Submitted URL: http://sot.ag/4Qzky
Effective URL: https://www.itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster
Submission Tags: 0xscam
Submission: On November 30 via api from US — Scanned from DE

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 13 HTTP transactions. The main IP is 2606:4700:4400::6812:2bb7, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.itcosmetics.com. The Cisco Umbrella rank of the primary domain is 661842.
TLS certificate: Issued by WE1 on October 12th 2024. Valid for: 3 months.
This is the only time www.itcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 45.223.28.115 19551 (INCAPSULA)
2 2 34.117.33.22 396982 (GOOGLE-CL...)
1 6 2606:4700:440... 13335 (CLOUDFLAR...)
1 104.18.94.41 13335 (CLOUDFLAR...)
1 104.18.95.41 13335 (CLOUDFLAR...)
13 5
Apex Domain
Subdomains
Transfer
6 itcosmetics.com
itcosmetics.com — Cisco Umbrella Rank: 442859
www.itcosmetics.com — Cisco Umbrella Rank: 661842
63 KB
3 sot.ag
sot.ag
99 KB
2 cloudflare.com
challenges.cloudflare.com — Cisco Umbrella Rank: 3147
16 KB
2 socialtoaster.com
my.socialtoaster.com — Cisco Umbrella Rank: 595445
611 B
13 4
Domain Requested by
5 www.itcosmetics.com sot.ag
www.itcosmetics.com
3 sot.ag sot.ag
2 challenges.cloudflare.com www.itcosmetics.com
challenges.cloudflare.com
2 my.socialtoaster.com 2 redirects
1 itcosmetics.com 1 redirects
13 5

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com
Subject Issuer Validity Valid
imperva.com
GlobalSign Atlas R3 DV TLS CA 2024 Q3
2024-09-19 -
2025-03-18
6 months crt.sh
itcosmetics.com
WE1
2024-10-12 -
2025-01-10
3 months crt.sh
challenges.cloudflare.com
WE1
2024-11-03 -
2025-02-01
3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster
Frame ID: 86874B9D6E2F91E15CFD8BA99E6825BB
Requests: 10 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/cfq86/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
Frame ID: B795D2757C9DE342AC153EEF20329BC7
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Nur einen Moment…

Page URL History Show full URLs

  1. http://sot.ag/4Qzky HTTP 307
    https://sot.ag/4Qzky Page URL
  2. https://my.socialtoaster.com/4Qzky/bypass/ HTTP 302
    http://my.socialtoaster.com/splash/4Qzky/ HTTP 307
    https://my.socialtoaster.com/splash/4Qzky/ HTTP 302
    http://itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=S... HTTP 307
    https://itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=S... HTTP 301
    https://www.itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=S... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource

Page Statistics

13
Requests

77 %
HTTPS

20 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

177 kB
Transfer

503 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://sot.ag/4Qzky HTTP 307
    https://sot.ag/4Qzky Page URL
  2. https://my.socialtoaster.com/4Qzky/bypass/ HTTP 302
    http://my.socialtoaster.com/splash/4Qzky/ HTTP 307
    https://my.socialtoaster.com/splash/4Qzky/ HTTP 302
    http://itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster HTTP 307
    https://itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster HTTP 301
    https://www.itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://sot.ag/4Qzky HTTP 307
  • https://sot.ag/4Qzky

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
4Qzky
sot.ag/
Redirect Chain
  • http://sot.ag/4Qzky
  • https://sot.ag/4Qzky
1 KB
2 KB
Document
General
Full URL
https://sot.ag/4Qzky
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.223.28.115 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding
chunked
X-CDN
Imperva
X-Iinfo
56-140529409-140529415 NNNN CT(20 463 0) RT(1732963804689 548) q(0 5 5 3) r(6 6) U12
content-encoding
gzip
content-type
text/html
date
Sat, 30 Nov 2024 10:50:06 GMT
p3p
policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa OUR IND"
server
Apache/2.4.29 (Ubuntu)
vary
Cookie,Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-xss-protection
1

Redirect headers

Location
https://sot.ag/4Qzky
Non-Authoritative-Reason
HttpsUpgrades
kippill-put-at-the-Eyes-Thancould-wer-Fraid-thei
sot.ag/
241 KB
78 KB
Script
General
Full URL
https://sot.ag/kippill-put-at-the-Eyes-Thancould-wer-Fraid-thei
Requested by
Host: sot.ag
URL: https://sot.ag/4Qzky
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.223.28.115 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
bon /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://sot.ag/4Qzky

Response headers

X-Iinfo
56-140529409-140529454 NNNN CT(8 17 0) RT(1732963804689 1347) q(0 0 0 -1) r(0 0)
cache-control
max-age=300
content-encoding
gzip
X-CDN
Imperva
access-control-allow-origin
*
server-timing
bon, total;dur=12.051931999999999
content-length
79803
keep-alive
timeout=60
date
Sat, 30 Nov 2024 10:50:06 GMT
content-type
text/javascript
server
bon
_Incapsula_Resource
sot.ag/
80 KB
19 KB
Script
General
Full URL
https://sot.ag/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1575299242
Requested by
Host: sot.ag
URL: https://sot.ag/4Qzky
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.223.28.115 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://sot.ag/4Qzky

Response headers

X-Robots-Tag
noindex
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Content-Length
19396
Content-Type
application/javascript
Primary Request itgirlsuperheroes
www.itcosmetics.com/
Redirect Chain
  • https://my.socialtoaster.com/4Qzky/bypass/
  • http://my.socialtoaster.com/splash/4Qzky/
  • https://my.socialtoaster.com/splash/4Qzky/
  • http://itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster
  • https://itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster
  • https://www.itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster
9 KB
7 KB
Document
General
Full URL
https://www.itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster
Requested by
Host: sot.ag
URL: https://sot.ag/4Qzky
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2bb7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c25cf864082d9730890a247315287be03500c622c06f191b696704a2a9b83242
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://sot.ag/4Qzky
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-chl-out
jrIb52kg/9fD/zdgC9gBY2NsIP8xEuLK1N5WpEFnBWrope3vjXuiZprIA8OIQI4aVFmoIbeDrZ7EgVoxdtl8b4OeiZ4x+OZqxwuxFfCAq8q99FR8HMtoTe51l8tvnRJckvlGa50234YJTG69+HI3YQ==$9TUq5mJlNiKMjQX8P2TPUQ==
cf-mitigated
challenge
cf-ray
8eaa4655cd435c92-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
critical-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Sat, 30 Nov 2024 10:50:07 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare
vary
Accept-Encoding
x-content-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

cache-control
max-age=3600
cf-ray
8eaa46554cee5c92-FRA
content-length
167
content-type
text/html
date
Sat, 30 Nov 2024 10:50:07 GMT
expires
Sat, 30 Nov 2024 11:50:07 GMT
location
https://www.itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster
server
cloudflare
vary
Accept-Encoding
kippill-put-at-the-Eyes-Thancould-wer-Fraid-thei
sot.ag/
0
0

v1
www.itcosmetics.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/
101 KB
38 KB
Script
General
Full URL
https://www.itcosmetics.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8eaa4655cd435c92
Requested by
Host: www.itcosmetics.com
URL: https://www.itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2bb7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
833ed6dcd7a92884c36103f4f5e735f1bc3a75d20ffc351acfc3f9b5401428d8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster&__cf_chl_rt_tk=AWDYRTU4mzNII5W3jG2CwVIio_Z3hKFXkzl7gyh3uqQ-1732963807-1.0.1.1-gvzKZOxWEwyZ8gGYmnElSvGMsS9HXqK5cSFUy3ZvyvY

Response headers

cf-ray
8eaa46564d965c92-FRA
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
br
date
Sat, 30 Nov 2024 10:50:07 GMT
content-type
application/javascript; charset=UTF-8
server
cloudflare
0d73df72-f245-479e-bab4-e538c726d106
https://www.itcosmetics.com/ Frame
0
0

api.js
challenges.cloudflare.com/turnstile/v0/b/a6e12e96a2d5/
47 KB
16 KB
Script
General
Full URL
https://challenges.cloudflare.com/turnstile/v0/b/a6e12e96a2d5/api.js?onload=sLNwD4&render=explicit
Requested by
Host: www.itcosmetics.com
URL: https://www.itcosmetics.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8eaa4655cd435c92
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.94.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c61e2e1347b9aca3d8f0c9725490470651a1f6c02841ff71f90305ea391ca6d2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.itcosmetics.com
Referer

Response headers

cache-control
max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
content-encoding
br
cross-origin-resource-policy
cross-origin
cf-ray
8eaa4656e8efe513-TXL
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Sat, 30 Nov 2024 10:50:07 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Thu, 21 Nov 2024 17:58:42 GMT
server
cloudflare
vary
Accept-Encoding
favicon.ico
www.itcosmetics.com/
3 KB
3 KB
Image
General
Full URL
https://www.itcosmetics.com/favicon.ico
Requested by
Host: www.itcosmetics.com
URL: https://www.itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2bb7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7a8955ae0962bb94ccd2a42666b0148bd5fbaa7fea6fc98f4808c2b5c47f92d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster

Response headers

content-encoding
br
critical-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
expires
Thu, 01 Jan 1970 00:00:01 GMT
x-content-options
nosniff
date
Sat, 30 Nov 2024 10:50:07 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cf-mitigated
challenge
cf-chl-out
Mg4ENjoioGZa60todPX1pcnuJaEtqcwQ9+kVf5g43y4NvWEbRSN/DMwYlYPMfg9XEi4yAYu/ke8jJ/uor9fjPw5sf++xS1YmGdXPQiPhrp7SHD6HTDRGqoOOC6v2pcL0LPoLGQkbYrjz5EulCe6p4Q==$IefD9HrDBvtyYhmQMZ0XeQ==
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-opener-policy
same-origin
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy
same-origin
referrer-policy
same-origin
cf-ray
8eaa4656bdc95c92-FRA
cross-origin-embedder-policy
require-corp
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
origin-agent-cluster
?1
server
cloudflare
XYTO0yYebSRyT2LnZLQIyGI4FJkjKXwZ8sSj916y.dg-1732963807-1.2.1.1-.Uyb5SOyuqiwW9..gfABtYMEX.jCbkr0yffi1I.DT8Anhlh7tUaKB5ZBPrOX9eHn
www.itcosmetics.com/cdn-cgi/challenge-platform/h/b/flow/ov1/828250607:1732961700:tHrp-Irrp0dybDoYOEvY-qQmf5fYMQI5ZaMk8aQTATs/8eaa4655cd435c92/
13 KB
9 KB
XHR
General
Full URL
https://www.itcosmetics.com/cdn-cgi/challenge-platform/h/b/flow/ov1/828250607:1732961700:tHrp-Irrp0dybDoYOEvY-qQmf5fYMQI5ZaMk8aQTATs/8eaa4655cd435c92/XYTO0yYebSRyT2LnZLQIyGI4FJkjKXwZ8sSj916y.dg-1732963807-1.2.1.1-.Uyb5SOyuqiwW9..gfABtYMEX.jCbkr0yffi1I.DT8Anhlh7tUaKB5ZBPrOX9eHn
Requested by
Host: www.itcosmetics.com
URL: https://www.itcosmetics.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8eaa4655cd435c92
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2bb7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a62d67341fab03110504713f469295c490ec5238ec665b626bb18cb242134887

Request headers

Referer
https://www.itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster
CF-Chl-RetryAttempt
0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
CF-Challenge
XYTO0yYebSRyT2LnZLQIyGI4FJkjKXwZ8sSj916y.dg-1732963807-1.2.1.1-.Uyb5SOyuqiwW9..gfABtYMEX.jCbkr0yffi1I.DT8Anhlh7tUaKB5ZBPrOX9eHn

Response headers

cf-ray
8eaa46575e165c92-FRA
content-encoding
br
date
Sat, 30 Nov 2024 10:50:07 GMT
content-type
text/plain; charset=UTF-8
cf-chl-gen
bdWhybFH3aN0yOTjl/PiIbB87XG2mHBwSVvjJvNwifOkE0Hunl7I5Hz+WcAdEkNd8GwLYRf1MFA=$s97OTYREFH+YVBki
server
cloudflare
favicon.ico
www.itcosmetics.com/
9 KB
6 KB
Other
General
Full URL
https://www.itcosmetics.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2bb7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7f86be1e51500228aa45c4532fbe1dea4340c7f30985e9f08de01b63184d58b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster

Response headers

content-encoding
br
critical-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
expires
Thu, 01 Jan 1970 00:00:01 GMT
x-content-options
nosniff
date
Sat, 30 Nov 2024 10:50:07 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cf-mitigated
challenge
cf-chl-out
y9KODD3aPB1AZAeSSJ/Qmo7ZYbLIGd7y550JTUeWjPw0Bq03QjG8j2HhwPzTUfDF5mA39SFjjVFO2l6kxTSMQRIq7YOxAl5s8Y4coLu82iF1OQUyAQB2K83IP62BSsMuit+tWMk/xTOwbxOTyGSm8g==$Es6t9Ixqvz2CCiNhCOWf2w==
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-opener-policy
same-origin
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy
same-origin
referrer-policy
same-origin
cf-ray
8eaa46577e205c92-FRA
cross-origin-embedder-policy
require-corp
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
origin-agent-cluster
?1
server
cloudflare
8dddf512-5d6e-493e-8ff8-f436711c31c7
https://www.itcosmetics.com/ Frame
0
0

/
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/cfq86/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/ Frame B795
0
0
Document
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/cfq86/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/b/a6e12e96a2d5/api.js?onload=sLNwD4&render=explicit
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.95.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
8eaa46580867e52b-TXL
content-encoding
br
content-security-policy
frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type
text/html; charset=UTF-8
critical-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Sat, 30 Nov 2024 10:50:08 GMT
document-policy
js-profiling
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sot.ag
URL
https://sot.ag/kippill-put-at-the-Eyes-Thancould-wer-Fraid-thei?d=sot.ag
Domain
www.itcosmetics.com
URL
blob:https://www.itcosmetics.com/0d73df72-f245-479e-bab4-e538c726d106
Domain
www.itcosmetics.com
URL
blob:https://www.itcosmetics.com/8dddf512-5d6e-493e-8ff8-f436711c31c7

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _cf_chl_opt function| sLNwD4 boolean| YlpT0 function| tfuh3 function| dYcI7 function| Hccvv8 function| LCNDU2 object| TpWxk7 object| unnYa3 function| UguGN4 function| LnvX8 function| NxVm3 object| EwpyK3 number| iDah3 object| angular object| uQyOK5 object| turnstile boolean| fTUn6 function| _ string| IXFVy3 boolean| QkNZe0

8 Cookies

Domain/Path Name / Value
sot.ag/ Name: sessionid
Value: kep0dhjqac487eerr5canic2jmrqm3ew
.sot.ag/ Name: visid_incap_2433984
Value: BNV51+4oQdyLEbAxxLVCbN3tSmcAAAAAQUIPAAAAAADDYO/Ru6zzxzHQ4riJKQxc
.sot.ag/ Name: nlbi_2433984
Value: Y0Q5de4OvBkdUI6jMs1AiwAAAABiuZ9j1tBhiZqv7rUQVC2h
.sot.ag/ Name: incap_ses_1849_2433984
Value: m504JXusTQrwzg2Ey/eoGd3tSmcAAAAAlCYmMTkEg5No74WoBSrgZQ==
.sot.ag/ Name: nlbi_2433984_2147483392
Value: 0jEtFS4fBxWX7Z5uMs1AiwAAAACXj8Vlw2hLvUvbY+Ly/Vx7
my.socialtoaster.com/ Name: sessionid
Value: wrolw18debif9ku9f6u17k3l4uo1nwpr
my.socialtoaster.com/ Name: li_id_OTU4
Value: 4Qzky
.itcosmetics.com/ Name: __cf_bm
Value: gEDftfYi4UrcURT5e3fIisfZqMSaf2hNaMGP6o4xAdI-1732963807-1.0.1.1-sfcHrCjCCaHpgSDqDH1EvkK2hY4nZJQw.epdIpxCrD63SuCJ90_cu9bIoUxryTTE4dsKapUbW2b3eB4F.8eGnw

4 Console Messages

Source Level URL
Text
rendering warning URL: https://sot.ag/4Qzky
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0C0800844080000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network error URL: https://www.itcosmetics.com/itgirlsuperheroes?utm_campaign=Milestone%3A_Sharer&utm_medium=X&utm_source=SocialToaster
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://www.itcosmetics.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://www.itcosmetics.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1