57cc3f934b24adebe4946b62580b3ac
6265e8e75cb7dd72fe247f2e4bed9956e8e258982b36958c39d4fbfcf11a4f12
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6b42a56b231d70ea3691b9f46363b9f8ed6ca35f6b50084718669b8beac1e57d
6b8b7d08422b149cf2cce104848f82adb77f46bd5d1490ecab088b1540e175c4
6d72fa0f78c80b1874d3ee4aadf43d973edc442a65fef83d37e684ac559893b7
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6f34262b9a0345ac42b2d8d30b29c919a72d2c5bc789b0d5548cb41e2576df78
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
76ccee8dcac265bb4a7e8ec0fc9bc41d9c50a4d7152202944486cdf5d29d3104
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b
7a63234aa6d19c1cf164e144fae39c9db747379929997242013c13e4af15a7c4
7bab85eaa8d74cec964409d9e0a5c6d7ed0000b23b6400c562333c6483761ca2
7d6b2e34f8baa2cbb0d0352ba4401894ca78bd0e98a8f0259798be00d3f9f4ec
7d6c4d0f6c0243be96359698866dd471c961e463dbc5604aebc1c36a229ba303
7d8c23e6db22357100d7f659338f74b739c432957c7b49891f1065d2fe37052a
7eaf41546a2eee4b7195de023b8e0f49ebba595417a2d630ec2c6b3fd18c5789
828011e932c7f65177e00c50ef88564628178b9d3190845404b02e3132a14c90
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8e33955f54ef8025b647a6e685fa689a9256fc5c987f7dc98590310ac3c358e5
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
961313b8877e8fd6ced7c8d34fccd067b72371b8c5dd9a6891e260722015a749
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77
9992ab992ae41e546eb93aa9d9eddc29c03d4a9fbe3c61378c547b6ba281a45e
9a77cbb7b054563b83506932790e70186ba3a92e69a147216e3176337178adbb
9b3632368a9856515572ac89df71707fcef5d58219d9b7c1b1de04a995f30973
a19915f513441bab259dbf5472a9501139e4eda8d1891ca5a0bd4efd6d60dd4d
a1d4b01843b9dad68a10bba7ab416fb60cbe6052a223f6bd74cbad286b812b2a
a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a35e2544863450c6d7f43d779efb575d49962ecab89cb5ec915821077a578530
a68adcd6e4525179b1a4e28b16abe4777a0afb870b4317b427f6d6ea8fbe22ed
ab12e815caea6aba8fe2da60e7d298cccb649166f81926ff64e5dc56ea526522
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22
b3dfd765b2448d6b895743c2ef502d2a12efeb74f1506493c9126b99565806d1
b5bb8c17c356ee8b1ba6a9861971d20314091f7af7e622941a239711799bf9fe
b684d7c22d3097709f2c66673fc6a85d2ca775b6413de7ba97116ea59dea77fa
b734645b3b1ff2f0daafc3b1f558a0418f557f893cfd737f569654b024260953
b73d23721ec3d102971773ff4ab2e13a6a4eea7f8e3a95b8fbf79c5c731188c6
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be699ffd6b1fdc6facf4666ddbff72e6903bc7ee85f7b271dcfd1a3b18fe00dc
bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c
c30b3c8f59aa0a8a6b4a286bee5ee71142b349231f200a3d8a8b1439f10c0cff
c4fad867557fa65e1a778e915c0b4ed0cd1bbb4443452c8943e5cec6504311e7
ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd0b162bc6e5a1dfcdba80c8b12d3f2ec6ac423a1c1ed7d996779d9c6b81f346
cf1b4e2a57de561424fb99aa43ef462868d58d9c205a38ae3f564c10266a4dbc
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d1dae85dfe1192a8ca15eeda906c9f12a199e9ab6a68d82bc27443d99f4536d0
d37545bbfbab30b44e51e630172af7d5d8a717afe66642b3e8eba0f6e1666872
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d676c6b24968000adf563d3bda605abbe7c9aeb2d60e9e0f1dee1de981792c8e
d8a6566c7e926c37c010dc811a5e82d5eddad8b10057bf711f0f644be60707d3
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
e038dff62440b626103b2b81adcbb64b5cb3bd80433d1a710f37162cd7c0cc17
e164d3eb3e9b278fea4e13e0d68d3f1bb3fc421c3a2b709710ddfe8762dc4fad
e1d5812685d65f3487de6b27522bdd6ab17573fa94f00570b04685cebf825ce6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5bc8202b6c886b98b96b9735213ab2e54ecd18714d2e01772ced3f4340207c0
e8f118daabadc747ba3e2236a27edce749bb73dde4f16c6c6acc5cce36009a36
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ec82b31e96055d86efd9adec9781b4b588e877c51b1b62ce71dbf73d64ab5318
ed079d77ba54a8e4bfc931029de75b1f5128fcae45e274d53aca95f8ab17b438
eddc11d8be0ae5311acc08d5f2ebe7ff9426384f6408ecbb56abbd7fb5e03743
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef45c21f7e054481c81992c1a46293a28c9bb8b3722bc566479326187f473c8c
f114a64c26edb67def4dd84a00694f76e0573aedddb68428c52c6ea8b00de4c3
f201f5eacf06809ad69823ffdba3e639d27fab6546d7a4870908f57bc35aaa5d
f445b2f3037ecfea6eb43c2eb344c2ed2f24c58a9880c2aa5aaf328d012df607
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6
f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
fb0905949ecd040eb418246b02a0e9d29999f684c8f36d61838fd444d781433e
fcefb8d0ca0fa65706a41f286cd50df3e42ce6e949e5ec09871700b5390e0eec
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616

www.elfcosmetics.com Open in urlscan Pro 204.2.133.170 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

215 Requests

94 %HTTPS

29 %IPv6

53 Domains

80 Subdomains

66 IPs

3 Countries

3828 kBTransfer

13927 kBSize

90 Cookies

16 Outgoing links

Page URL History

Redirected requests

215 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.elfcosmetics.com Open in urlscan Pro
204.2.133.170 Public Scan

Screenshot
Live screenshot

Full Image

215
Requests

94 %
HTTPS

29 %
IPv6

53
Domains

80
Subdomains

66
IPs

3
Countries

3828 kB
Transfer

13927 kB
Size

90
Cookies

215 HTTP transactions
3 data transactions